Vulnerability Bulletins

int(826)

Vulnerability Bulletins

Desbordamiento de búfer en xpcd
Vulnerability classification
Property	Value
Confidence level	Oficial
Impact	Compromiso Root
Dificulty	Experto
Required attacker level	Acceso remoto con cuenta
System information
Property	Value
Affected manufacturer	GNU/Linux
Affected software	xpcd < 2.08
Description
Se ha descubierto una vulnerabilidad de desbordamiento de búfer en un componente de xpcd. La vulnerabilidad reside en xpcd-svga, una parte de xpcd que usa svgalib para mostrar gráficos en la consola y su explotación podría permitir a un atacante local aumentar sus privilegios.
Solution
Actualización de software Debian Linux Debian Linux 3.0 Source http://security.debian.org/pool/updates/main/x/xpcd/xpcd_2.08-8woody1.dsc http://security.debian.org/pool/updates/main/x/xpcd/xpcd_2.08-8woody1.diff.gz http://security.debian.org/pool/updates/main/x/xpcd/xpcd_2.08.orig.tar.gz Alpha http://security.debian.org/pool/updates/main/x/xpcd/xpcd_2.08-8woody2_alpha.deb http://security.debian.org/pool/updates/main/x/xpcd/xpcd-gimp_2.08-8woody2_alpha.deb ARM http://security.debian.org/pool/updates/main/x/xpcd/xpcd_2.08-8woody2_arm.deb http://security.debian.org/pool/updates/main/x/xpcd/xpcd-gimp_2.08-8woody2_arm.deb Intel IA-32 http://security.debian.org/pool/updates/main/x/xpcd/xpcd_2.08-8woody1_i386.deb http://security.debian.org/pool/updates/main/x/xpcd/xpcd-gimp_2.08-8woody1_i386.deb http://security.debian.org/pool/updates/main/x/xpcd/xpcd-svga_2.08-8woody1_i386.deb Intel IA-64 http://security.debian.org/pool/updates/main/x/xpcd/xpcd_2.08-8woody1_ia64.deb http://security.debian.org/pool/updates/main/x/xpcd/xpcd-gimp_2.08-8woody1_ia64.deb HP Precision http://security.debian.org/pool/updates/main/x/xpcd/xpcd_2.08-8woody2_hppa.deb http://security.debian.org/pool/updates/main/x/xpcd/xpcd-gimp_2.08-8woody2_hppa.deb Motorola 680x0 http://security.debian.org/pool/updates/main/x/xpcd/xpcd_2.08-8woody1_m68k.deb http://security.debian.org/pool/updates/main/x/xpcd/xpcd-gimp_2.08-8woody1_m68k.deb Big endian MIPS http://security.debian.org/pool/updates/main/x/xpcd/xpcd_2.08-8woody1_mips.deb http://security.debian.org/pool/updates/main/x/xpcd/xpcd-gimp_2.08-8woody1_mips.deb Little endian MIPS http://security.debian.org/pool/updates/main/x/xpcd/xpcd_2.08-8woody1_mipsel.deb http://security.debian.org/pool/updates/main/x/xpcd/xpcd-gimp_2.08-8woody1_mipsel.deb PowerPC http://security.debian.org/pool/updates/main/x/xpcd/xpcd_2.08-8woody1_powerpc.deb http://security.debian.org/pool/updates/main/x/xpcd/xpcd-gimp_2.08-8woody1_powerpc.deb IBM S/390 http://security.debian.org/pool/updates/main/x/xpcd/xpcd_2.08-8woody1_s390.deb http://security.debian.org/pool/updates/main/x/xpcd/xpcd-gimp_2.08-8woody1_s390.deb Sun Sparc http://security.debian.org/pool/updates/main/x/xpcd/xpcd_2.08-8woody1_sparc.deb http://security.debian.org/pool/updates/main/x/xpcd/xpcd-gimp_2.08-8woody1_sparc.deb Mandrake Linux Mandrakelinux 9.2 i386 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.2/RPMS/xpcd-2.08-20.1.92mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.2/RPMS/xpcd-gimp-2.08-20.1.92mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.2/SRPMS/xpcd-2.08-20.1.92mdk.src.rpm AMD64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/9.2/RPMS/xpcd-2.08-20.1.92mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/9.2/RPMS/xpcd-gimp-2.08-20.1.92mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/9.2/SRPMS/xpcd-2.08-20.1.92mdk.src.rpm Mandrakelinux 10.0 i386 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/xpcd-2.08-20.1.100mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/xpcd-gimp-2.08-20.1.100mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/SRPMS/xpcd-2.08-20.1.100mdk.src.rpm AMD64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/xpcd-2.08-20.1.100mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/xpcd-gimp-2.08-20.1.100mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/SRPMS/xpcd-2.08-20.1.100mdk.src.rpm
Standar resources
Property	Value
CVE	CAN-2004-0402
BID
Other resources
Debian Security Advisory DSA 508-1 http://lists.debian.org/debian-security-announce/debian-security-announce-2004/msg00108.html Mandrakesoft Security Advisories MDKSA-2004:053 http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:053

Version history
Version	Comments	Date
1.0	Aviso emitido	2004-05-24
1.1	Aviso emitido por Mandrake (MDKSA-2004:053)	2004-06-02

Vulnerability Bulletins

Desbordamiento de búfer en xpcd

Vulnerability classification

System information

Description

Solution

Standar resources

Other resources

Version history