Vulnerability Bulletins |
Múltiples vulnerabilidades en Texinfo |
|
Vulnerability classification |
|
| Property | Value |
| Confidence level | Oficial |
| Impact | Obtener acceso |
| Dificulty | Experto |
| Required attacker level | Acceso remoto sin cuenta a un servicio exotico |
System information |
|
| Property | Value |
| Affected manufacturer | GNU/Linux |
| Affected software | Texinfo |
Description |
|
|
Se han descubierto múltiples vulnerabilidades en Textinfo. Las vulnerabilidad son descritas a continuación: - CVE-2005-3011: La vulnerabilidad reside en un error en la función "sort_offline()" de textindex en Texinfo 4.8 y anteriores versiones. Un atacante local podría sobrescribir ficheros arbitrarios mediante un ataque de enlace simbólico en archivos temporales. - CVE-2006-4810: La vulnerabilidad de tipo desbordamiento de búfer reside en un error en el comando "textindex". Un atacante podría ejecutar código arbitrario o causar una denegación del servicio Texindex mediante la construcción de un archivo Texinfo especialmente diseñado. |
|
Solution |
|
|
Actualización de software Red Hat Red Hat Desktop (v. 3) Red Hat Desktop (v. 4) Red Hat Enterprise Linux AS (v. 2.1) Red Hat Enterprise Linux AS (v. 3) Red Hat Enterprise Linux AS (v. 4) Red Hat Enterprise Linux ES (v. 2.1) Red Hat Enterprise Linux ES (v. 3) Red Hat Enterprise Linux ES (v. 4) Red Hat Enterprise Linux WS (v. 2.1) Red Hat Enterprise Linux WS (v. 3) Red Hat Enterprise Linux WS (v. 4) Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor https://rhn.redhat.com/ Mandriva Corporate Server 3.0 X86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/i586/info-4.6-1.2.C30mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/i586/info-install-4.6-1.2.C30mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/i586/texinfo-4.6-1.2.C30mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/SRPMS/texinfo-4.6-1.2.C30mdk.src.rpm X86_64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/x86_64/info-4.6-1.2.C30mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/x86_64/info-install-4.6-1.2.C30mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/x86_64/texinfo-4.6-1.2.C30mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/SRPMS/texinfo-4.6-1.2.C30mdk.src.rpm Mandriva Linux 2006 X86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/i586/info-4.8-1.2.20060mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/i586/info-install-4.8-1.2.20060mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/i586/texinfo-4.8-1.2.20060mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/SRPMS/texinfo-4.8-1.2.20060mdk.src.rpm X86_64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/x86_64/info-4.8-1.2.20060mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/x86_64/info-install-4.8-1.2.20060mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/x86_64/texinfo-4.8-1.2.20060mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/SRPMS/texinfo-4.8-1.2.20060mdk.src.rpm Mandriva Linux 2007 X86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.0/i586/info-4.8-4.1mdv2007.0.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.0/i586/info-install-4.8-4.1mdv2007.0.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.0/i586/texinfo-4.8-4.1mdv2007.0.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.0/SRPMS/texinfo-4.8-4.1mdv2007.0.src.rpm X86_64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.0/x86_64/info-4.8-4.1mdv2007.0.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.0/x86_64/info-install-4.8-4.1mdv2007.0.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.0/x86_64/texinfo-4.8-4.1mdv2007.0.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.0/SRPMS/texinfo-4.8-4.1mdv2007.0.src.rpm Corporate Server 4.0 X86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/4.0/i586/info-4.8-1.2.20060mlcs4.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/4.0/i586/info-install-4.8-1.2.20060mlcs4.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/4.0/i586/texinfo-4.8-1.2.20060mlcs4.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/4.0/SRPMS/texinfo-4.8-1.2.20060mlcs4.src.rpm X86_64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/4.0/x86_64/info-4.8-1.2.20060mlcs4.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/4.0/x86_64/info-install-4.8-1.2.20060mlcs4.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/4.0/x86_64/texinfo-4.8-1.2.20060mlcs4.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/4.0/SRPMS/texinfo-4.8-1.2.20060mlcs4.src.rpm SGI Advanced Linux Environment 3 / RPM / Patch 10345 ftp://oss.sgi.com/projects/sgi_propack/download/3/updates/RPMS Advanced Linux Environment 3 / SRPM / Patch 10345 ftp://oss.sgi.com/projects/sgi_propack/download/3/updates/SRPMS Debian Debian Linux 3.1 Source http://security.debian.org/pool/updates/main/t/texinfo/texinfo_4.7-2.2sarge2.dsc http://security.debian.org/pool/updates/main/t/texinfo/texinfo_4.7.orig.tar.gz http://security.debian.org/pool/updates/main/t/texinfo/texinfo_4.7-2.2sarge2.diff.gz Alpha http://security.debian.org/pool/updates/main/t/texinfo/info_4.7-2.2sarge2_alpha.deb http://security.debian.org/pool/updates/main/t/texinfo/texinfo_4.7-2.2sarge2_alpha.deb AMD64 http://security.debian.org/pool/updates/main/t/texinfo/info_4.7-2.2sarge2_amd64.deb http://security.debian.org/pool/updates/main/t/texinfo/texinfo_4.7-2.2sarge2_amd64.deb ARM http://security.debian.org/pool/updates/main/t/texinfo/info_4.7-2.2sarge2_arm.deb http://security.debian.org/pool/updates/main/t/texinfo/texinfo_4.7-2.2sarge2_arm.deb HP PA RISC http://security.debian.org/pool/updates/main/t/texinfo/texinfo_4.7-2.2sarge2_hppa.deb http://security.debian.org/pool/updates/main/t/texinfo/info_4.7-2.2sarge2_hppa.deb Intel ia32 http://security.debian.org/pool/updates/main/t/texinfo/texinfo_4.7-2.2sarge2_i386.deb http://security.debian.org/pool/updates/main/t/texinfo/info_4.7-2.2sarge2_i386.deb Intel ia64 http://security.debian.org/pool/updates/main/t/texinfo/texinfo_4.7-2.2sarge2_ia64.deb http://security.debian.org/pool/updates/main/t/texinfo/info_4.7-2.2sarge2_ia64.deb Motorola Mc680x0 http://security.debian.org/pool/updates/main/t/texinfo/info_4.7-2.2sarge2_m68k.deb http://security.debian.org/pool/updates/main/t/texinfo/texinfo_4.7-2.2sarge2_m68k.deb MIPS (Big Endian) http://security.debian.org/pool/updates/main/t/texinfo/info_4.7-2.2sarge2_mips.deb http://security.debian.org/pool/updates/main/t/texinfo/texinfo_4.7-2.2sarge2_mips.deb PowerPC http://security.debian.org/pool/updates/main/t/texinfo/texinfo_4.7-2.2sarge2_powerpc.deb http://security.debian.org/pool/updates/main/t/texinfo/info_4.7-2.2sarge2_powerpc.deb IBM S/390 http://security.debian.org/pool/updates/main/t/texinfo/info_4.7-2.2sarge2_s390.deb http://security.debian.org/pool/updates/main/t/texinfo/texinfo_4.7-2.2sarge2_s390.deb Sun SPARC/UltraSPARC http://security.debian.org/pool/updates/main/t/texinfo/info_4.7-2.2sarge2_sparc.deb http://security.debian.org/pool/updates/main/t/texinfo/texinfo_4.7-2.2sarge2_sparc.deb Suse Linux Las actualizaciones pueden descargarse mediante YAST o del servidor FTP oficial de Suse Linux Apple Mac OS X (Universal) http://www.apple.com/support/downloads/securityupdate2007005universal.html Mac OS X (PPC) http://www.apple.com/support/downloads/securityupdate2007005ppc.html Mac OS X (Server) http://www.apple.com/support/downloads/securityupdate20070051039server.html Mac OS X (Client) http://www.apple.com/support/downloads/securityupdate20070051039client.html |
|
Standar resources |
|
| Property | Value |
| CVE |
CVE-2005-3011 CVE-2006-4810 |
| BID | 14854 |
Other resources |
|
|
Red Hat Security Advisory (RHSA-2006:0727-6) http://rhn.redhat.com/errata/RHSA-2006:0727.html Mandriva Security Advisory (MDKSA-2006:203) http://www.mandriva.com/security/advisories?name=MDKSA-2006:203 SGI Security Advisory (20061101-01-P) ftp://patches.sgi.com/support/free/security/advisories/20061101-01-P.asc Debian Security Advisory (DSA 1219-1) http://lists.debian.org/debian-security-announce/debian-security-announce-2006/msg00318.html SUSE Security Advisory (SUSE-SR:2006:028) http://www.novell.com/linux/security/advisories/2006_28_sr.html Apple Security Update (305530) http://docs.info.apple.com/article.html?artnum=305530 |
|
Version history |
||
| Version | Comments | Date |
| 1.0 | Aviso emitido | 2006-11-08 |
| 1.1 | Aviso emitido por SGI (20061101-01-P) | 2006-11-20 |
| 1.2 | Aviso emitido por Debian (DSA 1219-1) | 2006-11-29 |
| 1.3 | Aviso emitido por Suse (SUSE-SR:2006:028) | 2006-12-14 |
| 1.4 | Aviso emitido por Apple (305530) | 2007-05-29 |