Vulnerability Bulletins |
Ejecución de código en Red Hat Linux |
|
Vulnerability classification |
|
| Property | Value |
| Confidence level | Oficial |
| Impact | Aumento de privilegios |
| Dificulty | Experto |
| Required attacker level | Acceso fisico |
System information |
|
| Property | Value |
| Affected manufacturer | GNU/Linux |
| Affected software |
RHEL Desktop Workstation (v. 5 cliente) - i386, x86_64 Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux (v. 5 servidor) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux AS v3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux AS v4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 cliente) - i386, x86_64 Red Hat Enterprise Linux Desktop v4 - i386, x86_64 Red Hat Enterprise Linux ES v3 - i386, ia64, x86_64 Red Hat Enterprise Linux ES v4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS v3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS v 4 - i386, ia64, x86_64 |
Description |
|
|
Se ha descubierto una vulnerabilidad en el compresor bzip2 Red Hat Enterprise Linux versiones 3, 4 y 5. La vulnerabilidad reside en un error de desbordamiento de enteros en la rutina de descompresión de bzip2. Un atacante podría ejecutar código arbitrario mediante archivos descomprimidos con formato incorrectos o una aplicación enlazada hacia la librería libbz2. |
|
Solution |
|
|
Actualización de software (RHSA-2010:0703-01) Red Hat Enterprise Linux AS v.3 Red Hat Desktop v.3 Red Hat Enterprise Linux ES v. 3 Red Hat Enterprise Linux WS v.3 Red Hat Enterprise Linux AS v.4 Red Hat Enterprise Linux Desktop v.4 Red Hat Enterprise Linux WS v.4 Red Hat Enterprise Linux Desktop (v. 5 cliente) Red Hat Enterprise Linux (v. 5 servidor) https://rhn.redhat.com/ Red Hat (RHSA-2010:0858-1) Red Hat Enterprise Linux Desktop v.6 Red Hat Enterprise Linux Desktop Optional v.6 Red Hat Enterprise Linux HPC Node v.6 Red Hat Enterprise Linux HPC Optional v.6 Red Hat Enterprise Linux Servidor v.6 Red Hat Enterprise Linux Workstation v.6 https://rhn.redhat.com/ |
|
Standar resources |
|
| Property | Value |
| CVE | CVE-2010-0405 |
| BID | |
Other resources |
|
|
Red Hat Security Advisory (RHSA-2010:0703-01) https://rhn.redhat.com/errata/RHSA-2010:0703-01.html Red Hat Security Advisory (RHSA- 2010:0858-01) https://rhn.redhat.com/errata/RHSA-2010-0858.html |
|
Version history |
||
| Version | Comments | Date |
| 1.0 | Aviso emitido | 2010-09-24 |
| 1.1 | Aviso actualizado por Red Hat (2010:0858-03) | 2010-11-11 |