Vulnerability Bulletins |
Múltiples desbordamientos de búfer en Dia |
|
Vulnerability classification |
|
| Property | Value |
| Confidence level | Oficial |
| Impact | Obtener acceso |
| Dificulty | Experto |
| Required attacker level | Acceso remoto sin cuenta a un servicio exotico |
System information |
|
| Property | Value |
| Affected manufacturer | GNU/Linux |
| Affected software | Dia 0.87-0.95-pre6 |
Description |
|
|
Se han descubierto tres desbordamientos de búfer en Dia 0.87 hasta 0.95-pre6. Las vulnerabilidades residen en el código de importación de xfig "xfig-import.c". Un atacante remoto podría ejecutar código arbitrario mediante un fichero FIG especialmente diseñado que el usuario víctima tendría que importar. |
|
Solution |
|
|
Actualización de software Mandriva Corporate Server 3.0 X86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/RPMS/dia-0.92.2-2.1.C30mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/SRPMS/dia-0.92.2-2.1.C30mdk.src.rpm X86_64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/3.0/RPMS/dia-0.92.2-2.1.C30mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/3.0/SRPMS/dia-0.92.2-2.1.C30mdk.src.rpm Mandrivalinux 2006 X86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/RPMS/dia-0.94-6.2.20060mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/SRPMS/dia-0.94-6.2.20060mdk.src.rpm X86_64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/2006.0/RPMS/dia-0.94-6.2.20060mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/2006.0/SRPMS/dia-0.94-6.2.20060mdk.src.rpm Suse Linux Las actualizaciones pueden descargarse mediante YAST o del servidor FTP oficial de Suse Linux Red Hat Red Hat Desktop (v. 4) Red Hat Enterprise Linux AS (v. 2.1) Red Hat Enterprise Linux AS (v. 4) Red Hat Enterprise Linux ES (v. 2.1) Red Hat Enterprise Linux ES (v. 4) Red Hat Enterprise Linux WS (v. 2.1) Red Hat Enterprise Linux WS (v. 4) Red Hat Linux Advanced Workstation 2.1 Itanium https://rhn.redhat.com/ |
|
Standar resources |
|
| Property | Value |
| CVE | CVE-2006-1550 |
| BID | 17310 |
Other resources |
|
|
Mandriva Security Advisory (MDKSA-2006:062) http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:062 SUSE Security Advisory (SUSE-SR:2006:009) http://www.novell.com/linux/security/advisories/2006_04_28.html Red Hat Security Advisory (RHSA-2006:0280-8) https://rhn.redhat.com/errata/RHSA-2006-0280.html |
|
Version history |
||
| Version | Comments | Date |
| 1.0 | Aviso emitido | 2006-04-04 |
| 1.1 | Aviso emitido por Suse (SUSE-SR:2006:009) | 2006-05-02 |
| 1.2 | Aviso emitido por Red Hat (RHSA-2006:0280-8) | 2006-05-04 |