Vulnerability Bulletins |
Compromiso root en gfax |
|
Vulnerability classification |
|
| Property | Value |
| Confidence level | Oficial |
| Impact | Compromiso Root |
| Dificulty | Experto |
| Required attacker level | Acceso remoto sin cuenta a un servicio estandar |
System information |
|
| Property | Value |
| Affected manufacturer | GNU/Linux |
| Affected software | gfax |
Description |
|
|
Se ha encontrado una vulnerabilidad en gfax. La vulnerabilidad reside en el uso de archivos temporales de forma no segura. Un atacante remoto podría ejecutar comandos de forma arbitraria con privilegios de root. |
|
Solution |
|
|
Actualización de software Debian Debian Linux 3.1 Source http://security.debian.org/pool/updates/main/g/gfax/gfax_0.4.2.orig.tar.gz http://security.debian.org/pool/updates/main/g/gfax/gfax_0.4.2-11sarge1.diff.gz http://security.debian.org/pool/updates/main/g/gfax/gfax_0.4.2-11sarge1.dsc alpha http://security.debian.org/pool/updates/main/g/gfax/gfax_0.4.2-11sarge1_alpha.deb amd64 http://security.debian.org/pool/updates/main/g/gfax/gfax_0.4.2-11sarge1_amd64.deb arm http://security.debian.org/pool/updates/main/g/gfax/gfax_0.4.2-11sarge1_arm.deb i386 http://security.debian.org/pool/updates/main/g/gfax/gfax_0.4.2-11sarge1_i386.deb ia64 http://security.debian.org/pool/updates/main/g/gfax/gfax_0.4.2-11sarge1_ia64.deb m68k http://security.debian.org/pool/updates/main/g/gfax/gfax_0.4.2-11sarge1_m68k.deb s390 http://security.debian.org/pool/updates/main/g/gfax/gfax_0.4.2-11sarge1_s390.deb sparc http://security.debian.org/pool/updates/main/g/gfax/gfax_0.4.2-11sarge1_sparc.deb |
|
Standar resources |
|
| Property | Value |
| CVE | CVE-2007-2839 |
| BID | |
Other resources |
|
|
Debian Security Advisory (DSA 1329-1) http://lists.debian.org/debian-security-announce/debian-security-announce-2007/msg00090.html |
|
Version history |
||
| Version | Comments | Date |
| 1.0 | Aviso emitido | 2007-07-06 |