Vulnerability Bulletins

int(964)

Vulnerability Bulletins

Creación insegura de archivos temporales en shorewall
Vulnerability classification
Property	Value
Confidence level	Oficial
Impact	Aumento de privilegios
Dificulty	Avanzado
Required attacker level	Acceso remoto con cuenta
System information
Property	Value
Affected manufacturer	GNU/Linux
Affected software	Shorewall 2.0 < 2.0.3a Shorewall 1.4 < 1.4.10f
Description
Existe una vulnerabilidad en el paquete shorewall al crear archivos y directorios temporales, que podría permitir a usuarios comunes sobreescribir archivos en el sistema.
Solution
Si lo desea, aplique los mecanismos de actualización propios de su sistema, o bien descargue las fuentes del software y compílelo usted mismo. Actualización de software Shorewall Usuarios de la rama 2.0: actualización a la versión 2.0.3a http://shorewall.net/pub/shorewall/shorewall-2.0.3a ftp://shorewall.net/pub/shorewall/shorewall-2.0.3a Usuarios de la rama 1.4: actualización a la versión 1.4.10f http://shorewall.net/pub/shorewall/shorewall-1.4.10f ftp://shorewall.net/pub/shorewall/shorewall-1.4.10f Mandrake Linux Mandrakelinux 9.1 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.1/RPMS/shorewall-1.3.14-3.1.91mdk.noarch.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.1/RPMS/shorewall-doc-1.3.14-3.1.91mdk.noarch.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.1/SRPMS/shorewall-1.3.14-3.1.91mdk.src.rpm Mandrakelinux 9.1/PPC ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/ppc/9.1/RPMS/shorewall-1.3.14-3.1.91mdk.noarch.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/ppc/9.1/RPMS/shorewall-doc-1.3.14-3.1.91mdk.noarch.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/ppc/9.1/SRPMS/shorewall-1.3.14-3.1.91mdk.src.rpm Mandrakelinux 9.2 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.2/RPMS/shorewall-1.4.8-2.2.92mdk.noarch.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.2/RPMS/shorewall-doc-1.4.8-2.2.92mdk.noarch.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.2/SRPMS/shorewall-1.4.8-2.2.92mdk.src.rpm Mandrakelinux 9.2/AMD64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/9.2/RPMS/shorewall-1.4.8-2.2.92mdk.noarch.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/9.2/RPMS/shorewall-doc-1.4.8-2.2.92mdk.noarch.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/9.2/SRPMS/shorewall-1.4.8-2.2.92mdk.src.rpm Mandrakelinux 10.0 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/shorewall-2.0.1-3.2.100mdk.noarch.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/shorewall-doc-2.0.1-3.2.100mdk.noarch.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/SRPMS/shorewall-2.0.1-3.2.100mdk.src.rpm Mandrakelinux 10.0/AMD64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/shorewall-2.0.1-3.2.100mdk.noarch.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/shorewall-doc-2.0.1-3.2.100mdk.noarch.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/SRPMS/shorewall-2.0.1-3.2.100mdk.src.rpm Multi Network Firewall 8.2 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/mnf8.2/RPMS/shorewall-1.3.11-1.2.M82mdk.noarch.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/mnf8.2/SRPMS/shorewall-1.3.11-1.2.M82mdk.src.rpm Corporate Server 2.1 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/2.1/RPMS/shorewall-1.3.7c-1.1.C21mdk.noarch.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/2.1/RPMS/shorewall-doc-1.3.7c-1.1.C21mdk.noarch.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/2.1/SRPMS/shorewall-1.3.7c-1.1.C21mdk.src.rpm Corporate Server 2.1/X86_64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/2.1/RPMS/shorewall-1.3.7c-1.1.C21mdk.noarch.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/2.1/RPMS/shorewall-doc-1.3.7c-1.1.C21mdk.noarch.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/2.1/SRPMS/shorewall-1.3.7c-1.1.C21mdk.src.rpm
Standar resources
Property	Value
CVE
BID
Other resources
[Shorewall-announce] URGENT: Shorewall Security Vulnerability http://lists.shorewall.net/pipermail/shorewall-announce/2004-June/000385.html Mandrake Security Advisory MDKSA-2004:080 http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:080

Version history
Version	Comments	Date
1.0	Aviso emitido	2004-08-11

Vulnerability Bulletins

Creación insegura de archivos temporales en shorewall

Vulnerability classification

System information

Description

Solution

Standar resources

Other resources

Version history