Vulnerability Bulletins

int(1777)

Vulnerability Bulletins

Vulnerabilidad en la creación de ficheros temporales en lm_sensors
Vulnerability classification
Property	Value
Confidence level	Oficial
Impact	Integridad
Dificulty	Avanzado
Required attacker level	Acceso remoto con cuenta
System information
Property	Value
Affected manufacturer	GNU/Linux
Affected software	lm_sensors < 2.9.1
Description
Se ha descubierto una vulnerabilidad en lm_sensors. La vulnerabilidad reside en la forma en la que el script pwmconfig crea ficheros temporales. La explotación de esta vulnerabilidad podría permitir con un ataque symlink crear o sobrescribir ficheros arbitrarios con los permisos con los que se ejecuta pwmconfig, típicamente root.
Solution
Actualización de software Mandriva Linux Mandrakelinux 10.0/X86 10.0/RPMS/liblm_sensors3-2.8.4-2.1.100mdk.i586.rpm 10.0/RPMS/liblm_sensors3-devel-2.8.4-2.1.100mdk.i586.rpm 10.0/RPMS/liblm_sensors3-static-devel-2.8.4-2.1.100mdk.i586.rpm 10.0/RPMS/lm_sensors-2.8.4-2.1.100mdk.i586.rpm 10.0/SRPMS/lm_sensors-2.8.4-2.1.100mdk.src.rpm Mandrakelinux 10.0/AMD64 amd64/10.0/RPMS/lib64lm_sensors3-2.8.4-2.1.100mdk.amd64.rpm amd64/10.0/RPMS/lib64lm_sensors3-devel-2.8.4-2.1.100mdk.amd64.rpm amd64/10.0/RPMS/lib64lm_sensors3-static-devel-2.8.4-2.1.100mdk.amd64.rpm amd64/10.0/RPMS/lm_sensors-2.8.4-2.1.100mdk.amd64.rpm amd64/10.0/SRPMS/lm_sensors-2.8.4-2.1.100mdk.src.rpm Mandrakelinux 10.1/X86 10.1/RPMS/liblm_sensors3-2.8.7-7.1.101mdk.i586.rpm 10.1/RPMS/liblm_sensors3-devel-2.8.7-7.1.101mdk.i586.rpm 10.1/RPMS/liblm_sensors3-static-devel-2.8.7-7.1.101mdk.i586.rpm 10.1/RPMS/lm_sensors-2.8.7-7.1.101mdk.i586.rpm 10.1/SRPMS/lm_sensors-2.8.7-7.1.101mdk.src.rpm Mandrakelinux 10.1/X86_64 x86_64/10.1/RPMS/lib64lm_sensors3-2.8.7-7.1.101mdk.x86_64.rpm x86_64/10.1/RPMS/lib64lm_sensors3-devel-2.8.7-7.1.101mdk.x86_64.rpm x86_64/10.1/RPMS/lib64lm_sensors3-static-devel-2.8.7-7.1.101mdk.x86_64.rpm x86_64/10.1/RPMS/lm_sensors-2.8.7-7.1.101mdk.x86_64.rpm x86_64/10.1/SRPMS/lm_sensors-2.8.7-7.1.101mdk.src.rpm Corporate Server 3.0/X86 corporate/3.0/RPMS/liblm_sensors3-2.8.4-2.1.C30mdk.i586.rpm corporate/3.0/RPMS/liblm_sensors3-devel-2.8.4-2.1.C30mdk.i586.rpm corporate/3.0/RPMS/liblm_sensors3-static-devel-2.8.4-2.1.C30mdk.i586.rpm corporate/3.0/RPMS/lm_sensors-2.8.4-2.1.C30mdk.i586.rpm corporate/3.0/SRPMS/lm_sensors-2.8.4-2.1.C30mdk.src.rpm Corporate Server 3.0/X86_64 x86_64/corporate/3.0/RPMS/lib64lm_sensors3-2.8.4-2.1.C30mdk.x86_64.rpm x86_64/corporate/3.0/RPMS/lib64lm_sensors3-devel-2.8.4-2.1.C30mdk.x86_64.rpm x86_64/corporate/3.0/RPMS/lib64lm_sensors3-static-devel-2.8.4-2.1.C30mdk.x86_64.rpm x86_64/corporate/3.0/RPMS/lm_sensors-2.8.4-2.1.C30mdk.x86_64.rpm x86_64/corporate/3.0/SRPMS/lm_sensors-2.8.4-2.1.C30mdk.src.rpm Mandrivalinux LE2005/X86 10.2/RPMS/liblm_sensors3-2.9.0-4.1.102mdk.i586.rpm 10.2/RPMS/liblm_sensors3-devel-2.9.0-4.1.102mdk.i586.rpm 10.2/RPMS/liblm_sensors3-static-devel-2.9.0-4.1.102mdk.i586.rpm 10.2/RPMS/lm_sensors-2.9.0-4.1.102mdk.i586.rpm 10.2/SRPMS/lm_sensors-2.9.0-4.1.102mdk.src.rpm Mandrivalinux LE2005/X86_64 x86_64/10.2/RPMS/lib64lm_sensors3-2.9.0-4.1.102mdk.x86_64.rpm x86_64/10.2/RPMS/lib64lm_sensors3-devel-2.9.0-4.1.102mdk.x86_64.rpm x86_64/10.2/RPMS/lib64lm_sensors3-static-devel-2.9.0-4.1.102mdk.x86_64.rpm x86_64/10.2/RPMS/lm_sensors-2.9.0-4.1.102mdk.x86_64.rpm x86_64/10.2/SRPMS/lm_sensors-2.9.0-4.1.102mdk.src.rpm Debian Debian Linux 3.1 Source http://security.debian.org/pool/updates/main/l/lm-sensors/lm-sensors_2.9.1-1sarge2.dsc http://security.debian.org/pool/updates/main/l/lm-sensors/lm-sensors_2.9.1-1sarge2.diff.gz http://security.debian.org/pool/updates/main/l/lm-sensors/lm-sensors_2.9.1.orig.tar.gz Architecture independent http://security.debian.org/pool/updates/main/l/lm-sensors/kernel-patch-2.4-lm-sensors_2.9.1-1sarge2_all.deb http://security.debian.org/pool/updates/main/l/lm-sensors/lm-sensors-source_2.9.1-1sarge2_all.deb Alpha http://security.debian.org/pool/updates/main/l/lm-sensors/libsensors-dev_2.9.1-1sarge2_alpha.deb http://security.debian.org/pool/updates/main/l/lm-sensors/libsensors3_2.9.1-1sarge2_alpha.deb http://security.debian.org/pool/updates/main/l/lm-sensors/lm-sensors_2.9.1-1sarge2_alpha.deb http://security.debian.org/pool/updates/main/l/lm-sensors/sensord_2.9.1-1sarge2_alpha.deb AMD64 http://security.debian.org/pool/updates/main/l/lm-sensors/libsensors-dev_2.9.1-1sarge2_amd64.deb http://security.debian.org/pool/updates/main/l/lm-sensors/libsensors3_2.9.1-1sarge2_amd64.deb http://security.debian.org/pool/updates/main/l/lm-sensors/lm-sensors_2.9.1-1sarge2_amd64.deb http://security.debian.org/pool/updates/main/l/lm-sensors/sensord_2.9.1-1sarge2_amd64.deb ARM http://security.debian.org/pool/updates/main/l/lm-sensors/libsensors-dev_2.9.1-1sarge2_arm.deb http://security.debian.org/pool/updates/main/l/lm-sensors/libsensors3_2.9.1-1sarge2_arm.deb http://security.debian.org/pool/updates/main/l/lm-sensors/lm-sensors_2.9.1-1sarge2_arm.deb http://security.debian.org/pool/updates/main/l/lm-sensors/sensord_2.9.1-1sarge2_arm.deb Intel IA-32 http://security.debian.org/pool/updates/main/l/lm-sensors/libsensors-dev_2.9.1-1sarge2_i386.deb http://security.debian.org/pool/updates/main/l/lm-sensors/libsensors3_2.9.1-1sarge2_i386.deb http://security.debian.org/pool/updates/main/l/lm-sensors/lm-sensors_2.9.1-1sarge2_i386.deb http://security.debian.org/pool/updates/main/l/lm-sensors/lm-sensors-2.4.27-2-386_2.9.1-1sarge2_i386.deb http://security.debian.org/pool/updates/main/l/lm-sensors/lm-sensors-2.4.27-2-586tsc_2.9.1-1sarge2_i386.deb http://security.debian.org/pool/updates/main/l/lm-sensors/lm-sensors-2.4.27-2-686_2.9.1-1sarge2_i386.deb http://security.debian.org/pool/updates/main/l/lm-sensors/lm-sensors-2.4.27-2-686-smp_2.9.1-1sarge2_i386.deb http://security.debian.org/pool/updates/main/l/lm-sensors/lm-sensors-2.4.27-2-k6_2.9.1-1sarge2_i386.deb http://security.debian.org/pool/updates/main/l/lm-sensors/lm-sensors-2.4.27-2-k7_2.9.1-1sarge2_i386.deb http://security.debian.org/pool/updates/main/l/lm-sensors/lm-sensors-2.4.27-2-k7-smp_2.9.1-1sarge2_i386.deb http://security.debian.org/pool/updates/main/l/lm-sensors/sensord_2.9.1-1sarge2_i386.deb Intel IA-64 http://security.debian.org/pool/updates/main/l/lm-sensors/libsensors-dev_2.9.1-1sarge2_ia64.deb http://security.debian.org/pool/updates/main/l/lm-sensors/libsensors3_2.9.1-1sarge2_ia64.deb http://security.debian.org/pool/updates/main/l/lm-sensors/lm-sensors_2.9.1-1sarge2_ia64.deb http://security.debian.org/pool/updates/main/l/lm-sensors/sensord_2.9.1-1sarge2_ia64.deb HP Precision http://security.debian.org/pool/updates/main/l/lm-sensors/libsensors-dev_2.9.1-1sarge2_hppa.deb http://security.debian.org/pool/updates/main/l/lm-sensors/libsensors3_2.9.1-1sarge2_hppa.deb http://security.debian.org/pool/updates/main/l/lm-sensors/lm-sensors_2.9.1-1sarge2_hppa.deb http://security.debian.org/pool/updates/main/l/lm-sensors/sensord_2.9.1-1sarge2_hppa.deb Motorola 680x0 http://security.debian.org/pool/updates/main/l/lm-sensors/libsensors-dev_2.9.1-1sarge2_m68k.deb http://security.debian.org/pool/updates/main/l/lm-sensors/libsensors3_2.9.1-1sarge2_m68k.deb http://security.debian.org/pool/updates/main/l/lm-sensors/lm-sensors_2.9.1-1sarge2_m68k.deb http://security.debian.org/pool/updates/main/l/lm-sensors/sensord_2.9.1-1sarge2_m68k.deb Big endian MIPS http://security.debian.org/pool/updates/main/l/lm-sensors/libsensors-dev_2.9.1-1sarge2_mips.deb http://security.debian.org/pool/updates/main/l/lm-sensors/libsensors3_2.9.1-1sarge2_mips.deb http://security.debian.org/pool/updates/main/l/lm-sensors/lm-sensors_2.9.1-1sarge2_mips.deb http://security.debian.org/pool/updates/main/l/lm-sensors/sensord_2.9.1-1sarge2_mips.deb Little endian MIPS http://security.debian.org/pool/updates/main/l/lm-sensors/libsensors-dev_2.9.1-1sarge2_mipsel.deb http://security.debian.org/pool/updates/main/l/lm-sensors/libsensors3_2.9.1-1sarge2_mipsel.deb http://security.debian.org/pool/updates/main/l/lm-sensors/lm-sensors_2.9.1-1sarge2_mipsel.deb http://security.debian.org/pool/updates/main/l/lm-sensors/sensord_2.9.1-1sarge2_mipsel.deb PowerPC http://security.debian.org/pool/updates/main/l/lm-sensors/libsensors-dev_2.9.1-1sarge2_powerpc.deb http://security.debian.org/pool/updates/main/l/lm-sensors/libsensors3_2.9.1-1sarge2_powerpc.deb http://security.debian.org/pool/updates/main/l/lm-sensors/lm-sensors_2.9.1-1sarge2_powerpc.deb http://security.debian.org/pool/updates/main/l/lm-sensors/sensord_2.9.1-1sarge2_powerpc.deb IBM S/390 http://security.debian.org/pool/updates/main/l/lm-sensors/libsensors-dev_2.9.1-1sarge2_s390.deb http://security.debian.org/pool/updates/main/l/lm-sensors/libsensors3_2.9.1-1sarge2_s390.deb http://security.debian.org/pool/updates/main/l/lm-sensors/lm-sensors_2.9.1-1sarge2_s390.deb http://security.debian.org/pool/updates/main/l/lm-sensors/sensord_2.9.1-1sarge2_s390.deb Sun Sparc http://security.debian.org/pool/updates/main/l/lm-sensors/libsensors-dev_2.9.1-1sarge2_sparc.deb http://security.debian.org/pool/updates/main/l/lm-sensors/libsensors3_2.9.1-1sarge2_sparc.deb http://security.debian.org/pool/updates/main/l/lm-sensors/lm-sensors_2.9.1-1sarge2_sparc.deb http://security.debian.org/pool/updates/main/l/lm-sensors/sensord_2.9.1-1sarge2_sparc.deb Red Hat Red Hat Desktop (v. 4) / SRPMS lm_sensors-2.8.7-2.40.3.src.rpm Red Hat Desktop (v. 4) / IA-32 lm_sensors-2.8.7-2.40.3.i386.rpm lm_sensors-devel-2.8.7-2.40.3.i386.rpm Red Hat Desktop (v. 4) / x86_64 lm_sensors-2.8.7-2.40.3.i386.rpm lm_sensors-2.8.7-2.40.3.x86_64.rpm lm_sensors-devel-2.8.7-2.40.3.x86_64.rpm Red Hat Enterprise Linux AS (v. 4) / SRPMS lm_sensors-2.8.7-2.40.3.src.rpm Red Hat Enterprise Linux AS (v. 4) / IA-32 lm_sensors-2.8.7-2.40.3.i386.rpm lm_sensors-devel-2.8.7-2.40.3.i386.rpm Red Hat Enterprise Linux AS (v. 4) / IA-64 lm_sensors-2.8.7-2.40.3.i386.rpm Red Hat Enterprise Linux AS (v. 4) / x86_64 lm_sensors-2.8.7-2.40.3.i386.rpm lm_sensors-2.8.7-2.40.3.x86_64.rpm lm_sensors-devel-2.8.7-2.40.3.x86_64.rpm Red Hat Enterprise Linux ES (v. 4) / SRPMS lm_sensors-2.8.7-2.40.3.src.rpm Red Hat Enterprise Linux ES (v. 4) / IA-32 lm_sensors-2.8.7-2.40.3.i386.rpm lm_sensors-devel-2.8.7-2.40.3.i386.rpm Red Hat Enterprise Linux ES (v. 4) / IA-64 lm_sensors-2.8.7-2.40.3.i386.rpm Red Hat Enterprise Linux ES (v. 4) / x86_64 lm_sensors-2.8.7-2.40.3.i386.rpm lm_sensors-2.8.7-2.40.3.x86_64.rpm lm_sensors-devel-2.8.7-2.40.3.x86_64.rpm Red Hat Enterprise Linux WS (v. 4) / SRPMS lm_sensors-2.8.7-2.40.3.src.rpm Red Hat Enterprise Linux WS (v. 4) / IA-32 lm_sensors-2.8.7-2.40.3.i386.rpm lm_sensors-devel-2.8.7-2.40.3.i386.rpm Red Hat Enterprise Linux WS (v. 4) / IA-64 lm_sensors-2.8.7-2.40.3.i386.rpm Red Hat Enterprise Linux WS (v. 4) / x86_64 lm_sensors-2.8.7-2.40.3.i386.rpm lm_sensors-2.8.7-2.40.3.x86_64.rpm lm_sensors-devel-2.8.7-2.40.3.x86_64.rpm https://rhn.redhat.com/
Standar resources
Property	Value
CVE	CAN-2005-2672
BID
Other resources
Mandriva Security Advisories MDKSA-2005:149 http://www.mandriva.com/security/advisories?name=MDKSA-2005:149 Debian Security Advisory (DSA 814-1) http://lists.debian.org/debian-security-announce/debian-security-announce-2005/msg00204.html Red Hat Security Advisory (RHSA-2005:825-13) https://rhn.redhat.com/errata/RHSA-2005-825.html

Version history
Version	Comments	Date
1.0	Aviso emitido	2005-09-06
1.1	Aviso emitido por Debian (DSA 814-1)	2005-09-22
1.2	Aviso emitido por Red Hat (RHSA-2005:825-13)	2005-11-14

Vulnerability Bulletins

Vulnerabilidad en la creación de ficheros temporales en lm_sensors

Vulnerability classification

System information

Description

Solution

Standar resources

Other resources

Version history