Vulnerability Bulletins |
Múltiples desbordamiento de búfer en OpenMotif |
|
Vulnerability classification |
|
Property | Value |
Confidence level | Oficial |
Impact | Obtener acceso |
Dificulty | Experto |
Required attacker level | Acceso remoto sin cuenta a un servicio exotico |
System information |
|
Property | Value |
Affected manufacturer | GNU/Linux |
Affected software | OpenMotif <= 2.2.3 |
Description |
|
Se han descubierto múltiples vulnerabilidades de desbordamientos de búfer en OpenMotif 2.2.3 y versiones anteriores. Las vulnerabilidades residen en libUil (libUil.so). Un atacante remoto podría ejecutar código arbitrario mediante llamadas a la función "diag_issue_diagnostic" de "UilDiags.c" y a la función "open_source_file" de "UilSrcSrc.c". |
|
Solution |
|
Actualización de software Red Hat (RHSA-2006:0272-8) Red Hat Desktop (v. 3) Red Hat Desktop (v. 4) Red Hat Enterprise Linux AS (v. 2.1) Red Hat Enterprise Linux AS (v. 3) Red Hat Enterprise Linux AS (v. 4) Red Hat Enterprise Linux ES (v. 2.1) Red Hat Enterprise Linux ES (v. 3) Red Hat Enterprise Linux ES (v. 4) Red Hat Enterprise Linux WS (v. 2.1) Red Hat Enterprise Linux WS (v. 3) Red Hat Enterprise Linux WS (v. 4) Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor https://rhn.redhat.com/ Red Hat (RHSA-2008:0261-4) Red Hat Network Satellite (v. 5.0 para RHEL 4) https://rhn.redhat.com/ SGI Advanced Linux Environment 3 / RPM / Patch 10302 ftp://oss.sgi.com/projects/sgi_propack/download/3/updates/RPMS Advanced Linux Environment 3 / SRPM / Patch 10302 ftp://oss.sgi.com/projects/sgi_propack/download/3/updates/SRPMS |
|
Standar resources |
|
Property | Value |
CVE | CVE-2005-3964 |
BID |
15684 15686 |
Other resources |
|
Red Hat Security Advisory (RHSA-2006:0272-8) https://rhn.redhat.com/errata/RHSA-2006-0272.html Red Hat Security Advisory (RHSA-2008:0261-4) http://rhn.redhat.com/errata/RHSA-2008-0261.html SGI Security Advisory (20060404-01-U) ftp://patches.sgi.com/support/free/security/advisories/20060404-01-U.asc |
Version history |
||
Version | Comments | Date |
1.0 | Aviso emitido | 2006-04-04 |
1.1 | Aviso emitido por SGI (20060404-01-U) | 2006-04-27 |
1.2 | Aviso emitido por Red Hat (RHSA-2008:0261-4) | 2008-05-21 |