Boletines de Vulnerabilidades |
Salto de restricciones en mensajes netlink en Avahi |
|
Clasificación de la vulnerabilidad |
|
Propiedad | Valor |
Nivel de Confianza | Oficial |
Impacto | Ocultacion del rastro |
Dificultad | Experto |
Requerimientos del atacante | Acceso remoto sin cuenta a un servicio exotico |
Información sobre el sistema |
|
Propiedad | Valor |
Fabricante afectado | GNU/Linux |
Software afectado | Avahi < 0.6.15 |
Descripción |
|
Se ha descubierto una vulnerabilidad en Avahi en versiones anteriores a la 0.6.15. La vulnerabilidad reside en que no se verifica la identidad del remitente de los mensajes netlink para asegurarse que estos vienen del kernel en lugar de otros procesos. Un atacante local podría saltarse restricciones de seguridad. |
|
Solución |
|
Actualización de software Mandriva Mandriva Linux 2007 X86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.0/i586/avahi-0.6.13-4.1mdv2007.0.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.0/i586/avahi-dnsconfd-0.6.13-4.1mdv2007.0.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.0/i586/avahi-python-0.6.13-4.1mdv2007.0.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.0/i586/avahi-sharp-0.6.13-4.1mdv2007.0.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.0/i586/avahi-x11-0.6.13-4.1mdv2007.0.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.0/i586/libavahi-client3-0.6.13-4.1mdv2007.0.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.0/i586/libavahi-client3-devel-0.6.13-4.1mdv2007.0.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.0/i586/libavahi-common3-0.6.13-4.1mdv2007.0.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.0/i586/libavahi-common3-devel-0.6.13-4.1mdv2007.0.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.0/i586/libavahi-compat-howl0-0.6.13-4.1mdv2007.0.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.0/i586/libavahi-compat-howl0-devel-0.6.13-4.1mdv2007.0.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.0/i586/libavahi-compat-libdns_sd1-0.6.13-4.1mdv2007.0.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.0/i586/libavahi-compat-libdns_sd1-devel-0.6.13-4.1mdv2007.0.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.0/i586/libavahi-core4-0.6.13-4.1mdv2007.0.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.0/i586/libavahi-core4-devel-0.6.13-4.1mdv2007.0.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.0/i586/libavahi-glib1-0.6.13-4.1mdv2007.0.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.0/i586/libavahi-glib1-devel-0.6.13-4.1mdv2007.0.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.0/i586/libavahi-qt3_1-0.6.13-4.1mdv2007.0.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.0/i586/libavahi-qt3_1-devel-0.6.13-4.1mdv2007.0.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.0/i586/libavahi-qt4_1-0.6.13-4.1mdv2007.0.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.0/i586/libavahi-qt4_1-devel-0.6.13-4.1mdv2007.0.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.0/SRPMS/avahi-0.6.13-4.1mdv2007.0.src.rpm X86_64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.0/x86_64/avahi-0.6.13-4.1mdv2007.0.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.0/x86_64/avahi-dnsconfd-0.6.13-4.1mdv2007.0.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.0/x86_64/avahi-python-0.6.13-4.1mdv2007.0.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.0/x86_64/avahi-sharp-0.6.13-4.1mdv2007.0.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.0/x86_64/avahi-x11-0.6.13-4.1mdv2007.0.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.0/x86_64/lib64avahi-client3-0.6.13-4.1mdv2007.0.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.0/x86_64/lib64avahi-client3-devel-0.6.13-4.1mdv2007.0.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.0/x86_64/lib64avahi-common3-0.6.13-4.1mdv2007.0.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.0/x86_64/lib64avahi-common3-devel-0.6.13-4.1mdv2007.0.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.0/x86_64/lib64avahi-compat-howl0-0.6.13-4.1mdv2007.0.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.0/x86_64/lib64avahi-compat-howl0-devel-0.6.13-4.1mdv2007.0.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.0/x86_64/lib64avahi-compat-libdns_sd1-0.6.13-4.1mdv2007.0.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.0/x86_64/lib64avahi-compat-libdns_sd1-devel-0.6.13-4.1mdv2007.0.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.0/x86_64/lib64avahi-core4-0.6.13-4.1mdv2007.0.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.0/x86_64/lib64avahi-core4-devel-0.6.13-4.1mdv2007.0.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.0/x86_64/lib64avahi-glib1-0.6.13-4.1mdv2007.0.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.0/x86_64/lib64avahi-glib1-devel-0.6.13-4.1mdv2007.0.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.0/x86_64/lib64avahi-qt3_1-0.6.13-4.1mdv2007.0.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.0/x86_64/lib64avahi-qt3_1-devel-0.6.13-4.1mdv2007.0.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.0/x86_64/lib64avahi-qt4_1-0.6.13-4.1mdv2007.0.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.0/x86_64/lib64avahi-qt4_1-devel-0.6.13-4.1mdv2007.0.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.0/SRPMS/avahi-0.6.13-4.1mdv2007.0.src.rpm |
|
Identificadores estándar |
|
Propiedad | Valor |
CVE | CVE-2006-5461 |
BID | |
Recursos adicionales |
|
Mandriva Security Advisory (MDKSA-2006:215) http://www.mandriva.com/security/advisories?name=MDKSA-2006:215 |
Histórico de versiones |
||
Versión | Comentario | Fecha |
1.0 | Aviso emitido | 2006-11-21 |