Boletines de Vulnerabilidades |
Ejecución remota de código en slocate |
|
Clasificación de la vulnerabilidad |
|
Propiedad | Valor |
Nivel de Confianza | Oficial |
Impacto | Integridad |
Dificultad | Experto |
Requerimientos del atacante | Acceso fisico |
Información sobre el sistema |
|
Propiedad | Valor |
Fabricante afectado | GNU/Linux |
Software afectado | slocate < 2.7 |
Descripción |
|
Se ha descubierto una vulnerabilidad en slocate. La vulnerabilidad reside en la forma en la que se procesa rutas de acceso muy largas. La explotación de esta vulnerabilidad podría permitir a un atacante local prevenir que updatedb complete el escaneo del sistema de ficheros, lo que resultaría en una base de datos incompleta. |
|
Solución |
|
Actualización de software Mandriva Linux Mandrakelinux 10.0/X86 10.0/RPMS/slocate-2.7-4.1.100mdk.i586.rpm 10.0/SRPMS/slocate-2.7-4.1.100mdk.src.rpm Mandrakelinux 10.0/AMD64 amd64/10.0/RPMS/slocate-2.7-4.1.100mdk.amd64.rpm amd64/10.0/SRPMS/slocate-2.7-4.1.100mdk.src.rpm Mandrakelinux 10.1/X86 10.1/RPMS/slocate-2.7-4.1.101mdk.i586.rpm 10.1/SRPMS/slocate-2.7-4.1.101mdk.src.rpm Mandrakelinux 10.1/X86_64 x86_64/10.1/RPMS/slocate-2.7-4.1.101mdk.x86_64.rpm x86_64/10.1/SRPMS/slocate-2.7-4.1.101mdk.src.rpm Corporate Server 2.1/X86 corporate/2.1/RPMS/slocate-2.7-2.2.C21mdk.i586.rpm corporate/2.1/SRPMS/slocate-2.7-2.2.C21mdk.src.rpm Corporate Server 2.1/X86_64 x86_64/corporate/2.1/RPMS/slocate-2.7-2.2.C21mdk.x86_64.rpm x86_64/corporate/2.1/SRPMS/slocate-2.7-2.2.C21mdk.src.rpm Corporate Server 3.0/X86 corporate/3.0/RPMS/slocate-2.7-4.1.C30mdk.i586.rpm corporate/3.0/SRPMS/slocate-2.7-4.1.C30mdk.src.rpm Corporate Server 3.0/X86_64 x86_64/corporate/3.0/RPMS/slocate-2.7-4.1.C30mdk.x86_64.rpm x86_64/corporate/3.0/SRPMS/slocate-2.7-4.1.C30mdk.src.rpm Mandrivalinux LE2005/X86 10.2/RPMS/slocate-2.7-4.1.102mdk.i586.rpm 10.2/SRPMS/slocate-2.7-4.1.102mdk.src.rpm Mandrivalinux LE2005/X86_64 x86_64/10.2/RPMS/slocate-2.7-4.1.102mdk.x86_64.rpm x86_64/10.2/SRPMS/slocate-2.7-4.1.102mdk.src.rpm Red Hat Linux Red Hat Enterprise Linux AS (v. 2.1)/SRPMS slocate-2.7-1.el2.1.src.rpm Red Hat Enterprise Linux AS (v. 2.1)/IA-32 slocate-2.7-1.el2.1.i386.rpm Red Hat Enterprise Linux AS (v. 2.1)/IA-64 slocate-2.7-1.el2.1.ia64.rpm Red Hat Enterprise Linux ES (v. 2.1)/SRPMS slocate-2.7-1.el2.1.src.rpm Red Hat Enterprise Linux ES (v. 2.1)/IA-32 slocate-2.7-1.el2.1.i386.rpm Red Hat Enterprise Linux WS (v. 2.1)/SRPMS slocate-2.7-1.el2.1.src.rpm Red Hat Enterprise Linux WS (v. 2.1)/IA-32 slocate-2.7-1.el2.1.i386.rpm Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor/SRPMS slocate-2.7-1.el2.1.src.rpm Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor/IA-64 slocate-2.7-1.el2.1.ia64.rpm Red Hat Desktop (v. 3) / SRPMS slocate-2.7-3.RHEL3.6.src.rpm Red Hat Desktop (v. 3) / IA-32 slocate-2.7-3.RHEL3.6.i386.rpm Red Hat Desktop (v. 3) / x86_64 slocate-2.7-3.RHEL3.6.x86_64.rpm Red Hat Enterprise Linux AS (v. 3) / SRPMS slocate-2.7-3.RHEL3.6.src.rpm Red Hat Enterprise Linux AS (v. 3) / IA-32 slocate-2.7-3.RHEL3.6.i386.rpm Red Hat Enterprise Linux AS (v. 3) / IA-64 slocate-2.7-3.RHEL3.6.ia64.rpm Red Hat Enterprise Linux AS (v. 3) / PPC slocate-2.7-3.RHEL3.6.ppc.rpm Red Hat Enterprise Linux AS (v. 3) / s390 slocate-2.7-3.RHEL3.6.s390.rpm Red Hat Enterprise Linux AS (v. 3) / s390x slocate-2.7-3.RHEL3.6.s390x.rpm Red Hat Enterprise Linux AS (v. 3) / x86_64 slocate-2.7-3.RHEL3.6.x86_64.rpm Red Hat Enterprise Linux ES (v. 3) / SRPMS slocate-2.7-3.RHEL3.6.src.rpm Red Hat Enterprise Linux ES (v. 3) / IA-32 slocate-2.7-3.RHEL3.6.i386.rpm Red Hat Enterprise Linux ES (v. 3) / IA-64 slocate-2.7-3.RHEL3.6.ia64.rpm Red Hat Enterprise Linux ES (v. 3) / x86_64 slocate-2.7-3.RHEL3.6.x86_64.rpm Red Hat Enterprise Linux WS (v. 3) / SRPMS slocate-2.7-3.RHEL3.6.src.rpm Red Hat Enterprise Linux WS (v. 3) / IA-32 slocate-2.7-3.RHEL3.6.i386.rpm Red Hat Enterprise Linux WS (v. 3) / IA-64 slocate-2.7-3.RHEL3.6.ia64.rpm Red Hat Enterprise Linux WS (v. 3) / x86_64 slocate-2.7-3.RHEL3.6.x86_64.rpm Red Hat Desktop (v. 4) / SRPMS slocate-2.7-13.el4.6.src.rpm Red Hat Desktop (v. 4) / IA-32 slocate-2.7-13.el4.6.i386.rpm Red Hat Desktop (v. 4) / x86_64 slocate-2.7-13.el4.6.x86_64.rpm Red Hat Enterprise Linux AS (v. 4) / SRPMS slocate-2.7-13.el4.6.src.rpm Red Hat Enterprise Linux AS (v. 4) / IA-32 slocate-2.7-13.el4.6.i386.rpm Red Hat Enterprise Linux AS (v. 4) / IA-64 slocate-2.7-13.el4.6.ia64.rpm Red Hat Enterprise Linux AS (v. 4) / PPC slocate-2.7-13.el4.6.ppc.rpm Red Hat Enterprise Linux AS (v. 4) / s390 slocate-2.7-13.el4.6.s390.rpm Red Hat Enterprise Linux AS (v. 4) / s390x slocate-2.7-13.el4.6.s390x.rpm Red Hat Enterprise Linux AS (v. 4) / x86_64 slocate-2.7-13.el4.6.x86_64.rpm Red Hat Enterprise Linux ES (v. 4) / SRPMS slocate-2.7-13.el4.6.src.rpm Red Hat Enterprise Linux ES (v. 4) / IA-32 slocate-2.7-13.el4.6.i386.rpm Red Hat Enterprise Linux ES (v. 4) / IA-64 slocate-2.7-13.el4.6.ia64.rpm Red Hat Enterprise Linux ES (v. 4) / x86_64 slocate-2.7-13.el4.6.x86_64.rpm Red Hat Enterprise Linux WS (v. 4) / SRPMS slocate-2.7-13.el4.6.src.rpm Red Hat Enterprise Linux WS (v. 4) / IA-32 slocate-2.7-13.el4.6.i386.rpm Red Hat Enterprise Linux WS (v. 4) / IA-64 slocate-2.7-13.el4.6.ia64.rpm Red Hat Enterprise Linux WS (v. 4) / x86_64 slocate-2.7-13.el4.6.x86_64.rpm SGI Advanced Linux Environment 3 / RPM / Patch 10227 ftp://oss.sgi.com/projects/sgi_propack/download/3/updates/RPMS Advanced Linux Environment 3 / SRPM / Patch 10227 ftp://oss.sgi.com/projects/sgi_propack/download/3/updates/SRPMS |
|
Identificadores estándar |
|
Propiedad | Valor |
CVE | CAN-2005-2499 |
BID | |
Recursos adicionales |
|
Mandriva Security Advisories MDKSA-2005:147 http://www.mandriva.com/security/advisories?name=MDKSA-2005:147 Red Hat Security Advisory RHSA-2005:747-09 https://rhn.redhat.com/errata/RHSA-2005-747.html Red Hat Security Advisory (RHSA-2005:345-24) https://rhn.redhat.com/errata/RHSA-2005-345.html Red Hat Security Advisory (RHSA-2005:346-19) https://rhn.redhat.com/errata/RHSA-2005-346.html SGI Security Advisory (20051002-01-U) ftp://patches.sgi.com/support/free/security/advisories/20051002-01-U.asc |
Histórico de versiones |
||
Versión | Comentario | Fecha |
1.0 | Aviso emitido | 2005-08-31 |
1.1 | Aviso emitido por Red Hat (RHSA-2005:345-24) | 2005-10-04 |
1.2 | Aviso emitido por Red Hat (RHSA-2005:346-19) | 2005-10-17 |
1.3 | Aviso emitido por SGI (20051002-01-U) | 2005-10-21 |