int(1833)

Vulnerability Bulletins


Inyección de comandos shell en Mozilla/Firefox/Thunderbird

Vulnerability classification

Property Value
Confidence level Oficial
Impact Obtener acceso
Dificulty Principiante
Required attacker level Acceso remoto sin cuenta a un servicio estandar

System information

Property Value
Affected manufacturer GNU/Linux
Affected software Mozilla < 1.7.12
Firefox <= 1.0.6
Thunderbird <= 1.0.6

Description

Se ha descubierto una vulnerabilidad en Mozilla Suite, Firefox y Thunderbird. La vulnerabilidad reside en un error de validación de entrada en el shell script usado para cargar estos programas, ya que interpreta comandos shell que estén entre comillas simples (backticks) en la URL que se indica por línea de comandos.

La explotación de esta vulnerabilidad podría permitir a un atacante remoto ejecutar comandos arbitrarios mediante un enlace Web o "mailto:" especialmente diseñado que la víctima debe seguir con un producto vulnerable.

Esta vulnerabilidad solo puede ser explotada en sistemas Unix / Linux. El hecho de tener configurados Mozilla Firefox y Mozilla Thunderbird como clientes Web y de correo por defecto facilitan la explotación de esta vulnerabilidad.

Solution



Actualización de software

Mozilla
Actualizar a versión 1.7.12
http://www.mozilla.org/products/mozilla1.x/

Firefox
Actualizar a versión 1.0.7
http://www.mozilla.org/products/firefox/

Thunderbird
No existen parches actualmente.

Red Hat (firefox)

Red Hat Desktop (v. 4) / SRPMS
firefox-1.0.7-1.4.1.src.rpm

Red Hat Desktop (v. 4) / IA-32
firefox-1.0.7-1.4.1.i386.rpm

Red Hat Desktop (v. 4) / x86_64
firefox-1.0.7-1.4.1.x86_64.rpm

Red Hat Enterprise Linux AS (v. 4) / SRPMS
firefox-1.0.7-1.4.1.src.rpm

Red Hat Enterprise Linux AS (v. 4) / IA-32
firefox-1.0.7-1.4.1.i386.rpm

Red Hat Enterprise Linux AS (v. 4) / IA-64
firefox-1.0.7-1.4.1.ia64.rpm

Red Hat Enterprise Linux AS (v. 4) / PPC
firefox-1.0.7-1.4.1.ppc.rpm

Red Hat Enterprise Linux AS (v. 4) / s390
firefox-1.0.7-1.4.1.s390.rpm

Red Hat Enterprise Linux AS (v. 4) / s390x
firefox-1.0.7-1.4.1.s390x.rpm

Red Hat Enterprise Linux AS (v. 4) / x86_64
firefox-1.0.7-1.4.1.x86_64.rpm

Red Hat Enterprise Linux ES (v. 4) / SRPMS
firefox-1.0.7-1.4.1.src.rpm

Red Hat Enterprise Linux ES (v. 4) / IA-32
firefox-1.0.7-1.4.1.i386.rpm

Red Hat Enterprise Linux ES (v. 4) / IA-64
firefox-1.0.7-1.4.1.ia64.rpm

Red Hat Enterprise Linux ES (v. 4) / x86_64
firefox-1.0.7-1.4.1.x86_64.rpm

Red Hat Enterprise Linux WS (v. 4) / SRPMS
firefox-1.0.7-1.4.1.src.rpm

Red Hat Enterprise Linux WS (v. 4) / IA-32
firefox-1.0.7-1.4.1.i386.rpm

Red Hat Enterprise Linux WS (v. 4) / IA-64
firefox-1.0.7-1.4.1.ia64.rpm

Red Hat Enterprise Linux WS (v. 4) / x86_64
firefox-1.0.7-1.4.1.x86_64.rpm

Red Hat (Thunderbird)

Red Hat Desktop (v. 4) / SRPMS
thunderbird-1.0.7-1.4.1.src.rpm

Red Hat Desktop (v. 4) / IA-32
thunderbird-1.0.7-1.4.1.i386.rpm

Red Hat Desktop (v. 4) / x86_64
thunderbird-1.0.7-1.4.1.x86_64.rpm

Red Hat Enterprise Linux AS (v. 4) / SRPMS
thunderbird-1.0.7-1.4.1.src.rpm

Red Hat Enterprise Linux AS (v. 4) / IA-32
thunderbird-1.0.7-1.4.1.i386.rpm

Red Hat Enterprise Linux AS (v. 4) / IA-64
thunderbird-1.0.7-1.4.1.ia64.rpm

Red Hat Enterprise Linux AS (v. 4) / PPC
thunderbird-1.0.7-1.4.1.ppc.rpm

Red Hat Enterprise Linux AS (v. 4) / s390
thunderbird-1.0.7-1.4.1.s390.rpm

Red Hat Enterprise Linux AS (v. 4) / s390x
thunderbird-1.0.7-1.4.1.s390x.rpm

Red Hat Enterprise Linux AS (v. 4) / x86_64
thunderbird-1.0.7-1.4.1.x86_64.rpm

Red Hat Enterprise Linux ES (v. 4) / SRPMS
thunderbird-1.0.7-1.4.1.src.rpm

Red Hat Enterprise Linux ES (v. 4) / IA-32
thunderbird-1.0.7-1.4.1.i386.rpm

Red Hat Enterprise Linux ES (v. 4) / IA-64
thunderbird-1.0.7-1.4.1.ia64.rpm

Red Hat Enterprise Linux ES (v. 4) / x86_64
thunderbird-1.0.7-1.4.1.x86_64.rpm

Red Hat Enterprise Linux WS (v. 4) / SRPMS
thunderbird-1.0.7-1.4.1.src.rpm

Red Hat Enterprise Linux WS (v. 4) / IA-32
thunderbird-1.0.7-1.4.1.i386.rpm

Red Hat Enterprise Linux WS (v. 4) / IA-64
thunderbird-1.0.7-1.4.1.ia64.rpm

Red Hat Enterprise Linux WS (v. 4) / x86_64
thunderbird-1.0.7-1.4.1.x86_64.rpm

Mandriva (firefox)

Mandrivalinux LE2005
X86
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.2/RPMS/libnspr4-1.0.2-9.1.102mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.2/RPMS/libnspr4-devel-1.0.2-9.1.102mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.2/RPMS/libnss3-1.0.2-9.1.102mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.2/RPMS/libnss3-devel-1.0.2-9.1.102mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.2/RPMS/mozilla-firefox-1.0.2-9.1.102mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.2/RPMS/mozilla-firefox-devel-1.0.2-9.1.102mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.2/SRPMS/mozilla-firefox-1.0.2-9.1.102mdk.src.rpm
X86_64
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.2/RPMS/lib64nspr4-1.0.2-9.1.102mdk.x86_64.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.2/RPMS/lib64nspr4-devel-1.0.2-9.1.102mdk.x86_64.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.2/RPMS/libnspr4-1.0.2-9.1.102mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.2/RPMS/libnspr4-devel-1.0.2-9.1.102mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.2/RPMS/lib64nss3-1.0.2-9.1.102mdk.x86_64.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.2/RPMS/lib64nss3-devel-1.0.2-9.1.102mdk.x86_64.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.2/RPMS/libnss3-1.0.2-9.1.102mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.2/RPMS/libnss3-devel-1.0.2-9.1.102mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.2/RPMS/mozilla-firefox-1.0.2-9.1.102mdk.x86_64.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.2/RPMS/mozilla-firefox-devel-1.0.2-9.1.102mdk.x86_64.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.2/SRPMS/mozilla-firefox-1.0.2-9.1.102mdk.src.rpm

Mandriva Linux (Thunderbird)

Mandrivalinux LE2005
X86
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.2/RPMS/mozilla-thunderbird-1.0.2-5.1.102mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.2/RPMS/mozilla-thunderbird-devel-1.0.2-5.1.102mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.2/RPMS/mozilla-thunderbird-enigmail-1.0.2-5.1.102mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.2/RPMS/mozilla-thunderbird-enigmime-1.0.2-5.1.102mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.2/SRPMS/mozilla-thunderbird-1.0.2-5.1.102mdk.src.rpm
X86_64
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.2/RPMS/mozilla-thunderbird-1.0.2-5.1.102mdk.x86_64.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.2/RPMS/mozilla-thunderbird-devel-1.0.2-5.1.102mdk.x86_64.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.2/RPMS/mozilla-thunderbird-enigmail-1.0.2-5.1.102mdk.x86_64.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.2/RPMS/mozilla-thunderbird-enigmime-1.0.2-5.1.102mdk.x86_64.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.2/SRPMS/mozilla-thunderbird-1.0.2-5.1.102mdk.src.rpm

Mandrivalinux 2006
X86
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/RPMS/mozilla-thunderbird-1.0.6-7.1.20060mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/RPMS/mozilla-thunderbird-enigmail-1.0.6-7.1.20060mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/RPMS/mozilla-thunderbird-enigmime-1.0.6-7.1.20060mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/SRPMS/mozilla-thunderbird-1.0.6-7.1.20060mdk.src.rpm
X86_64
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/2006.0/RPMS/mozilla-thunderbird-1.0.6-7.1.20060mdk.x86_64.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/2006.0/RPMS/mozilla-thunderbird-enigmail-1.0.6-7.1.20060mdk.x86_64.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/2006.0/RPMS/mozilla-thunderbird-enigmime-1.0.6-7.1.20060mdk.x86_64.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/2006.0/SRPMS/mozilla-thunderbird-1.0.6-7.1.20060mdk.src.rpm

SCO
OpenServer 5.0.7
ftp://ftp.sco.com/pub/openserver5/507/mp/osr507mp4/osr507mp4_vol.tar

Standar resources

Property Value
CVE CAN-2005-2968
BID

Other resources

Bugzilla Bug 307185
https://bugzilla.mozilla.org/show_bug.cgi?id=307185

Secunia Advisory (SA16846)
http://secunia.com/advisories/16846/

Secunia Advisory (SA16869)
http://secunia.com/advisories/16869/

Secunia Advisory (SA16901)
http://secunia.com/advisories/16901/

Red Hat Security Advisory (RHSA-2005:785-9)
https://rhn.redhat.com/errata/RHSA-2005-785.html

Red Hat Security Advisory (RHSA-2005:791-8)
https://rhn.redhat.com/errata/RHSA-2005-791.html

Mandriva Security Advisory (MDKSA-2005:169)
http://www.mandriva.com/security/advisories?name=MDKSA-2005:169

Mandriva Security Advisory (MDKSA-2005:174)
http://www.mandriva.com/security/advisories?name=MDKSA-2005:174

SCO Security Advisory (SCOSA-2005.49)
ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt

Version history

Version Comments Date
1.0 Aviso emitido 2005-09-22
1.1 Aviso emitido por Red Hat (RHSA-2005:785-9). Aviso emitido por Mandriva (MDKSA-2005:169). 2005-09-27
1.2 Aviso emitido por Mandriva (MDKSA-2005:174) 2005-10-17
1.3 Aviso emitido por Red Hat (RHSA-2005:791-8) 2005-10-18
1.4 Aviso emitido por SCO (SCOSA-2005.49) 2005-11-28
Ministerio de Defensa
CNI
CCN
CCN-CERT