Vulnerability Bulletins |
Escalada de privilegios en modo local con el script runlpr de SuSE Linux |
|
Vulnerability classification |
|
| Property | Value |
| Confidence level | Oficial |
| Impact | Compromiso Root |
| Dificulty | Avanzado |
| Required attacker level | Acceso remoto sin cuenta a un servicio exotico |
System information |
|
| Property | Value |
| Affected manufacturer | GNU/Linux |
| Affected software | SuSE Linux 8.0, 8.1 |
Description |
|
| Se ha descubierto una vulnerabilidad en el script runlpr, parte del paquete lpdfilter propio de SuSE Linux. Su explotación permite la ejecución remota de comandos. | |
Solution |
|
|
Actualización de software SuSE Linux 8.0 Arquitectura Intel ftp://ftp.suse.com/pub/suse/i386/update/8.0/gra1/html2ps-1.0b3-456.i386.rpm ftp://ftp.suse.com/pub/suse/i386/update/8.0/ap1/lpdfilter-0.42-155.i386.rpm SRPMS ftp://ftp.suse.com/pub/suse/i386/update/8.0/zq1/html2ps-1.0b3-456.src.rpm ftp://ftp.suse.com/pub/suse/i386/update/8.0/zq1/lpdfilter-0.42-155.src.rpm SuSE Linux 8.1 Arquitectura Intel ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/i586/html2ps-1.0b3-458.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/i586/lpdfilter-0.43-63.i586.rpm SRPMS ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/src/html2ps-1.0b3-458.src.rpm ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/src/lpdfilter-0.43-63.src.rpm |
|
Standar resources |
|
| Property | Value |
| CVE | CAN-2002-1285 |
| BID | |
Other resources |
|
|
Bugtraq ID: 6077 http://online.securityfocus.com/bid/6077 SuSE Security Advisory 2002:040 http://www.suse.de/de/security/2002_040_lprng_html2ps.html |
|
Version history |
||
| Version | Comments | Date |
| 1.0 | Aviso emitido | 2003-11-05 |