Vulnerability Bulletins |
Compromiso root en pwdutils |
|
Vulnerability classification |
|
| Property | Value |
| Confidence level | Oficial |
| Impact | Compromiso Root |
| Dificulty | Principiante |
| Required attacker level | Acceso remoto con cuenta |
System information |
|
| Property | Value |
| Affected manufacturer | GNU/Linux |
| Affected software | pwdutils |
Description |
|
|
Se ha descubierto una vulnerabilidad en pwdutils. La vulnerabilidad reside en el programa "chfn" que no comprueba correctamente los parámetros al cambiar el campo "GECOS". Un atacante local podría conseguir privilegios de root. Exploit público disponible. |
|
Solution |
|
|
Actualización de software Suse SUSE LINUX 10.0 / x86 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/pwdutils-3.0.4-4.2.i586.rpm SUSE LINUX 10.0 / Power PC ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/pwdutils-3.0.4-4.2.ppc.rpm SUSE LINUX 10.0 / x86-64 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/pwdutils-3.0.4-4.2.x86_64.rpm SUSE LINUX 10.0 / Sources ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/pwdutils-3.0.4-4.2.src.rpm SUSE LINUX 9.3 / x86 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/pwdutils-2.6.96-4.2.i586.rpm SUSE LINUX 9.3 / x86-64 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/pwdutils-2.6.96-4.2.x86_64.rpm SUSE LINUX 9.3 / Sources ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/src/pwdutils-2.6.96-4.2.src.rpm SUSE LINUX 9.2 / x86 ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/pwdutils-2.6.90-6.2.i586.rpm SUSE LINUX 9.2 / x86-64 ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/pwdutils-2.6.90-6.2.x86_64.rpm SUSE LINUX 9.2 / Sources ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/src/pwdutils-2.6.90-6.2.src.rpm SUSE LINUX 9.1 / x86 ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/pwdutils-2.6.4-2.18.3.i586.rpm SUSE LINUX 9.1 / x86-64 ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/pwdutils-2.6.4-2.18.3.x86_64.rpm SUSE LINUX 9.1 / Sources ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/src/pwdutils-2.6.4-2.18.3.src.rpm ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/src/pwdutils-2.6.4-2.18.3.src.rpm SuSE Linux 9.0 / x86 ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/shadow-4.0.3-267.i586.rpm SuSE Linux 9.0 / x86-64 ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/shadow-4.0.3-267.x86_64.rpm SuSE Linux 9.0 / Sources ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/src/shadow-4.0.3-267.src.rpm ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/src/shadow-4.0.3-267.src.rpm |
|
Standar resources |
|
| Property | Value |
| CVE | CVE-2005-3503 |
| BID | |
Other resources |
|
|
SUSE Security Advisory (SUSE-SA:2005:064) http://www.novell.com/linux/security/advisories/2005_64_pwdutils.html |
|
Version history |
||
| Version | Comments | Date |
| 1.0 | Aviso emitido | 2005-11-13 |
| 1.1 | CAN añadido. | 2005-12-02 |