Vulnerability Bulletins |
Aumento de privilegios en Pidgin |
|
Vulnerability classification |
|
| Property | Value |
| Confidence level | Oficial |
| Impact | Aumento de privilegios |
| Dificulty | Principiante |
| Required attacker level | Acceso remoto sin cuenta a un servicio estandar |
System information |
|
| Property | Value |
| Affected manufacturer | GNU/Linux |
| Affected software | Pidgin < 2.6.4 |
Description |
|
|
Se ha descubierto una vulnerabilidad de salto de directorio en Pidgin 2.6. La vulnerabilidad reside en un error en el fichero slp.c. Un atacante remoto podría acceder a ficheros arbitrarios mediante dos puntos (..) en un emoticono en el protocolo MSN. Exploit público disponible. |
|
Solution |
|
|
Actualización de software Red Hat (RHSA-2010:0044-1) RHEL Desktop Workstation (v. 5 cliente) RHEL Optional Productivity Applications (v. 5 servidor) RHEL Optional Productivity Applications EUS (v. 5.4.z servidor) Red Hat Desktop (v. 4) Red Hat Enterprise Linux AS (v. 4) Red Hat Enterprise Linux AS (v. 4.8.z) Red Hat Enterprise Linux Desktop (v. 5 client) Red Hat Enterprise Linux ES (v. 4) Red Hat Enterprise Linux ES (v. 4.8.z) Red Hat Enterprise Linux WS (v. 4) https://rhn.redhat.com/ Sun OpenSolaris builds snv_99 a snv_131 http://sunsolve.sun.com/pub-cgi/show.pl?target=patchpage |
|
Standar resources |
|
| Property | Value |
| CVE | CVE-2010-0013 |
| BID | 39603 |
Other resources |
|
|
Red Hat Security Advisory (RHSA-2010:0044-1) https://rhn.redhat.com/errata/RHSA-2010-0044.html Sun Alert Notification http://sunsolve.sun.com/search/document.do?assetkey=1-77-1022203.1-1 |
|
Version history |
||
| Version | Comments | Date |
| 1.0 | Aviso emitido | 2010-01-25 |
| 1.1 | Aviso emitido por Suse (SUSE-SR:2010:006) | 2010-03-18 |
| 1.2 | Aviso emitido por Sun | 2010-05-25 |