Vulnerability Bulletins |
Vulnerabilidad en lesstif |
|
Vulnerability classification |
|
Property | Value |
Confidence level | Oficial |
Impact | Aumento de privilegios |
Dificulty | Principiante |
Required attacker level | Acceso remoto con cuenta |
System information |
|
Property | Value |
Affected manufacturer | GNU/Linux |
Affected software | lesstif |
Description |
|
Se ha descubierto una vulnerabilidad en la librería libXm de LessTif. La vulnerabilidad reside en el manejo de la variable de entorno DEBUG_FILE. La explotación de esta vulnerabilidad podría permitir a un atacante local crear archivos con permisos de escritura para todo el mundo en cualquier localización cuando libXm se ejecuta desde un programa setuid. |
|
Solution |
|
Actualización de software Mandriva Linux Mandriva Linux 2006.0 X86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/RPMS/lesstif-0.93.94-4.2.20060mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/RPMS/lesstif-clients-0.93.94-4.2.20060mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/RPMS/lesstif-devel-0.93.94-4.2.20060mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/RPMS/lesstif-mwm-0.93.94-4.2.20060mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/RPMS/liblesstif1-0.93.94-4.2.20060mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/RPMS/liblesstif2-0.93.94-4.2.20060mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/SRPMS/lesstif-0.93.94-4.2.20060mdk.src.rpm X86_64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/2006.0/RPMS/lesstif-0.93.94-4.2.20060mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/2006.0/RPMS/lesstif-clients-0.93.94-4.2.20060mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/2006.0/RPMS/lesstif-devel-0.93.94-4.2.20060mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/2006.0/RPMS/lesstif-mwm-0.93.94-4.2.20060mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/2006.0/RPMS/lib64lesstif1-0.93.94-4.2.20060mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/2006.0/RPMS/lib64lesstif2-0.93.94-4.2.20060mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/2006.0/RPMS/liblesstif1-0.93.94-4.2.20060mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/2006.0/RPMS/liblesstif2-0.93.94-4.2.20060mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/2006.0/SRPMS/lesstif-0.93.94-4.2.20060mdk.src.rpm Corporate 3.0 X86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/RPMS/lesstif-0.93.94-1.1.C30mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/RPMS/lesstif-clients-0.93.94-1.1.C30mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/RPMS/lesstif-devel-0.93.94-1.1.C30mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/RPMS/lesstif-mwm-0.93.94-1.1.C30mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/SRPMS/lesstif-0.93.94-1.1.C30mdk.src.rpm X86_64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/3.0/RPMS/lesstif-0.93.94-1.1.C30mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/3.0/RPMS/lesstif-clients-0.93.94-1.1.C30mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/3.0/RPMS/lesstif-devel-0.93.94-1.1.C30mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/3.0/RPMS/lesstif-mwm-0.93.94-1.1.C30mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/3.0/SRPMS/lesstif-0.93.94-1.1.C30mdk.src.rpm |
|
Standar resources |
|
Property | Value |
CVE | CVE-2006-4124 |
BID | |
Other resources |
|
Mandriva Linux Security Advisory MDKSA-2006:154 http://archives.mandrivalinux.com/security-announce/2006-08/msg00022.php |
Version history |
||
Version | Comments | Date |
1.0 | Aviso emitido | 2006-08-29 |