Vulnerability Bulletins |
Vulnerabilidad en comando "shutdown" de Linux Mandrake |
|
Vulnerability classification |
|
| Property | Value |
| Confidence level | Oficial |
| Impact | Compromiso Root |
| Dificulty | Experto |
| Required attacker level | Acceso remoto con cuenta |
System information |
|
| Property | Value |
| Affected manufacturer | GNU/Linux |
| Affected software |
Mandrake 8.1 Mandrake 8.2 Mandrake 9.0 Mandrake Corporate Server 2.1 Mandrake Multi Network Firewall 8.2 |
Description |
|
| Se ha descubierto una vulnerabilidad en el comando /usr/bin/shutdown incluido en el paquete usermode, que permite a un usuario local del sistema terminar todos los processos que se están abiertos y ejecutar comandos con privilegios administrativos. Nótese que el usuario local debe tener el acceso habilitado a la consola para obtener acceso de superusuario al sistema. | |
Solution |
|
|
Actualización de software: Instále los parches de Mandrake concernientes a esta vulnerabilidad: ftp://ftp.linux.tucows.com/pub/distributions/Mandrake/Mandrake/updates Corporate Server 2.1 : corporate/2.1/RPMS/usermode-1.55-8.2mdk.i586.rpm corporate/2.1/RPMS/usermode-consoleonly-1.55-8.2mdk.i586.rpm Mandrake Linux 8.1 : 8.1/RPMS/usermode-1.42-8.2mdk.i586.rpm Mandrake Linux 8.1/ia64: ia64/8.1/RPMS/usermode-1.42-8.2mdk.ia64.rpm Mandrake Linux 8.2 : 8.2/RPMS/usermode-1.44-4.2mdk.i586.rpm 8.2/RPMS/usermode-consoleonly-1.44-4.2mdk.i586.rpm Mandrake Linux 8.2/ppc : ppc/8.2/RPMS/usermode-1.44-4.2mdk.ppc.rpm ppc/8.2/RPMS/usermode-consoleonly-1.44-4.2mdk.ppc.rpm Multi Network Firewall 8.2 : mnf8.2/RPMS/usermode-consoleonly-1.44-4.2mdk.i586.rpm |
|
Standar resources |
|
| Property | Value |
| CVE | |
| BID | |
Other resources |
|
|
Linux Mandrake security advisory MDKSA-2003:031-1 14/3/2003 http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:031 |
|
Version history |
||
| Version | Comments | Date |
| 1.0 | Aviso emitido | 2002-03-10 |