int(1775)

Boletines de Vulnerabilidades


Ejecución remota de código en slocate

Clasificación de la vulnerabilidad

Propiedad Valor
Nivel de Confianza Oficial
Impacto Integridad
Dificultad Experto
Requerimientos del atacante Acceso fisico

Información sobre el sistema

Propiedad Valor
Fabricant afectat GNU/Linux
Software afectado slocate < 2.7

Descripción

Se ha descubierto una vulnerabilidad en slocate. La vulnerabilidad reside en la forma en la que se procesa rutas de acceso muy largas.

La explotación de esta vulnerabilidad podría permitir a un atacante local prevenir que updatedb complete el escaneo del sistema de ficheros, lo que resultaría en una base de datos incompleta.

Solución



Actualización de software

Mandriva Linux

Mandrakelinux 10.0/X86
10.0/RPMS/slocate-2.7-4.1.100mdk.i586.rpm
10.0/SRPMS/slocate-2.7-4.1.100mdk.src.rpm

Mandrakelinux 10.0/AMD64
amd64/10.0/RPMS/slocate-2.7-4.1.100mdk.amd64.rpm
amd64/10.0/SRPMS/slocate-2.7-4.1.100mdk.src.rpm

Mandrakelinux 10.1/X86
10.1/RPMS/slocate-2.7-4.1.101mdk.i586.rpm
10.1/SRPMS/slocate-2.7-4.1.101mdk.src.rpm

Mandrakelinux 10.1/X86_64
x86_64/10.1/RPMS/slocate-2.7-4.1.101mdk.x86_64.rpm
x86_64/10.1/SRPMS/slocate-2.7-4.1.101mdk.src.rpm

Corporate Server 2.1/X86
corporate/2.1/RPMS/slocate-2.7-2.2.C21mdk.i586.rpm
corporate/2.1/SRPMS/slocate-2.7-2.2.C21mdk.src.rpm

Corporate Server 2.1/X86_64
x86_64/corporate/2.1/RPMS/slocate-2.7-2.2.C21mdk.x86_64.rpm
x86_64/corporate/2.1/SRPMS/slocate-2.7-2.2.C21mdk.src.rpm

Corporate Server 3.0/X86
corporate/3.0/RPMS/slocate-2.7-4.1.C30mdk.i586.rpm
corporate/3.0/SRPMS/slocate-2.7-4.1.C30mdk.src.rpm

Corporate Server 3.0/X86_64
x86_64/corporate/3.0/RPMS/slocate-2.7-4.1.C30mdk.x86_64.rpm
x86_64/corporate/3.0/SRPMS/slocate-2.7-4.1.C30mdk.src.rpm

Mandrivalinux LE2005/X86
10.2/RPMS/slocate-2.7-4.1.102mdk.i586.rpm
10.2/SRPMS/slocate-2.7-4.1.102mdk.src.rpm

Mandrivalinux LE2005/X86_64
x86_64/10.2/RPMS/slocate-2.7-4.1.102mdk.x86_64.rpm
x86_64/10.2/SRPMS/slocate-2.7-4.1.102mdk.src.rpm

Red Hat Linux

Red Hat Enterprise Linux AS (v. 2.1)/SRPMS
slocate-2.7-1.el2.1.src.rpm

Red Hat Enterprise Linux AS (v. 2.1)/IA-32
slocate-2.7-1.el2.1.i386.rpm

Red Hat Enterprise Linux AS (v. 2.1)/IA-64
slocate-2.7-1.el2.1.ia64.rpm

Red Hat Enterprise Linux ES (v. 2.1)/SRPMS
slocate-2.7-1.el2.1.src.rpm

Red Hat Enterprise Linux ES (v. 2.1)/IA-32
slocate-2.7-1.el2.1.i386.rpm

Red Hat Enterprise Linux WS (v. 2.1)/SRPMS
slocate-2.7-1.el2.1.src.rpm

Red Hat Enterprise Linux WS (v. 2.1)/IA-32
slocate-2.7-1.el2.1.i386.rpm

Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor/SRPMS
slocate-2.7-1.el2.1.src.rpm

Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor/IA-64
slocate-2.7-1.el2.1.ia64.rpm

Red Hat Desktop (v. 3) / SRPMS
slocate-2.7-3.RHEL3.6.src.rpm

Red Hat Desktop (v. 3) / IA-32
slocate-2.7-3.RHEL3.6.i386.rpm

Red Hat Desktop (v. 3) / x86_64
slocate-2.7-3.RHEL3.6.x86_64.rpm

Red Hat Enterprise Linux AS (v. 3) / SRPMS
slocate-2.7-3.RHEL3.6.src.rpm

Red Hat Enterprise Linux AS (v. 3) / IA-32
slocate-2.7-3.RHEL3.6.i386.rpm

Red Hat Enterprise Linux AS (v. 3) / IA-64
slocate-2.7-3.RHEL3.6.ia64.rpm

Red Hat Enterprise Linux AS (v. 3) / PPC
slocate-2.7-3.RHEL3.6.ppc.rpm

Red Hat Enterprise Linux AS (v. 3) / s390
slocate-2.7-3.RHEL3.6.s390.rpm

Red Hat Enterprise Linux AS (v. 3) / s390x
slocate-2.7-3.RHEL3.6.s390x.rpm

Red Hat Enterprise Linux AS (v. 3) / x86_64
slocate-2.7-3.RHEL3.6.x86_64.rpm

Red Hat Enterprise Linux ES (v. 3) / SRPMS
slocate-2.7-3.RHEL3.6.src.rpm

Red Hat Enterprise Linux ES (v. 3) / IA-32
slocate-2.7-3.RHEL3.6.i386.rpm

Red Hat Enterprise Linux ES (v. 3) / IA-64
slocate-2.7-3.RHEL3.6.ia64.rpm

Red Hat Enterprise Linux ES (v. 3) / x86_64
slocate-2.7-3.RHEL3.6.x86_64.rpm

Red Hat Enterprise Linux WS (v. 3) / SRPMS
slocate-2.7-3.RHEL3.6.src.rpm

Red Hat Enterprise Linux WS (v. 3) / IA-32
slocate-2.7-3.RHEL3.6.i386.rpm

Red Hat Enterprise Linux WS (v. 3) / IA-64
slocate-2.7-3.RHEL3.6.ia64.rpm

Red Hat Enterprise Linux WS (v. 3) / x86_64
slocate-2.7-3.RHEL3.6.x86_64.rpm

Red Hat Desktop (v. 4) / SRPMS
slocate-2.7-13.el4.6.src.rpm

Red Hat Desktop (v. 4) / IA-32
slocate-2.7-13.el4.6.i386.rpm

Red Hat Desktop (v. 4) / x86_64
slocate-2.7-13.el4.6.x86_64.rpm

Red Hat Enterprise Linux AS (v. 4) / SRPMS
slocate-2.7-13.el4.6.src.rpm

Red Hat Enterprise Linux AS (v. 4) / IA-32
slocate-2.7-13.el4.6.i386.rpm

Red Hat Enterprise Linux AS (v. 4) / IA-64
slocate-2.7-13.el4.6.ia64.rpm

Red Hat Enterprise Linux AS (v. 4) / PPC
slocate-2.7-13.el4.6.ppc.rpm

Red Hat Enterprise Linux AS (v. 4) / s390
slocate-2.7-13.el4.6.s390.rpm

Red Hat Enterprise Linux AS (v. 4) / s390x
slocate-2.7-13.el4.6.s390x.rpm

Red Hat Enterprise Linux AS (v. 4) / x86_64
slocate-2.7-13.el4.6.x86_64.rpm

Red Hat Enterprise Linux ES (v. 4) / SRPMS
slocate-2.7-13.el4.6.src.rpm

Red Hat Enterprise Linux ES (v. 4) / IA-32
slocate-2.7-13.el4.6.i386.rpm

Red Hat Enterprise Linux ES (v. 4) / IA-64
slocate-2.7-13.el4.6.ia64.rpm

Red Hat Enterprise Linux ES (v. 4) / x86_64
slocate-2.7-13.el4.6.x86_64.rpm

Red Hat Enterprise Linux WS (v. 4) / SRPMS
slocate-2.7-13.el4.6.src.rpm

Red Hat Enterprise Linux WS (v. 4) / IA-32
slocate-2.7-13.el4.6.i386.rpm

Red Hat Enterprise Linux WS (v. 4) / IA-64
slocate-2.7-13.el4.6.ia64.rpm

Red Hat Enterprise Linux WS (v. 4) / x86_64
slocate-2.7-13.el4.6.x86_64.rpm

SGI
Advanced Linux Environment 3 / RPM / Patch 10227
ftp://oss.sgi.com/projects/sgi_propack/download/3/updates/RPMS
Advanced Linux Environment 3 / SRPM / Patch 10227
ftp://oss.sgi.com/projects/sgi_propack/download/3/updates/SRPMS

Identificadores estándar

Propiedad Valor
CVE CAN-2005-2499
BID

Recursos adicionales

Mandriva Security Advisories MDKSA-2005:147
http://www.mandriva.com/security/advisories?name=MDKSA-2005:147

Red Hat Security Advisory RHSA-2005:747-09
https://rhn.redhat.com/errata/RHSA-2005-747.html

Red Hat Security Advisory (RHSA-2005:345-24)
https://rhn.redhat.com/errata/RHSA-2005-345.html

Red Hat Security Advisory (RHSA-2005:346-19)
https://rhn.redhat.com/errata/RHSA-2005-346.html

SGI Security Advisory (20051002-01-U)
ftp://patches.sgi.com/support/free/security/advisories/20051002-01-U.asc

Histórico de versiones

Versión Comentario Data
1.0 Aviso emitido 2005-08-31
1.1 Aviso emitido por Red Hat (RHSA-2005:345-24) 2005-10-04
1.2 Aviso emitido por Red Hat (RHSA-2005:346-19) 2005-10-17
1.3 Aviso emitido por SGI (20051002-01-U) 2005-10-21
Ministerio de Defensa
CNI
CCN
CCN-CERT