Vulnerability Bulletins |
Ejecución remota de código en linpopup |
|
Vulnerability classification |
|
| Property | Value |
| Confidence level | Oficial |
| Impact | Obtener acceso |
| Dificulty | Avanzado |
| Required attacker level | Acceso remoto sin cuenta a un servicio exotico |
System information |
|
| Property | Value |
| Affected manufacturer | GNU/Linux |
| Affected software | linpopup |
Description |
|
|
Se ha descubierto una vulnerabilidad de desbordamiento de búfer en linpopup, un puerto X11 de winpopup, al ejecutarse sobre Samba. Mediante un mensaje especialmente diseñado podría ser posible ejecutar código remotamente sobre el sistema afectado. |
|
Solution |
|
|
Actualización de software Debian Linux Debian Linux 3.0 Fuentes: http://security.debian.org/pool/updates/main/l/linpopup/linpopup_1.2.0-2woody1.dsc http://security.debian.org/pool/updates/main/l/linpopup/linpopup_1.2.0-2woody1.diff.gz http://security.debian.org/pool/updates/main/l/linpopup/linpopup_1.2.0.orig.tar.gz Alpha: http://security.debian.org/pool/updates/main/l/linpopup/linpopup_1.2.0-2woody1_alpha.deb ARM: http://security.debian.org/pool/updates/main/l/linpopup/linpopup_1.2.0-2woody1_arm.deb Intel IA-32: http://security.debian.org/pool/updates/main/l/linpopup/linpopup_1.2.0-2woody1_i386.deb Intel IA-64: http://security.debian.org/pool/updates/main/l/linpopup/linpopup_1.2.0-2woody1_ia64.deb HPPA: http://security.debian.org/pool/updates/main/l/linpopup/linpopup_1.2.0-2woody1_hppa.deb Motorola 680x0: http://security.debian.org/pool/updates/main/l/linpopup/linpopup_1.2.0-2woody1_m68k.deb Big endian MIPS: http://security.debian.org/pool/updates/main/l/linpopup/linpopup_1.2.0-2woody1_mips.deb Little endian MIPS: http://security.debian.org/pool/updates/main/l/linpopup/linpopup_1.2.0-2woody1_mipsel.deb PowerPC: http://security.debian.org/pool/updates/main/l/linpopup/linpopup_1.2.0-2woody1_powerpc.deb IBM S/390: http://security.debian.org/pool/updates/main/l/linpopup/linpopup_1.2.0-2woody1_s390.deb Sun Sparc: http://security.debian.org/pool/updates/main/l/linpopup/linpopup_1.2.0-2woody1_sparc.deb |
|
Standar resources |
|
| Property | Value |
| CVE | CAN-2004-1282 |
| BID | |
Other resources |
|
|
Debian Security Advisory DSA-632-1 http://www.debian.org/security/2005/dsa-632 |
|
Version history |
||
| Version | Comments | Date |
| 1.0 | Aviso emitido | 2005-01-13 |