Boletines de Vulnerabilidades

int(1775)

Boletines de Vulnerabilidades

Ejecución remota de código en slocate
Clasificación de la vulnerabilidad
Propiedad	Valor
Nivel de Confianza	Oficial
Impacto	Integridad
Dificultad	Experto
Requerimientos del atacante	Acceso fisico
Información sobre el sistema
Propiedad	Valor
Fabricante afectado	GNU/Linux
Software afectado	slocate < 2.7
Descripción
Se ha descubierto una vulnerabilidad en slocate. La vulnerabilidad reside en la forma en la que se procesa rutas de acceso muy largas. La explotación de esta vulnerabilidad podría permitir a un atacante local prevenir que updatedb complete el escaneo del sistema de ficheros, lo que resultaría en una base de datos incompleta.
Solución
Actualización de software Mandriva Linux Mandrakelinux 10.0/X86 10.0/RPMS/slocate-2.7-4.1.100mdk.i586.rpm 10.0/SRPMS/slocate-2.7-4.1.100mdk.src.rpm Mandrakelinux 10.0/AMD64 amd64/10.0/RPMS/slocate-2.7-4.1.100mdk.amd64.rpm amd64/10.0/SRPMS/slocate-2.7-4.1.100mdk.src.rpm Mandrakelinux 10.1/X86 10.1/RPMS/slocate-2.7-4.1.101mdk.i586.rpm 10.1/SRPMS/slocate-2.7-4.1.101mdk.src.rpm Mandrakelinux 10.1/X86_64 x86_64/10.1/RPMS/slocate-2.7-4.1.101mdk.x86_64.rpm x86_64/10.1/SRPMS/slocate-2.7-4.1.101mdk.src.rpm Corporate Server 2.1/X86 corporate/2.1/RPMS/slocate-2.7-2.2.C21mdk.i586.rpm corporate/2.1/SRPMS/slocate-2.7-2.2.C21mdk.src.rpm Corporate Server 2.1/X86_64 x86_64/corporate/2.1/RPMS/slocate-2.7-2.2.C21mdk.x86_64.rpm x86_64/corporate/2.1/SRPMS/slocate-2.7-2.2.C21mdk.src.rpm Corporate Server 3.0/X86 corporate/3.0/RPMS/slocate-2.7-4.1.C30mdk.i586.rpm corporate/3.0/SRPMS/slocate-2.7-4.1.C30mdk.src.rpm Corporate Server 3.0/X86_64 x86_64/corporate/3.0/RPMS/slocate-2.7-4.1.C30mdk.x86_64.rpm x86_64/corporate/3.0/SRPMS/slocate-2.7-4.1.C30mdk.src.rpm Mandrivalinux LE2005/X86 10.2/RPMS/slocate-2.7-4.1.102mdk.i586.rpm 10.2/SRPMS/slocate-2.7-4.1.102mdk.src.rpm Mandrivalinux LE2005/X86_64 x86_64/10.2/RPMS/slocate-2.7-4.1.102mdk.x86_64.rpm x86_64/10.2/SRPMS/slocate-2.7-4.1.102mdk.src.rpm Red Hat Linux Red Hat Enterprise Linux AS (v. 2.1)/SRPMS slocate-2.7-1.el2.1.src.rpm Red Hat Enterprise Linux AS (v. 2.1)/IA-32 slocate-2.7-1.el2.1.i386.rpm Red Hat Enterprise Linux AS (v. 2.1)/IA-64 slocate-2.7-1.el2.1.ia64.rpm Red Hat Enterprise Linux ES (v. 2.1)/SRPMS slocate-2.7-1.el2.1.src.rpm Red Hat Enterprise Linux ES (v. 2.1)/IA-32 slocate-2.7-1.el2.1.i386.rpm Red Hat Enterprise Linux WS (v. 2.1)/SRPMS slocate-2.7-1.el2.1.src.rpm Red Hat Enterprise Linux WS (v. 2.1)/IA-32 slocate-2.7-1.el2.1.i386.rpm Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor/SRPMS slocate-2.7-1.el2.1.src.rpm Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor/IA-64 slocate-2.7-1.el2.1.ia64.rpm Red Hat Desktop (v. 3) / SRPMS slocate-2.7-3.RHEL3.6.src.rpm Red Hat Desktop (v. 3) / IA-32 slocate-2.7-3.RHEL3.6.i386.rpm Red Hat Desktop (v. 3) / x86_64 slocate-2.7-3.RHEL3.6.x86_64.rpm Red Hat Enterprise Linux AS (v. 3) / SRPMS slocate-2.7-3.RHEL3.6.src.rpm Red Hat Enterprise Linux AS (v. 3) / IA-32 slocate-2.7-3.RHEL3.6.i386.rpm Red Hat Enterprise Linux AS (v. 3) / IA-64 slocate-2.7-3.RHEL3.6.ia64.rpm Red Hat Enterprise Linux AS (v. 3) / PPC slocate-2.7-3.RHEL3.6.ppc.rpm Red Hat Enterprise Linux AS (v. 3) / s390 slocate-2.7-3.RHEL3.6.s390.rpm Red Hat Enterprise Linux AS (v. 3) / s390x slocate-2.7-3.RHEL3.6.s390x.rpm Red Hat Enterprise Linux AS (v. 3) / x86_64 slocate-2.7-3.RHEL3.6.x86_64.rpm Red Hat Enterprise Linux ES (v. 3) / SRPMS slocate-2.7-3.RHEL3.6.src.rpm Red Hat Enterprise Linux ES (v. 3) / IA-32 slocate-2.7-3.RHEL3.6.i386.rpm Red Hat Enterprise Linux ES (v. 3) / IA-64 slocate-2.7-3.RHEL3.6.ia64.rpm Red Hat Enterprise Linux ES (v. 3) / x86_64 slocate-2.7-3.RHEL3.6.x86_64.rpm Red Hat Enterprise Linux WS (v. 3) / SRPMS slocate-2.7-3.RHEL3.6.src.rpm Red Hat Enterprise Linux WS (v. 3) / IA-32 slocate-2.7-3.RHEL3.6.i386.rpm Red Hat Enterprise Linux WS (v. 3) / IA-64 slocate-2.7-3.RHEL3.6.ia64.rpm Red Hat Enterprise Linux WS (v. 3) / x86_64 slocate-2.7-3.RHEL3.6.x86_64.rpm Red Hat Desktop (v. 4) / SRPMS slocate-2.7-13.el4.6.src.rpm Red Hat Desktop (v. 4) / IA-32 slocate-2.7-13.el4.6.i386.rpm Red Hat Desktop (v. 4) / x86_64 slocate-2.7-13.el4.6.x86_64.rpm Red Hat Enterprise Linux AS (v. 4) / SRPMS slocate-2.7-13.el4.6.src.rpm Red Hat Enterprise Linux AS (v. 4) / IA-32 slocate-2.7-13.el4.6.i386.rpm Red Hat Enterprise Linux AS (v. 4) / IA-64 slocate-2.7-13.el4.6.ia64.rpm Red Hat Enterprise Linux AS (v. 4) / PPC slocate-2.7-13.el4.6.ppc.rpm Red Hat Enterprise Linux AS (v. 4) / s390 slocate-2.7-13.el4.6.s390.rpm Red Hat Enterprise Linux AS (v. 4) / s390x slocate-2.7-13.el4.6.s390x.rpm Red Hat Enterprise Linux AS (v. 4) / x86_64 slocate-2.7-13.el4.6.x86_64.rpm Red Hat Enterprise Linux ES (v. 4) / SRPMS slocate-2.7-13.el4.6.src.rpm Red Hat Enterprise Linux ES (v. 4) / IA-32 slocate-2.7-13.el4.6.i386.rpm Red Hat Enterprise Linux ES (v. 4) / IA-64 slocate-2.7-13.el4.6.ia64.rpm Red Hat Enterprise Linux ES (v. 4) / x86_64 slocate-2.7-13.el4.6.x86_64.rpm Red Hat Enterprise Linux WS (v. 4) / SRPMS slocate-2.7-13.el4.6.src.rpm Red Hat Enterprise Linux WS (v. 4) / IA-32 slocate-2.7-13.el4.6.i386.rpm Red Hat Enterprise Linux WS (v. 4) / IA-64 slocate-2.7-13.el4.6.ia64.rpm Red Hat Enterprise Linux WS (v. 4) / x86_64 slocate-2.7-13.el4.6.x86_64.rpm SGI Advanced Linux Environment 3 / RPM / Patch 10227 ftp://oss.sgi.com/projects/sgi_propack/download/3/updates/RPMS Advanced Linux Environment 3 / SRPM / Patch 10227 ftp://oss.sgi.com/projects/sgi_propack/download/3/updates/SRPMS
Identificadores estándar
Propiedad	Valor
CVE	CAN-2005-2499
BID
Recursos adicionales
Mandriva Security Advisories MDKSA-2005:147 http://www.mandriva.com/security/advisories?name=MDKSA-2005:147 Red Hat Security Advisory RHSA-2005:747-09 https://rhn.redhat.com/errata/RHSA-2005-747.html Red Hat Security Advisory (RHSA-2005:345-24) https://rhn.redhat.com/errata/RHSA-2005-345.html Red Hat Security Advisory (RHSA-2005:346-19) https://rhn.redhat.com/errata/RHSA-2005-346.html SGI Security Advisory (20051002-01-U) ftp://patches.sgi.com/support/free/security/advisories/20051002-01-U.asc

Histórico de versiones
Versión	Comentario	Fecha
1.0	Aviso emitido	2005-08-31
1.1	Aviso emitido por Red Hat (RHSA-2005:345-24)	2005-10-04
1.2	Aviso emitido por Red Hat (RHSA-2005:346-19)	2005-10-17
1.3	Aviso emitido por SGI (20051002-01-U)	2005-10-21