Boletines de Vulnerabilidades |
Ejecución remota de código en Mozilla |
|
Clasificación de la vulnerabilidad |
|
Propiedad | Valor |
Nivel de Confianza | official+tested |
Impacto | Obtener acceso |
Dificultad | Principiante |
Requerimientos del atacante | Acceso remoto sin cuenta a un servicio exotico |
Información sobre el sistema |
|
Propiedad | Valor |
Fabricante afectado | GNU/Linux |
Software afectado | Mozilla <= 1.7.3 |
Descripción |
|
Se ha descubierto una vulnerabilidad en el manejo de código del protocolo NNTP en Mozilla. La vulnerabilidad, de desbordamiento de búfer, podría permitir a un atacante ejecutar código arbitrario en una máquina cliente mediante una URL especialmente diseñada. |
|
Solución |
|
Actualización de software Mozilla Actualice Mozilla a la versión 1.7.5 http://www.mozilla.org/releases/ Red Hat Linux Red Hat Desktop (v. 3) / SRPMS: mozilla-1.4.3-3.0.7.src.rpm Red Hat Desktop (v. 3) / IA-32: mozilla-1.4.3-3.0.7.i386.rpm mozilla-chat-1.4.3-3.0.7.i386.rpm mozilla-devel-1.4.3-3.0.7.i386.rpm mozilla-dom-inspector-1.4.3-3.0.7.i386.rpm mozilla-js-debugger-1.4.3-3.0.7.i386.rpm mozilla-mail-1.4.3-3.0.7.i386.rpm mozilla-nspr-1.4.3-3.0.7.i386.rpm mozilla-nspr-devel-1.4.3-3.0.7.i386.rpm mozilla-nss-1.4.3-3.0.7.i386.rpm mozilla-nss-devel-1.4.3-3.0.7.i386.rpm Red Hat Desktop (v. 3) / x86_64: mozilla-1.4.3-3.0.7.i386.rpm mozilla-1.4.3-3.0.7.x86_64.rpm mozilla-chat-1.4.3-3.0.7.x86_64.rpm mozilla-devel-1.4.3-3.0.7.x86_64.rpm mozilla-dom-inspector-1.4.3-3.0.7.x86_64.rpm mozilla-js-debugger-1.4.3-3.0.7.x86_64.rpm mozilla-mail-1.4.3-3.0.7.x86_64.rpm mozilla-nspr-1.4.3-3.0.7.i386.rpm mozilla-nspr-1.4.3-3.0.7.x86_64.rpm mozilla-nspr-devel-1.4.3-3.0.7.x86_64.rpm mozilla-nss-1.4.3-3.0.7.i386.rpm mozilla-nss-1.4.3-3.0.7.x86_64.rpm mozilla-nss-devel-1.4.3-3.0.7.x86_64.rpm Red Hat Enterprise Linux AS (v. 2.1) / SRPMS: mozilla-1.4.3-2.1.5.src.rpm Red Hat Enterprise Linux AS (v. 2.1) / IA-32: mozilla-1.4.3-2.1.5.i386.rpm mozilla-chat-1.4.3-2.1.5.i386.rpm mozilla-devel-1.4.3-2.1.5.i386.rpm mozilla-dom-inspector-1.4.3-2.1.5.i386.rpm mozilla-js-debugger-1.4.3-2.1.5.i386.rpm mozilla-mail-1.4.3-2.1.5.i386.rpm mozilla-nspr-1.4.3-2.1.5.i386.rpm mozilla-nspr-devel-1.4.3-2.1.5.i386.rpm mozilla-nss-1.4.3-2.1.5.i386.rpm mozilla-nss-devel-1.4.3-2.1.5.i386.rpm Red Hat Enterprise Linux AS (v. 2.1) / IA-64: mozilla-1.4.3-2.1.5.ia64.rpm mozilla-chat-1.4.3-2.1.5.ia64.rpm mozilla-devel-1.4.3-2.1.5.ia64.rpm mozilla-dom-inspector-1.4.3-2.1.5.ia64.rpm mozilla-js-debugger-1.4.3-2.1.5.ia64.rpm mozilla-mail-1.4.3-2.1.5.ia64.rpm mozilla-nspr-1.4.3-2.1.5.ia64.rpm mozilla-nspr-devel-1.4.3-2.1.5.ia64.rpm mozilla-nss-1.4.3-2.1.5.ia64.rpm mozilla-nss-devel-1.4.3-2.1.5.ia64.rpm Red Hat Enterprise Linux AS (v. 3) / SRPMS: mozilla-1.4.3-3.0.7.src.rpm Red Hat Enterprise Linux AS (v. 3) / IA-32: mozilla-1.4.3-3.0.7.i386.rpm mozilla-chat-1.4.3-3.0.7.i386.rpm mozilla-devel-1.4.3-3.0.7.i386.rpm mozilla-dom-inspector-1.4.3-3.0.7.i386.rpm mozilla-js-debugger-1.4.3-3.0.7.i386.rpm mozilla-mail-1.4.3-3.0.7.i386.rpm mozilla-nspr-1.4.3-3.0.7.i386.rpm mozilla-nspr-devel-1.4.3-3.0.7.i386.rpm mozilla-nss-1.4.3-3.0.7.i386.rpm mozilla-nss-devel-1.4.3-3.0.7.i386.rpm Red Hat Enterprise Linux AS (v. 3) / IA-64: mozilla-1.4.3-3.0.7.ia64.rpm mozilla-chat-1.4.3-3.0.7.ia64.rpm mozilla-devel-1.4.3-3.0.7.ia64.rpm mozilla-dom-inspector-1.4.3-3.0.7.ia64.rpm mozilla-js-debugger-1.4.3-3.0.7.ia64.rpm mozilla-mail-1.4.3-3.0.7.ia64.rpm mozilla-nspr-1.4.3-3.0.7.i386.rpm mozilla-nspr-1.4.3-3.0.7.ia64.rpm mozilla-nspr-devel-1.4.3-3.0.7.ia64.rpm mozilla-nss-1.4.3-3.0.7.i386.rpm mozilla-nss-1.4.3-3.0.7.ia64.rpm mozilla-nss-devel-1.4.3-3.0.7.ia64.rpm Red Hat Enterprise Linux AS (v. 3) / PPC: mozilla-1.4.3-3.0.7.ppc.rpm mozilla-chat-1.4.3-3.0.7.ppc.rpm mozilla-devel-1.4.3-3.0.7.ppc.rpm mozilla-dom-inspector-1.4.3-3.0.7.ppc.rpm mozilla-js-debugger-1.4.3-3.0.7.ppc.rpm mozilla-mail-1.4.3-3.0.7.ppc.rpm mozilla-nspr-1.4.3-3.0.7.ppc.rpm mozilla-nspr-devel-1.4.3-3.0.7.ppc.rpm mozilla-nss-1.4.3-3.0.7.ppc.rpm mozilla-nss-devel-1.4.3-3.0.7.ppc.rpm Red Hat Enterprise Linux AS (v. 3) / s390: mozilla-1.4.3-3.0.7.s390.rpm mozilla-chat-1.4.3-3.0.7.s390.rpm mozilla-devel-1.4.3-3.0.7.s390.rpm mozilla-dom-inspector-1.4.3-3.0.7.s390.rpm mozilla-js-debugger-1.4.3-3.0.7.s390.rpm mozilla-mail-1.4.3-3.0.7.s390.rpm mozilla-nspr-1.4.3-3.0.7.s390.rpm mozilla-nspr-devel-1.4.3-3.0.7.s390.rpm mozilla-nss-1.4.3-3.0.7.s390.rpm mozilla-nss-devel-1.4.3-3.0.7.s390.rpm Red Hat Enterprise Linux AS (v. 3) / s390x: mozilla-1.4.3-3.0.7.s390x.rpm mozilla-chat-1.4.3-3.0.7.s390x.rpm mozilla-devel-1.4.3-3.0.7.s390x.rpm mozilla-dom-inspector-1.4.3-3.0.7.s390x.rpm mozilla-js-debugger-1.4.3-3.0.7.s390x.rpm mozilla-mail-1.4.3-3.0.7.s390x.rpm mozilla-nspr-1.4.3-3.0.7.s390.rpm mozilla-nspr-1.4.3-3.0.7.s390x.rpm mozilla-nspr-devel-1.4.3-3.0.7.s390x.rpm mozilla-nss-1.4.3-3.0.7.s390.rpm mozilla-nss-1.4.3-3.0.7.s390x.rpm mozilla-nss-devel-1.4.3-3.0.7.s390x.rpm Red Hat Enterprise Linux AS (v. 3) / x86_64: mozilla-1.4.3-3.0.7.i386.rpm mozilla-1.4.3-3.0.7.x86_64.rpm mozilla-chat-1.4.3-3.0.7.x86_64.rpm mozilla-devel-1.4.3-3.0.7.x86_64.rpm mozilla-dom-inspector-1.4.3-3.0.7.x86_64.rpm mozilla-js-debugger-1.4.3-3.0.7.x86_64.rpm mozilla-mail-1.4.3-3.0.7.x86_64.rpm mozilla-nspr-1.4.3-3.0.7.i386.rpm mozilla-nspr-1.4.3-3.0.7.x86_64.rpm mozilla-nspr-devel-1.4.3-3.0.7.x86_64.rpm mozilla-nss-1.4.3-3.0.7.i386.rpm mozilla-nss-1.4.3-3.0.7.x86_64.rpm mozilla-nss-devel-1.4.3-3.0.7.x86_64.rpm Red Hat Enterprise Linux ES (v. 2.1) / SRPMS: mozilla-1.4.3-2.1.5.src.rpm Red Hat Enterprise Linux ES (v. 2.1) / IA-32: mozilla-1.4.3-2.1.5.i386.rpm mozilla-chat-1.4.3-2.1.5.i386.rpm mozilla-devel-1.4.3-2.1.5.i386.rpm mozilla-dom-inspector-1.4.3-2.1.5.i386.rpm mozilla-js-debugger-1.4.3-2.1.5.i386.rpm mozilla-mail-1.4.3-2.1.5.i386.rpm mozilla-nspr-1.4.3-2.1.5.i386.rpm mozilla-nspr-devel-1.4.3-2.1.5.i386.rpm mozilla-nss-1.4.3-2.1.5.i386.rpm mozilla-nss-devel-1.4.3-2.1.5.i386.rpm Red Hat Enterprise Linux ES (v. 3) / SRPMS: mozilla-1.4.3-3.0.7.src.rpm Red Hat Enterprise Linux ES (v. 3) / IA-32: mozilla-1.4.3-3.0.7.i386.rpm mozilla-chat-1.4.3-3.0.7.i386.rpm mozilla-devel-1.4.3-3.0.7.i386.rpm mozilla-dom-inspector-1.4.3-3.0.7.i386.rpm mozilla-js-debugger-1.4.3-3.0.7.i386.rpm mozilla-mail-1.4.3-3.0.7.i386.rpm mozilla-nspr-1.4.3-3.0.7.i386.rpm mozilla-nspr-devel-1.4.3-3.0.7.i386.rpm mozilla-nss-1.4.3-3.0.7.i386.rpm mozilla-nss-devel-1.4.3-3.0.7.i386.rpm Red Hat Enterprise Linux ES (v. 3) / IA-64: mozilla-1.4.3-3.0.7.ia64.rpm mozilla-chat-1.4.3-3.0.7.ia64.rpm mozilla-devel-1.4.3-3.0.7.ia64.rpm mozilla-dom-inspector-1.4.3-3.0.7.ia64.rpm mozilla-js-debugger-1.4.3-3.0.7.ia64.rpm mozilla-mail-1.4.3-3.0.7.ia64.rpm mozilla-nspr-1.4.3-3.0.7.i386.rpm mozilla-nspr-1.4.3-3.0.7.ia64.rpm mozilla-nspr-devel-1.4.3-3.0.7.ia64.rpm mozilla-nss-1.4.3-3.0.7.i386.rpm mozilla-nss-1.4.3-3.0.7.ia64.rpm mozilla-nss-devel-1.4.3-3.0.7.ia64.rpm Red Hat Enterprise Linux ES (v. 3) / x86_64: mozilla-1.4.3-3.0.7.i386.rpm mozilla-1.4.3-3.0.7.x86_64.rpm mozilla-chat-1.4.3-3.0.7.x86_64.rpm mozilla-devel-1.4.3-3.0.7.x86_64.rpm mozilla-dom-inspector-1.4.3-3.0.7.x86_64.rpm mozilla-js-debugger-1.4.3-3.0.7.x86_64.rpm mozilla-mail-1.4.3-3.0.7.x86_64.rpm mozilla-nspr-1.4.3-3.0.7.i386.rpm mozilla-nspr-1.4.3-3.0.7.x86_64.rpm mozilla-nspr-devel-1.4.3-3.0.7.x86_64.rpm mozilla-nss-1.4.3-3.0.7.i386.rpm mozilla-nss-1.4.3-3.0.7.x86_64.rpm mozilla-nss-devel-1.4.3-3.0.7.x86_64.rpm Red Hat Enterprise Linux WS (v. 2.1) / SRPMS: mozilla-1.4.3-2.1.5.src.rpm Red Hat Enterprise Linux WS (v. 2.1) / IA-32: mozilla-1.4.3-2.1.5.i386.rpm mozilla-chat-1.4.3-2.1.5.i386.rpm mozilla-devel-1.4.3-2.1.5.i386.rpm mozilla-dom-inspector-1.4.3-2.1.5.i386.rpm mozilla-js-debugger-1.4.3-2.1.5.i386.rpm mozilla-mail-1.4.3-2.1.5.i386.rpm mozilla-nspr-1.4.3-2.1.5.i386.rpm mozilla-nspr-devel-1.4.3-2.1.5.i386.rpm mozilla-nss-1.4.3-2.1.5.i386.rpm mozilla-nss-devel-1.4.3-2.1.5.i386.rpm Red Hat Enterprise Linux WS (v. 3) / SRPMS: mozilla-1.4.3-3.0.7.src.rpm Red Hat Enterprise Linux WS (v. 3) / IA-32: mozilla-1.4.3-3.0.7.i386.rpm mozilla-chat-1.4.3-3.0.7.i386.rpm mozilla-devel-1.4.3-3.0.7.i386.rpm mozilla-dom-inspector-1.4.3-3.0.7.i386.rpm mozilla-js-debugger-1.4.3-3.0.7.i386.rpm mozilla-mail-1.4.3-3.0.7.i386.rpm mozilla-nspr-1.4.3-3.0.7.i386.rpm mozilla-nspr-devel-1.4.3-3.0.7.i386.rpm mozilla-nss-1.4.3-3.0.7.i386.rpm mozilla-nss-devel-1.4.3-3.0.7.i386.rpm Red Hat Enterprise Linux WS (v. 3) / IA-64: mozilla-1.4.3-3.0.7.ia64.rpm mozilla-chat-1.4.3-3.0.7.ia64.rpm mozilla-devel-1.4.3-3.0.7.ia64.rpm mozilla-dom-inspector-1.4.3-3.0.7.ia64.rpm mozilla-js-debugger-1.4.3-3.0.7.ia64.rpm mozilla-mail-1.4.3-3.0.7.ia64.rpm mozilla-nspr-1.4.3-3.0.7.i386.rpm mozilla-nspr-1.4.3-3.0.7.ia64.rpm mozilla-nspr-devel-1.4.3-3.0.7.ia64.rpm mozilla-nss-1.4.3-3.0.7.i386.rpm mozilla-nss-1.4.3-3.0.7.ia64.rpm mozilla-nss-devel-1.4.3-3.0.7.ia64.rpm Red Hat Enterprise Linux WS (v. 3) / x86_64: mozilla-1.4.3-3.0.7.i386.rpm mozilla-1.4.3-3.0.7.x86_64.rpm mozilla-chat-1.4.3-3.0.7.x86_64.rpm mozilla-devel-1.4.3-3.0.7.x86_64.rpm mozilla-dom-inspector-1.4.3-3.0.7.x86_64.rpm mozilla-js-debugger-1.4.3-3.0.7.x86_64.rpm mozilla-mail-1.4.3-3.0.7.x86_64.rpm mozilla-nspr-1.4.3-3.0.7.i386.rpm mozilla-nspr-1.4.3-3.0.7.x86_64.rpm mozilla-nspr-devel-1.4.3-3.0.7.x86_64.rpm mozilla-nss-1.4.3-3.0.7.i386.rpm mozilla-nss-1.4.3-3.0.7.x86_64.rpm mozilla-nss-devel-1.4.3-3.0.7.x86_64.rpm Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor / SRPMS: mozilla-1.4.3-2.1.5.src.rpm Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor / IA-64: mozilla-1.4.3-2.1.5.ia64.rpm mozilla-chat-1.4.3-2.1.5.ia64.rpm mozilla-devel-1.4.3-2.1.5.ia64.rpm mozilla-dom-inspector-1.4.3-2.1.5.ia64.rpm mozilla-js-debugger-1.4.3-2.1.5.ia64.rpm mozilla-mail-1.4.3-2.1.5.ia64.rpm mozilla-nspr-1.4.3-2.1.5.ia64.rpm mozilla-nspr-devel-1.4.3-2.1.5.ia64.rpm mozilla-nss-1.4.3-2.1.5.ia64.rpm mozilla-nss-devel-1.4.3-2.1.5.ia64.rpm https://rhn.redhat.com/ Hewlett-Packard HP PA-RISC 11.0 / Mozilla 1.7.8.00 HP PA-RISC 11i v1 (11.11) / Mozilla 1.7.8.00 HP PA-RISC 11i v2 (11.23) / Mozilla 1.7.8.00 HP Integrity 11.22 (11i v1.6) / Mozilla 1.7.8.00 HP-UX 11.23 (11i v2) / Mozilla 1.7.8.00 http://www.hp.com/products1/unix/java/mozilla/index.html |
|
Identificadores estándar |
|
Propiedad | Valor |
CVE | CAN-2004-1316 |
BID | |
Recursos adicionales |
|
BUGTRAQ ARCHIVE 385709 http://www.securityfocus.com/archive/1/385709/2004-12-26/2005-01-01/0 Bugzilla Bug 264388 https://bugzilla.mozilla.org/show_bug.cgi?id=264388 Red Hat Linux Security advisory RHSA-2005:038-05 https://rhn.redhat.com/errata/RHSA-2005-038.html HP SECURITY BULLETIN HPSBTU01114 http://www4.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBTU01114 HP SECURITY BULLETIN SSRT5940 http://www5.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX01133 |
Histórico de versiones |
||
Versión | Comentario | Fecha |
1.0 | Aviso emitido | 2004-12-31 |
2.0 | Exploit público disponible | 2005-01-03 |
2.1 | Referencia CAN añadida. Aviso emitido por Red Hat Linux (RHSA-2005:038-05) | 2005-01-14 |
2.2 | Aviso emitido por HP (HPSBTU01114) | 2005-02-07 |
2.3 | Aviso emitido por HP (HPSBUX01133) | 2005-04-20 |
2.4 | Aviso actualizado por HP (SSRT5940) | 2005-10-11 |