Vulnerability Bulletins |
Revelación de contraseña en rdesktop usado conjuntamente con xscreensaver |
|
Vulnerability classification |
|
| Property | Value |
| Confidence level | Oficial |
| Impact | Aumento de la visibilidad |
| Dificulty | Experto |
| Required attacker level | Acceso remoto con cuenta |
System information |
|
| Property | Value |
| Affected manufacturer | GNU/Linux |
| Affected software | Rdesktop 1.3.1 |
Description |
|
| Se ha descubierto una vulnerabilidad en Rdesktop 1.3.1. La vulnerabilidad reside en que cuando es usado conjuntamente con xscreensaver < 4.18 no se libera el foco del teclado cuando xscreensaver empieza lo que provoca que el usuario introduzca la contraseña para desbloquear la pantalla en la ventana activa de Rdesktop. | |
Solution |
|
|
Actualización de software Mandriva Corporate Server 3.0 X86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/RPMS/xscreensaver-4.14-4.1.C30mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/RPMS/xscreensaver-extrusion-4.14-4.1.C30mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/RPMS/xscreensaver-gl-4.14-4.1.C30mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/SRPMS/xscreensaver-4.14-4.1.C30mdk.src.rpm X86_64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/3.0/RPMS/xscreensaver-4.14-4.1.C30mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/3.0/RPMS/xscreensaver-extrusion-4.14-4.1.C30mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/3.0/RPMS/xscreensaver-gl-4.14-4.1.C30mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/3.0/SRPMS/xscreensaver-4.14-4.1.C30mdk.src.rpm Red Hat Linux (RHSA-2006:0498-5) Red Hat Desktop (v. 3) Red Hat Enterprise Linux AS (v. 2.1) Red Hat Enterprise Linux AS (v. 3) Red Hat Enterprise Linux ES (v. 2.1) Red Hat Enterprise Linux ES (v. 3) Red Hat Enterprise Linux WS (v. 2.1) Red Hat Enterprise Linux WS (v. 3) Red Hat Linux Advanced Workstation 2.1 Itanium Processor https://rhn.redhat.com/ SGI Advanced Linux Environment 3 / RPM / Patch 10314 ftp://oss.sgi.com/projects/sgi_propack/download/3/updates/RPMS Advanced Linux Environment 3 / SRPM / Patch 10314 ftp://oss.sgi.com/projects/sgi_propack/download/3/updates/SRPMS Suse Linux Las actualizaciones pueden descargarse mediante YAST o del servidor FTP oficial de Suse Linux |
|
Standar resources |
|
| Property | Value |
| CVE | CVE-2004-2655 |
| BID | 17471 |
Other resources |
|
|
Mandriva Security Advisory (MDKSA-2006:071) http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:071 Red Hat Security Advisory RHSA-2006:0498-5 https://rhn.redhat.com/errata/RHSA-2006-0498.html SGI Security Advisory (20060602-01-U) ftp://patches.sgi.com/support/free/security/advisories/20060602-01-U.asc SUSE Security Summary Report SUSE-SR:2006:023 http://www.novell.com/linux/security/advisories/2006_23_sr.html |
|
Version history |
||
| Version | Comments | Date |
| 1.0 | Aviso emitido | 2006-04-18 |
| 1.1 | Aviso emitido por Red Hat (RHSA-2006:0498-5) | 2006-05-26 |
| 1.2 | Aviso emitido por SGI (20060602-01-U) | 2006-06-23 |
| 1.3 | Aviso emitido por SUSE (SUSE-SR:2006:023) | 2006-10-03 |