Vulnerability Bulletins |
Aumento de privilegios en xorg-x11-xfs |
|
Vulnerability classification |
|
| Property | Value |
| Confidence level | Oficial |
| Impact | Aumento de privilegios |
| Dificulty | Principiante |
| Required attacker level | Acceso remoto con cuenta |
System information |
|
| Property | Value |
| Affected manufacturer | GNU/Linux |
| Affected software | xorg-x11-xfs |
Description |
|
|
Se ha encontrado una vulnerabilidad en X.Org X11 xfs font server. La vulnerabilidad reside en una condición de carrera encontrada en el manejo de los archivos temporales cuando se ejecuta el script de inicio de xfs font server. Un atacante local podría modificar los permisos de archivos arbitrarios y posiblemente obtener privilegios. Existe un exploit público disponible. |
|
Solution |
|
|
Actualización de software Red Hat (RHSA-2007:0520-2) Red Hat Enterprise Linux (v. 5 server) Red Hat Enterprise Linux Desktop (v. 5 client) https://rhn.redhat.com/ Red Hat (RHSA-2007:0519-2) Red Hat Desktop (v. 4) Red Hat Enterprise Linux AS (v. 4) Red Hat Enterprise Linux ES (v. 4) Red Hat Enterprise Linux WS (v. 4) https://rhn.redhat.com/ Debian Debian Linux 4.0 Source http://security.debian.org/pool/updates/main/x/xfs/xfs_1.0.1-6.dsc http://security.debian.org/pool/updates/main/x/xfs/xfs_1.0.1-6.diff.gz http://security.debian.org/pool/updates/main/x/xfs/xfs_1.0.1.orig.tar.gz Alpha http://security.debian.org/pool/updates/main/x/xfs/xfs_1.0.1-6_alpha.deb AMD64 http://security.debian.org/pool/updates/main/x/xfs/xfs_1.0.1-6_amd64.deb ARM http://security.debian.org/pool/updates/main/x/xfs/xfs_1.0.1-6_arm.deb HP Precision http://security.debian.org/pool/updates/main/x/xfs/xfs_1.0.1-6_hppa.deb Intel IA-32 http://security.debian.org/pool/updates/main/x/xfs/xfs_1.0.1-6_i386.deb Intel IA-64 http://security.debian.org/pool/updates/main/x/xfs/xfs_1.0.1-6_ia64.deb Big endian MIPS http://security.debian.org/pool/updates/main/x/xfs/xfs_1.0.1-6_mips.deb Little endian MIPS http://security.debian.org/pool/updates/main/x/xfs/xfs_1.0.1-6_mipsel.deb PowerPC http://security.debian.org/pool/updates/main/x/xfs/xfs_1.0.1-6_powerpc.deb IBM S/390 http://security.debian.org/pool/updates/main/x/xfs/xfs_1.0.1-6_s390.deb Sun Sparc http://security.debian.org/pool/updates/main/x/xfs/xfs_1.0.1-6_sparc.deb |
|
Standar resources |
|
| Property | Value |
| CVE | CVE-2007-3103 |
| BID | |
Other resources |
|
|
Red Hat Security Advisory (RHSA-2007:0520-2) https://rhn.redhat.com/errata/RHSA-2007-0520.html Red Hat Security Advisory (RHSA-2007:0519-2) https://rhn.redhat.com/errata/RHSA-2007-0519.html Debian Security Advisory (DSA 1342-1) http://lists.debian.org/debian-security-announce/debian-security-announce-2007/msg00104.html |
|
Version history |
||
| Version | Comments | Date |
| 1.0 | Aviso emitido | 2007-07-13 |
| 1.1 | Aviso emitido por Debian (DSA 1342-1) | 2007-07-31 |
| 2.0 | Exploit público disponible. | 2008-03-17 |