int(1833)

Boletines de Vulnerabilidades

Inyección de comandos shell en Mozilla/Firefox/Thunderbird

Clasificación de la vulnerabilidad
Propiedad Valor
Nivel de Confianza Oficial
Impacto Obtener acceso
Dificultad Principiante
Requerimientos del atacante Acceso remoto sin cuenta a un servicio estandar

Información sobre el sistema
Propiedad Valor
Fabricante afectado GNU/Linux
Software afectado Mozilla < 1.7.12
Firefox <= 1.0.6
Thunderbird <= 1.0.6

Descripción
Se ha descubierto una vulnerabilidad en Mozilla Suite, Firefox y Thunderbird. La vulnerabilidad reside en un error de validación de entrada en el shell script usado para cargar estos programas, ya que interpreta comandos shell que estén entre comillas simples (backticks) en la URL que se indica por línea de comandos.

La explotación de esta vulnerabilidad podría permitir a un atacante remoto ejecutar comandos arbitrarios mediante un enlace Web o "mailto:" especialmente diseñado que la víctima debe seguir con un producto vulnerable.

Esta vulnerabilidad solo puede ser explotada en sistemas Unix / Linux. El hecho de tener configurados Mozilla Firefox y Mozilla Thunderbird como clientes Web y de correo por defecto facilitan la explotación de esta vulnerabilidad.

Solución


Actualización de software

Mozilla
Actualizar a versión 1.7.12
http://www.mozilla.org/products/mozilla1.x/

Firefox
Actualizar a versión 1.0.7
http://www.mozilla.org/products/firefox/

Thunderbird
No existen parches actualmente.

Red Hat (firefox)

Red Hat Desktop (v. 4) / SRPMS
firefox-1.0.7-1.4.1.src.rpm

Red Hat Desktop (v. 4) / IA-32
firefox-1.0.7-1.4.1.i386.rpm

Red Hat Desktop (v. 4) / x86_64
firefox-1.0.7-1.4.1.x86_64.rpm

Red Hat Enterprise Linux AS (v. 4) / SRPMS
firefox-1.0.7-1.4.1.src.rpm

Red Hat Enterprise Linux AS (v. 4) / IA-32
firefox-1.0.7-1.4.1.i386.rpm

Red Hat Enterprise Linux AS (v. 4) / IA-64
firefox-1.0.7-1.4.1.ia64.rpm

Red Hat Enterprise Linux AS (v. 4) / PPC
firefox-1.0.7-1.4.1.ppc.rpm

Red Hat Enterprise Linux AS (v. 4) / s390
firefox-1.0.7-1.4.1.s390.rpm

Red Hat Enterprise Linux AS (v. 4) / s390x
firefox-1.0.7-1.4.1.s390x.rpm

Red Hat Enterprise Linux AS (v. 4) / x86_64
firefox-1.0.7-1.4.1.x86_64.rpm

Red Hat Enterprise Linux ES (v. 4) / SRPMS
firefox-1.0.7-1.4.1.src.rpm

Red Hat Enterprise Linux ES (v. 4) / IA-32
firefox-1.0.7-1.4.1.i386.rpm

Red Hat Enterprise Linux ES (v. 4) / IA-64
firefox-1.0.7-1.4.1.ia64.rpm

Red Hat Enterprise Linux ES (v. 4) / x86_64
firefox-1.0.7-1.4.1.x86_64.rpm

Red Hat Enterprise Linux WS (v. 4) / SRPMS
firefox-1.0.7-1.4.1.src.rpm

Red Hat Enterprise Linux WS (v. 4) / IA-32
firefox-1.0.7-1.4.1.i386.rpm

Red Hat Enterprise Linux WS (v. 4) / IA-64
firefox-1.0.7-1.4.1.ia64.rpm

Red Hat Enterprise Linux WS (v. 4) / x86_64
firefox-1.0.7-1.4.1.x86_64.rpm

Red Hat (Thunderbird)

Red Hat Desktop (v. 4) / SRPMS
thunderbird-1.0.7-1.4.1.src.rpm

Red Hat Desktop (v. 4) / IA-32
thunderbird-1.0.7-1.4.1.i386.rpm

Red Hat Desktop (v. 4) / x86_64
thunderbird-1.0.7-1.4.1.x86_64.rpm

Red Hat Enterprise Linux AS (v. 4) / SRPMS
thunderbird-1.0.7-1.4.1.src.rpm

Red Hat Enterprise Linux AS (v. 4) / IA-32
thunderbird-1.0.7-1.4.1.i386.rpm

Red Hat Enterprise Linux AS (v. 4) / IA-64
thunderbird-1.0.7-1.4.1.ia64.rpm

Red Hat Enterprise Linux AS (v. 4) / PPC
thunderbird-1.0.7-1.4.1.ppc.rpm

Red Hat Enterprise Linux AS (v. 4) / s390
thunderbird-1.0.7-1.4.1.s390.rpm

Red Hat Enterprise Linux AS (v. 4) / s390x
thunderbird-1.0.7-1.4.1.s390x.rpm

Red Hat Enterprise Linux AS (v. 4) / x86_64
thunderbird-1.0.7-1.4.1.x86_64.rpm

Red Hat Enterprise Linux ES (v. 4) / SRPMS
thunderbird-1.0.7-1.4.1.src.rpm

Red Hat Enterprise Linux ES (v. 4) / IA-32
thunderbird-1.0.7-1.4.1.i386.rpm

Red Hat Enterprise Linux ES (v. 4) / IA-64
thunderbird-1.0.7-1.4.1.ia64.rpm

Red Hat Enterprise Linux ES (v. 4) / x86_64
thunderbird-1.0.7-1.4.1.x86_64.rpm

Red Hat Enterprise Linux WS (v. 4) / SRPMS
thunderbird-1.0.7-1.4.1.src.rpm

Red Hat Enterprise Linux WS (v. 4) / IA-32
thunderbird-1.0.7-1.4.1.i386.rpm

Red Hat Enterprise Linux WS (v. 4) / IA-64
thunderbird-1.0.7-1.4.1.ia64.rpm

Red Hat Enterprise Linux WS (v. 4) / x86_64
thunderbird-1.0.7-1.4.1.x86_64.rpm

Mandriva (firefox)

Mandrivalinux LE2005
X86
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.2/RPMS/libnspr4-1.0.2-9.1.102mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.2/RPMS/libnspr4-devel-1.0.2-9.1.102mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.2/RPMS/libnss3-1.0.2-9.1.102mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.2/RPMS/libnss3-devel-1.0.2-9.1.102mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.2/RPMS/mozilla-firefox-1.0.2-9.1.102mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.2/RPMS/mozilla-firefox-devel-1.0.2-9.1.102mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.2/SRPMS/mozilla-firefox-1.0.2-9.1.102mdk.src.rpm
X86_64
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.2/RPMS/lib64nspr4-1.0.2-9.1.102mdk.x86_64.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.2/RPMS/lib64nspr4-devel-1.0.2-9.1.102mdk.x86_64.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.2/RPMS/libnspr4-1.0.2-9.1.102mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.2/RPMS/libnspr4-devel-1.0.2-9.1.102mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.2/RPMS/lib64nss3-1.0.2-9.1.102mdk.x86_64.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.2/RPMS/lib64nss3-devel-1.0.2-9.1.102mdk.x86_64.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.2/RPMS/libnss3-1.0.2-9.1.102mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.2/RPMS/libnss3-devel-1.0.2-9.1.102mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.2/RPMS/mozilla-firefox-1.0.2-9.1.102mdk.x86_64.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.2/RPMS/mozilla-firefox-devel-1.0.2-9.1.102mdk.x86_64.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.2/SRPMS/mozilla-firefox-1.0.2-9.1.102mdk.src.rpm

Mandriva Linux (Thunderbird)

Mandrivalinux LE2005
X86
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.2/RPMS/mozilla-thunderbird-1.0.2-5.1.102mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.2/RPMS/mozilla-thunderbird-devel-1.0.2-5.1.102mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.2/RPMS/mozilla-thunderbird-enigmail-1.0.2-5.1.102mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.2/RPMS/mozilla-thunderbird-enigmime-1.0.2-5.1.102mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.2/SRPMS/mozilla-thunderbird-1.0.2-5.1.102mdk.src.rpm
X86_64
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.2/RPMS/mozilla-thunderbird-1.0.2-5.1.102mdk.x86_64.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.2/RPMS/mozilla-thunderbird-devel-1.0.2-5.1.102mdk.x86_64.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.2/RPMS/mozilla-thunderbird-enigmail-1.0.2-5.1.102mdk.x86_64.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.2/RPMS/mozilla-thunderbird-enigmime-1.0.2-5.1.102mdk.x86_64.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.2/SRPMS/mozilla-thunderbird-1.0.2-5.1.102mdk.src.rpm

Mandrivalinux 2006
X86
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/RPMS/mozilla-thunderbird-1.0.6-7.1.20060mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/RPMS/mozilla-thunderbird-enigmail-1.0.6-7.1.20060mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/RPMS/mozilla-thunderbird-enigmime-1.0.6-7.1.20060mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/SRPMS/mozilla-thunderbird-1.0.6-7.1.20060mdk.src.rpm
X86_64
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/2006.0/RPMS/mozilla-thunderbird-1.0.6-7.1.20060mdk.x86_64.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/2006.0/RPMS/mozilla-thunderbird-enigmail-1.0.6-7.1.20060mdk.x86_64.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/2006.0/RPMS/mozilla-thunderbird-enigmime-1.0.6-7.1.20060mdk.x86_64.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/2006.0/SRPMS/mozilla-thunderbird-1.0.6-7.1.20060mdk.src.rpm

SCO
OpenServer 5.0.7
ftp://ftp.sco.com/pub/openserver5/507/mp/osr507mp4/osr507mp4_vol.tar

Identificadores estándar
Propiedad Valor
CVE CAN-2005-2968
BID

Recursos adicionales
Bugzilla Bug 307185
https://bugzilla.mozilla.org/show_bug.cgi?id=307185

Secunia Advisory (SA16846)
http://secunia.com/advisories/16846/

Secunia Advisory (SA16869)
http://secunia.com/advisories/16869/

Secunia Advisory (SA16901)
http://secunia.com/advisories/16901/

Red Hat Security Advisory (RHSA-2005:785-9)
https://rhn.redhat.com/errata/RHSA-2005-785.html

Red Hat Security Advisory (RHSA-2005:791-8)
https://rhn.redhat.com/errata/RHSA-2005-791.html

Mandriva Security Advisory (MDKSA-2005:169)
http://www.mandriva.com/security/advisories?name=MDKSA-2005:169

Mandriva Security Advisory (MDKSA-2005:174)
http://www.mandriva.com/security/advisories?name=MDKSA-2005:174

SCO Security Advisory (SCOSA-2005.49)
ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt

Histórico de versiones
Versión Comentario Fecha
1.0 Aviso emitido 2005-09-22
1.1 Aviso emitido por Red Hat (RHSA-2005:785-9). Aviso emitido por Mandriva (MDKSA-2005:169). 2005-09-27
1.2 Aviso emitido por Mandriva (MDKSA-2005:174) 2005-10-17
1.3 Aviso emitido por Red Hat (RHSA-2005:791-8) 2005-10-18
1.4 Aviso emitido por SCO (SCOSA-2005.49) 2005-11-28

Miembros de

CERT
FIRST
TF-CSIRT
EGC Group
UE
Red Nacional de SOC
Foro Nacional de Ciberseguridad
CSIRT.es
Ministerio de Defensa
CNI
CCN
CCN-CERT