Miembros de
Boletines de Vulnerabilidades |
Eliminación de archivos en Fireflier-server |
|
Clasificación de la vulnerabilidad |
|
| Propiedad | Valor |
| Nivel de Confianza | Oficial |
| Impacto | Integridad |
| Dificultad | Experto |
| Requerimientos del atacante | Acceso remoto con cuenta |
Información sobre el sistema |
|
| Propiedad | Valor |
| Fabricante afectado | GNU/Linux |
| Software afectado | Fireflier-server |
Descripción |
|
|
Se ha descubierto una vulnerabilidad en fireflier-server, una herramienta para la creación de reglas del firewall. La vulnerabilidad reside en que utiliza archivos temporales de una forma no segura. Un atacante local podría eliminar archivos arbitrarios del sistema local. |
|
Solución |
|
|
Actualización de software Debian (DSA 1326-1) Debian Linux 3.1 Source http://security.debian.org/pool/updates/main/f/fireflier/fireflier_1.1.5-1sarge1.dsc http://security.debian.org/pool/updates/main/f/fireflier/fireflier_1.1.5-1sarge1.tar.gz alpha http://security.debian.org/pool/updates/main/f/fireflier/fireflier-client-kde_1.1.5-1sarge1_alpha.deb http://security.debian.org/pool/updates/main/f/fireflier/fireflier-client-gtk_1.1.5-1sarge1_alpha.deb http://security.debian.org/pool/updates/main/f/fireflier/fireflier-client-qt_1.1.5-1sarge1_alpha.deb http://security.debian.org/pool/updates/main/f/fireflier/fireflier-server_1.1.5-1sarge1_alpha.deb amd64 http://security.debian.org/pool/updates/main/f/fireflier/fireflier-client-qt_1.1.5-1sarge1_amd64.deb http://security.debian.org/pool/updates/main/f/fireflier/fireflier-client-kde_1.1.5-1sarge1_amd64.deb http://security.debian.org/pool/updates/main/f/fireflier/fireflier-server_1.1.5-1sarge1_amd64.deb http://security.debian.org/pool/updates/main/f/fireflier/fireflier-client-gtk_1.1.5-1sarge1_amd64.deb arm http://security.debian.org/pool/updates/main/f/fireflier/fireflier-client-qt_1.1.5-1sarge1_arm.deb http://security.debian.org/pool/updates/main/f/fireflier/fireflier-client-kde_1.1.5-1sarge1_arm.deb http://security.debian.org/pool/updates/main/f/fireflier/fireflier-server_1.1.5-1sarge1_arm.deb http://security.debian.org/pool/updates/main/f/fireflier/fireflier-client-gtk_1.1.5-1sarge1_arm.deb i386 http://security.debian.org/pool/updates/main/f/fireflier/fireflier-client-kde_1.1.5-1sarge1_i386.deb http://security.debian.org/pool/updates/main/f/fireflier/fireflier-server_1.1.5-1sarge1_i386.deb http://security.debian.org/pool/updates/main/f/fireflier/fireflier-client-gtk_1.1.5-1sarge1_i386.deb http://security.debian.org/pool/updates/main/f/fireflier/fireflier-client-qt_1.1.5-1sarge1_i386.deb ia64 http://security.debian.org/pool/updates/main/f/fireflier/fireflier-client-kde_1.1.5-1sarge1_ia64.deb http://security.debian.org/pool/updates/main/f/fireflier/fireflier-server_1.1.5-1sarge1_ia64.deb http://security.debian.org/pool/updates/main/f/fireflier/fireflier-client-qt_1.1.5-1sarge1_ia64.deb http://security.debian.org/pool/updates/main/f/fireflier/fireflier-client-gtk_1.1.5-1sarge1_ia64.deb m68k http://security.debian.org/pool/updates/main/f/fireflier/fireflier-server_1.1.5-1sarge1_m68k.deb http://security.debian.org/pool/updates/main/f/fireflier/fireflier-client-gtk_1.1.5-1sarge1_m68k.deb http://security.debian.org/pool/updates/main/f/fireflier/fireflier-client-kde_1.1.5-1sarge1_m68k.deb http://security.debian.org/pool/updates/main/f/fireflier/fireflier-client-qt_1.1.5-1sarge1_m68k.deb mipsel http://security.debian.org/pool/updates/main/f/fireflier/fireflier-client-qt_1.1.5-1sarge1_mipsel.deb http://security.debian.org/pool/updates/main/f/fireflier/fireflier-server_1.1.5-1sarge1_mipsel.deb http://security.debian.org/pool/updates/main/f/fireflier/fireflier-client-kde_1.1.5-1sarge1_mipsel.deb http://security.debian.org/pool/updates/main/f/fireflier/fireflier-client-gtk_1.1.5-1sarge1_mipsel.deb s390 http://security.debian.org/pool/updates/main/f/fireflier/fireflier-client-kde_1.1.5-1sarge1_s390.deb http://security.debian.org/pool/updates/main/f/fireflier/fireflier-client-qt_1.1.5-1sarge1_s390.deb http://security.debian.org/pool/updates/main/f/fireflier/fireflier-client-gtk_1.1.5-1sarge1_s390.deb http://security.debian.org/pool/updates/main/f/fireflier/fireflier-server_1.1.5-1sarge1_s390.deb sparc http://security.debian.org/pool/updates/main/f/fireflier/fireflier-client-gtk_1.1.5-1sarge1_sparc.deb http://security.debian.org/pool/updates/main/f/fireflier/fireflier-server_1.1.5-1sarge1_sparc.deb http://security.debian.org/pool/updates/main/f/fireflier/fireflier-client-qt_1.1.5-1sarge1_sparc.deb http://security.debian.org/pool/updates/main/f/fireflier/fireflier-client-kde_1.1.5-1sarge1_sparc.deb Debian Linux 4.0 Source http://security.debian.org/pool/updates/main/f/fireflier/fireflier_1.1.6-3etch1.tar.gz http://security.debian.org/pool/updates/main/f/fireflier/fireflier_1.1.6-3etch1.dsc alpha http://security.debian.org/pool/updates/main/f/fireflier/fireflier-client-gtk_1.1.6-3etch1_alpha.deb http://security.debian.org/pool/updates/main/f/fireflier/fireflier-server_1.1.6-3etch1_alpha.deb http://security.debian.org/pool/updates/main/f/fireflier/fireflier-client-kde_1.1.6-3etch1_alpha.deb http://security.debian.org/pool/updates/main/f/fireflier/fireflier-client-qt_1.1.6-3etch1_alpha.deb amd64 http://security.debian.org/pool/updates/main/f/fireflier/fireflier-client-qt_1.1.6-3etch1_amd64.deb http://security.debian.org/pool/updates/main/f/fireflier/fireflier-client-gtk_1.1.6-3etch1_amd64.deb http://security.debian.org/pool/updates/main/f/fireflier/fireflier-server_1.1.6-3etch1_amd64.deb http://security.debian.org/pool/updates/main/f/fireflier/fireflier-client-kde_1.1.6-3etch1_amd64.deb arm http://security.debian.org/pool/updates/main/f/fireflier/fireflier-server_1.1.6-3etch1_arm.deb http://security.debian.org/pool/updates/main/f/fireflier/fireflier-client-kde_1.1.6-3etch1_arm.deb http://security.debian.org/pool/updates/main/f/fireflier/fireflier-client-gtk_1.1.6-3etch1_arm.deb http://security.debian.org/pool/updates/main/f/fireflier/fireflier-client-qt_1.1.6-3etch1_arm.deb i386 http://security.debian.org/pool/updates/main/f/fireflier/fireflier-server_1.1.6-3etch1_i386.deb http://security.debian.org/pool/updates/main/f/fireflier/fireflier-client-qt_1.1.6-3etch1_i386.deb http://security.debian.org/pool/updates/main/f/fireflier/fireflier-client-gtk_1.1.6-3etch1_i386.deb http://security.debian.org/pool/updates/main/f/fireflier/fireflier-client-kde_1.1.6-3etch1_i386.deb ia64 http://security.debian.org/pool/updates/main/f/fireflier/fireflier-client-gtk_1.1.6-3etch1_ia64.deb http://security.debian.org/pool/updates/main/f/fireflier/fireflier-server_1.1.6-3etch1_ia64.deb http://security.debian.org/pool/updates/main/f/fireflier/fireflier-client-qt_1.1.6-3etch1_ia64.deb http://security.debian.org/pool/updates/main/f/fireflier/fireflier-client-kde_1.1.6-3etch1_ia64.deb mipsel http://security.debian.org/pool/updates/main/f/fireflier/fireflier-server_1.1.6-3etch1_mipsel.deb http://security.debian.org/pool/updates/main/f/fireflier/fireflier-client-qt_1.1.6-3etch1_mipsel.deb http://security.debian.org/pool/updates/main/f/fireflier/fireflier-client-gtk_1.1.6-3etch1_mipsel.deb http://security.debian.org/pool/updates/main/f/fireflier/fireflier-client-kde_1.1.6-3etch1_mipsel.deb powerpc http://security.debian.org/pool/updates/main/f/fireflier/fireflier-client-qt_1.1.6-3etch1_powerpc.deb http://security.debian.org/pool/updates/main/f/fireflier/fireflier-client-gtk_1.1.6-3etch1_powerpc.deb http://security.debian.org/pool/updates/main/f/fireflier/fireflier-client-kde_1.1.6-3etch1_powerpc.deb http://security.debian.org/pool/updates/main/f/fireflier/fireflier-server_1.1.6-3etch1_powerpc.deb s390 http://security.debian.org/pool/updates/main/f/fireflier/fireflier-client-gtk_1.1.6-3etch1_s390.deb http://security.debian.org/pool/updates/main/f/fireflier/fireflier-client-kde_1.1.6-3etch1_s390.deb http://security.debian.org/pool/updates/main/f/fireflier/fireflier-server_1.1.6-3etch1_s390.deb http://security.debian.org/pool/updates/main/f/fireflier/fireflier-client-qt_1.1.6-3etch1_s390.deb sparc http://security.debian.org/pool/updates/main/f/fireflier/fireflier-client-kde_1.1.6-3etch1_sparc.deb http://security.debian.org/pool/updates/main/f/fireflier/fireflier-server_1.1.6-3etch1_sparc.deb http://security.debian.org/pool/updates/main/f/fireflier/fireflier-client-qt_1.1.6-3etch1_sparc.deb http://security.debian.org/pool/updates/main/f/fireflier/fireflier-client-gtk_1.1.6-3etch1_sparc.deb |
|
Identificadores estándar |
|
| Propiedad | Valor |
| CVE | CVE-2007-2837 |
| BID | |
Recursos adicionales |
|
|
Debian Security Advisory (DSA 1326-1) http://lists.debian.org/debian-security-announce/debian-security-announce-2007/msg00087.html |
|
Histórico de versiones |
||
| Versión | Comentario | Fecha |
| 1.0 | Aviso emitido | 2007-07-02 |