Miembros de
Boletines de Vulnerabilidades |
Vulnerabilidad en la creación de ficheros temporales en lm_sensors |
|
Clasificación de la vulnerabilidad |
|
| Propiedad | Valor |
| Nivel de Confianza | Oficial |
| Impacto | Integridad |
| Dificultad | Avanzado |
| Requerimientos del atacante | Acceso remoto con cuenta |
Información sobre el sistema |
|
| Propiedad | Valor |
| Fabricante afectado | GNU/Linux |
| Software afectado | lm_sensors < 2.9.1 |
Descripción |
|
|
Se ha descubierto una vulnerabilidad en lm_sensors. La vulnerabilidad reside en la forma en la que el script pwmconfig crea ficheros temporales. La explotación de esta vulnerabilidad podría permitir con un ataque symlink crear o sobrescribir ficheros arbitrarios con los permisos con los que se ejecuta pwmconfig, típicamente root. |
|
Solución |
|
|
Actualización de software Mandriva Linux Mandrakelinux 10.0/X86 10.0/RPMS/liblm_sensors3-2.8.4-2.1.100mdk.i586.rpm 10.0/RPMS/liblm_sensors3-devel-2.8.4-2.1.100mdk.i586.rpm 10.0/RPMS/liblm_sensors3-static-devel-2.8.4-2.1.100mdk.i586.rpm 10.0/RPMS/lm_sensors-2.8.4-2.1.100mdk.i586.rpm 10.0/SRPMS/lm_sensors-2.8.4-2.1.100mdk.src.rpm Mandrakelinux 10.0/AMD64 amd64/10.0/RPMS/lib64lm_sensors3-2.8.4-2.1.100mdk.amd64.rpm amd64/10.0/RPMS/lib64lm_sensors3-devel-2.8.4-2.1.100mdk.amd64.rpm amd64/10.0/RPMS/lib64lm_sensors3-static-devel-2.8.4-2.1.100mdk.amd64.rpm amd64/10.0/RPMS/lm_sensors-2.8.4-2.1.100mdk.amd64.rpm amd64/10.0/SRPMS/lm_sensors-2.8.4-2.1.100mdk.src.rpm Mandrakelinux 10.1/X86 10.1/RPMS/liblm_sensors3-2.8.7-7.1.101mdk.i586.rpm 10.1/RPMS/liblm_sensors3-devel-2.8.7-7.1.101mdk.i586.rpm 10.1/RPMS/liblm_sensors3-static-devel-2.8.7-7.1.101mdk.i586.rpm 10.1/RPMS/lm_sensors-2.8.7-7.1.101mdk.i586.rpm 10.1/SRPMS/lm_sensors-2.8.7-7.1.101mdk.src.rpm Mandrakelinux 10.1/X86_64 x86_64/10.1/RPMS/lib64lm_sensors3-2.8.7-7.1.101mdk.x86_64.rpm x86_64/10.1/RPMS/lib64lm_sensors3-devel-2.8.7-7.1.101mdk.x86_64.rpm x86_64/10.1/RPMS/lib64lm_sensors3-static-devel-2.8.7-7.1.101mdk.x86_64.rpm x86_64/10.1/RPMS/lm_sensors-2.8.7-7.1.101mdk.x86_64.rpm x86_64/10.1/SRPMS/lm_sensors-2.8.7-7.1.101mdk.src.rpm Corporate Server 3.0/X86 corporate/3.0/RPMS/liblm_sensors3-2.8.4-2.1.C30mdk.i586.rpm corporate/3.0/RPMS/liblm_sensors3-devel-2.8.4-2.1.C30mdk.i586.rpm corporate/3.0/RPMS/liblm_sensors3-static-devel-2.8.4-2.1.C30mdk.i586.rpm corporate/3.0/RPMS/lm_sensors-2.8.4-2.1.C30mdk.i586.rpm corporate/3.0/SRPMS/lm_sensors-2.8.4-2.1.C30mdk.src.rpm Corporate Server 3.0/X86_64 x86_64/corporate/3.0/RPMS/lib64lm_sensors3-2.8.4-2.1.C30mdk.x86_64.rpm x86_64/corporate/3.0/RPMS/lib64lm_sensors3-devel-2.8.4-2.1.C30mdk.x86_64.rpm x86_64/corporate/3.0/RPMS/lib64lm_sensors3-static-devel-2.8.4-2.1.C30mdk.x86_64.rpm x86_64/corporate/3.0/RPMS/lm_sensors-2.8.4-2.1.C30mdk.x86_64.rpm x86_64/corporate/3.0/SRPMS/lm_sensors-2.8.4-2.1.C30mdk.src.rpm Mandrivalinux LE2005/X86 10.2/RPMS/liblm_sensors3-2.9.0-4.1.102mdk.i586.rpm 10.2/RPMS/liblm_sensors3-devel-2.9.0-4.1.102mdk.i586.rpm 10.2/RPMS/liblm_sensors3-static-devel-2.9.0-4.1.102mdk.i586.rpm 10.2/RPMS/lm_sensors-2.9.0-4.1.102mdk.i586.rpm 10.2/SRPMS/lm_sensors-2.9.0-4.1.102mdk.src.rpm Mandrivalinux LE2005/X86_64 x86_64/10.2/RPMS/lib64lm_sensors3-2.9.0-4.1.102mdk.x86_64.rpm x86_64/10.2/RPMS/lib64lm_sensors3-devel-2.9.0-4.1.102mdk.x86_64.rpm x86_64/10.2/RPMS/lib64lm_sensors3-static-devel-2.9.0-4.1.102mdk.x86_64.rpm x86_64/10.2/RPMS/lm_sensors-2.9.0-4.1.102mdk.x86_64.rpm x86_64/10.2/SRPMS/lm_sensors-2.9.0-4.1.102mdk.src.rpm Debian Debian Linux 3.1 Source http://security.debian.org/pool/updates/main/l/lm-sensors/lm-sensors_2.9.1-1sarge2.dsc http://security.debian.org/pool/updates/main/l/lm-sensors/lm-sensors_2.9.1-1sarge2.diff.gz http://security.debian.org/pool/updates/main/l/lm-sensors/lm-sensors_2.9.1.orig.tar.gz Architecture independent http://security.debian.org/pool/updates/main/l/lm-sensors/kernel-patch-2.4-lm-sensors_2.9.1-1sarge2_all.deb http://security.debian.org/pool/updates/main/l/lm-sensors/lm-sensors-source_2.9.1-1sarge2_all.deb Alpha http://security.debian.org/pool/updates/main/l/lm-sensors/libsensors-dev_2.9.1-1sarge2_alpha.deb http://security.debian.org/pool/updates/main/l/lm-sensors/libsensors3_2.9.1-1sarge2_alpha.deb http://security.debian.org/pool/updates/main/l/lm-sensors/lm-sensors_2.9.1-1sarge2_alpha.deb http://security.debian.org/pool/updates/main/l/lm-sensors/sensord_2.9.1-1sarge2_alpha.deb AMD64 http://security.debian.org/pool/updates/main/l/lm-sensors/libsensors-dev_2.9.1-1sarge2_amd64.deb http://security.debian.org/pool/updates/main/l/lm-sensors/libsensors3_2.9.1-1sarge2_amd64.deb http://security.debian.org/pool/updates/main/l/lm-sensors/lm-sensors_2.9.1-1sarge2_amd64.deb http://security.debian.org/pool/updates/main/l/lm-sensors/sensord_2.9.1-1sarge2_amd64.deb ARM http://security.debian.org/pool/updates/main/l/lm-sensors/libsensors-dev_2.9.1-1sarge2_arm.deb http://security.debian.org/pool/updates/main/l/lm-sensors/libsensors3_2.9.1-1sarge2_arm.deb http://security.debian.org/pool/updates/main/l/lm-sensors/lm-sensors_2.9.1-1sarge2_arm.deb http://security.debian.org/pool/updates/main/l/lm-sensors/sensord_2.9.1-1sarge2_arm.deb Intel IA-32 http://security.debian.org/pool/updates/main/l/lm-sensors/libsensors-dev_2.9.1-1sarge2_i386.deb http://security.debian.org/pool/updates/main/l/lm-sensors/libsensors3_2.9.1-1sarge2_i386.deb http://security.debian.org/pool/updates/main/l/lm-sensors/lm-sensors_2.9.1-1sarge2_i386.deb http://security.debian.org/pool/updates/main/l/lm-sensors/lm-sensors-2.4.27-2-386_2.9.1-1sarge2_i386.deb http://security.debian.org/pool/updates/main/l/lm-sensors/lm-sensors-2.4.27-2-586tsc_2.9.1-1sarge2_i386.deb http://security.debian.org/pool/updates/main/l/lm-sensors/lm-sensors-2.4.27-2-686_2.9.1-1sarge2_i386.deb http://security.debian.org/pool/updates/main/l/lm-sensors/lm-sensors-2.4.27-2-686-smp_2.9.1-1sarge2_i386.deb http://security.debian.org/pool/updates/main/l/lm-sensors/lm-sensors-2.4.27-2-k6_2.9.1-1sarge2_i386.deb http://security.debian.org/pool/updates/main/l/lm-sensors/lm-sensors-2.4.27-2-k7_2.9.1-1sarge2_i386.deb http://security.debian.org/pool/updates/main/l/lm-sensors/lm-sensors-2.4.27-2-k7-smp_2.9.1-1sarge2_i386.deb http://security.debian.org/pool/updates/main/l/lm-sensors/sensord_2.9.1-1sarge2_i386.deb Intel IA-64 http://security.debian.org/pool/updates/main/l/lm-sensors/libsensors-dev_2.9.1-1sarge2_ia64.deb http://security.debian.org/pool/updates/main/l/lm-sensors/libsensors3_2.9.1-1sarge2_ia64.deb http://security.debian.org/pool/updates/main/l/lm-sensors/lm-sensors_2.9.1-1sarge2_ia64.deb http://security.debian.org/pool/updates/main/l/lm-sensors/sensord_2.9.1-1sarge2_ia64.deb HP Precision http://security.debian.org/pool/updates/main/l/lm-sensors/libsensors-dev_2.9.1-1sarge2_hppa.deb http://security.debian.org/pool/updates/main/l/lm-sensors/libsensors3_2.9.1-1sarge2_hppa.deb http://security.debian.org/pool/updates/main/l/lm-sensors/lm-sensors_2.9.1-1sarge2_hppa.deb http://security.debian.org/pool/updates/main/l/lm-sensors/sensord_2.9.1-1sarge2_hppa.deb Motorola 680x0 http://security.debian.org/pool/updates/main/l/lm-sensors/libsensors-dev_2.9.1-1sarge2_m68k.deb http://security.debian.org/pool/updates/main/l/lm-sensors/libsensors3_2.9.1-1sarge2_m68k.deb http://security.debian.org/pool/updates/main/l/lm-sensors/lm-sensors_2.9.1-1sarge2_m68k.deb http://security.debian.org/pool/updates/main/l/lm-sensors/sensord_2.9.1-1sarge2_m68k.deb Big endian MIPS http://security.debian.org/pool/updates/main/l/lm-sensors/libsensors-dev_2.9.1-1sarge2_mips.deb http://security.debian.org/pool/updates/main/l/lm-sensors/libsensors3_2.9.1-1sarge2_mips.deb http://security.debian.org/pool/updates/main/l/lm-sensors/lm-sensors_2.9.1-1sarge2_mips.deb http://security.debian.org/pool/updates/main/l/lm-sensors/sensord_2.9.1-1sarge2_mips.deb Little endian MIPS http://security.debian.org/pool/updates/main/l/lm-sensors/libsensors-dev_2.9.1-1sarge2_mipsel.deb http://security.debian.org/pool/updates/main/l/lm-sensors/libsensors3_2.9.1-1sarge2_mipsel.deb http://security.debian.org/pool/updates/main/l/lm-sensors/lm-sensors_2.9.1-1sarge2_mipsel.deb http://security.debian.org/pool/updates/main/l/lm-sensors/sensord_2.9.1-1sarge2_mipsel.deb PowerPC http://security.debian.org/pool/updates/main/l/lm-sensors/libsensors-dev_2.9.1-1sarge2_powerpc.deb http://security.debian.org/pool/updates/main/l/lm-sensors/libsensors3_2.9.1-1sarge2_powerpc.deb http://security.debian.org/pool/updates/main/l/lm-sensors/lm-sensors_2.9.1-1sarge2_powerpc.deb http://security.debian.org/pool/updates/main/l/lm-sensors/sensord_2.9.1-1sarge2_powerpc.deb IBM S/390 http://security.debian.org/pool/updates/main/l/lm-sensors/libsensors-dev_2.9.1-1sarge2_s390.deb http://security.debian.org/pool/updates/main/l/lm-sensors/libsensors3_2.9.1-1sarge2_s390.deb http://security.debian.org/pool/updates/main/l/lm-sensors/lm-sensors_2.9.1-1sarge2_s390.deb http://security.debian.org/pool/updates/main/l/lm-sensors/sensord_2.9.1-1sarge2_s390.deb Sun Sparc http://security.debian.org/pool/updates/main/l/lm-sensors/libsensors-dev_2.9.1-1sarge2_sparc.deb http://security.debian.org/pool/updates/main/l/lm-sensors/libsensors3_2.9.1-1sarge2_sparc.deb http://security.debian.org/pool/updates/main/l/lm-sensors/lm-sensors_2.9.1-1sarge2_sparc.deb http://security.debian.org/pool/updates/main/l/lm-sensors/sensord_2.9.1-1sarge2_sparc.deb Red Hat Red Hat Desktop (v. 4) / SRPMS lm_sensors-2.8.7-2.40.3.src.rpm Red Hat Desktop (v. 4) / IA-32 lm_sensors-2.8.7-2.40.3.i386.rpm lm_sensors-devel-2.8.7-2.40.3.i386.rpm Red Hat Desktop (v. 4) / x86_64 lm_sensors-2.8.7-2.40.3.i386.rpm lm_sensors-2.8.7-2.40.3.x86_64.rpm lm_sensors-devel-2.8.7-2.40.3.x86_64.rpm Red Hat Enterprise Linux AS (v. 4) / SRPMS lm_sensors-2.8.7-2.40.3.src.rpm Red Hat Enterprise Linux AS (v. 4) / IA-32 lm_sensors-2.8.7-2.40.3.i386.rpm lm_sensors-devel-2.8.7-2.40.3.i386.rpm Red Hat Enterprise Linux AS (v. 4) / IA-64 lm_sensors-2.8.7-2.40.3.i386.rpm Red Hat Enterprise Linux AS (v. 4) / x86_64 lm_sensors-2.8.7-2.40.3.i386.rpm lm_sensors-2.8.7-2.40.3.x86_64.rpm lm_sensors-devel-2.8.7-2.40.3.x86_64.rpm Red Hat Enterprise Linux ES (v. 4) / SRPMS lm_sensors-2.8.7-2.40.3.src.rpm Red Hat Enterprise Linux ES (v. 4) / IA-32 lm_sensors-2.8.7-2.40.3.i386.rpm lm_sensors-devel-2.8.7-2.40.3.i386.rpm Red Hat Enterprise Linux ES (v. 4) / IA-64 lm_sensors-2.8.7-2.40.3.i386.rpm Red Hat Enterprise Linux ES (v. 4) / x86_64 lm_sensors-2.8.7-2.40.3.i386.rpm lm_sensors-2.8.7-2.40.3.x86_64.rpm lm_sensors-devel-2.8.7-2.40.3.x86_64.rpm Red Hat Enterprise Linux WS (v. 4) / SRPMS lm_sensors-2.8.7-2.40.3.src.rpm Red Hat Enterprise Linux WS (v. 4) / IA-32 lm_sensors-2.8.7-2.40.3.i386.rpm lm_sensors-devel-2.8.7-2.40.3.i386.rpm Red Hat Enterprise Linux WS (v. 4) / IA-64 lm_sensors-2.8.7-2.40.3.i386.rpm Red Hat Enterprise Linux WS (v. 4) / x86_64 lm_sensors-2.8.7-2.40.3.i386.rpm lm_sensors-2.8.7-2.40.3.x86_64.rpm lm_sensors-devel-2.8.7-2.40.3.x86_64.rpm https://rhn.redhat.com/ |
|
Identificadores estándar |
|
| Propiedad | Valor |
| CVE | CAN-2005-2672 |
| BID | |
Recursos adicionales |
|
|
Mandriva Security Advisories MDKSA-2005:149 http://www.mandriva.com/security/advisories?name=MDKSA-2005:149 Debian Security Advisory (DSA 814-1) http://lists.debian.org/debian-security-announce/debian-security-announce-2005/msg00204.html Red Hat Security Advisory (RHSA-2005:825-13) https://rhn.redhat.com/errata/RHSA-2005-825.html |
|
Histórico de versiones |
||
| Versión | Comentario | Fecha |
| 1.0 | Aviso emitido | 2005-09-06 |
| 1.1 | Aviso emitido por Debian (DSA 814-1) | 2005-09-22 |
| 1.2 | Aviso emitido por Red Hat (RHSA-2005:825-13) | 2005-11-14 |