Login
Newsletter
Werbung

Sicherheit: Unsichere Verwendung temporärer Dateien in cfengine
Aktuelle Meldungen Distributionen
Name: Unsichere Verwendung temporärer Dateien in cfengine
ID: MDKSA-2005:184
Distribution: Mandriva
Plattformen: Mandriva 10.1, Mandriva Corporate 3.0, Mandriva Corporate Server 2.1, Mandriva 10.2, Mandriva 2006.0
Datum: Fr, 14. Oktober 2005, 06:06
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2960
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3137
Applikationen: CFEngine

Originalnachricht

This is a multi-part message in MIME format...

------------=_1129262278-811-1060

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Update Advisory
_______________________________________________________________________

Package name: cfengine
Advisory ID: MDKSA-2005:184
Date: October 13th, 2005

Affected versions: 10.1, 10.2, 2006.0, Corporate 3.0,
Corporate Server 2.1
______________________________________________________________________

Problem Description:

Javier Fernández-Sanguino Peña discovered several insecure temporary
file uses in cfengine <= 1.6.5 and <= 2.1.16 which allows local users
to overwrite arbitrary files via a symlink attack on temporary files
used by vicf.in. (CAN-2005-2960)

In addition, Javier discovered the cfmailfilter and cfcron.in files
for cfengine <= 1.6.5 allow local users to overwrite arbitrary files
via a symlink attack on temporary files (CAN-2005-3137)

The updated packages have been patched to address this issue.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2960
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3137
______________________________________________________________________

Updated Packages:

Mandrivalinux 10.1:
acf648169c296d474886d1d98752a763 10.1/RPMS/cfengine-1.6.5-4.3.101mdk.i586.rpm
176cbf5b72aba7c6a2b40daf4ee09c94 10.1/SRPMS/cfengine-1.6.5-4.3.101mdk.src.rpm

Mandrivalinux 10.1/X86_64:
a9bed51735d6762fe3e1d66c8657f65a
x86_64/10.1/RPMS/cfengine-1.6.5-4.3.101mdk.x86_64.rpm
176cbf5b72aba7c6a2b40daf4ee09c94
x86_64/10.1/SRPMS/cfengine-1.6.5-4.3.101mdk.src.rpm

Mandrivalinux 10.2:
426fd00421697c85c0e63f527faac7e8
10.2/RPMS/cfengine-2.1.12-7.2.102mdk.i586.rpm
edd39a03e85f5176a0c28667cc91c388
10.2/RPMS/cfengine-cfservd-2.1.12-7.2.102mdk.i586.rpm
5c9a0c525c45a802f5d89686123e751c
10.2/SRPMS/cfengine-2.1.12-7.2.102mdk.src.rpm

Mandrivalinux 10.2/X86_64:
e75f232aa540e80fb9a12558d0c1f105
x86_64/10.2/RPMS/cfengine-2.1.12-7.2.102mdk.x86_64.rpm
3680ec121accdf0cdf1830b374d804ee
x86_64/10.2/RPMS/cfengine-cfservd-2.1.12-7.2.102mdk.x86_64.rpm
5c9a0c525c45a802f5d89686123e751c
x86_64/10.2/SRPMS/cfengine-2.1.12-7.2.102mdk.src.rpm

Mandrivalinux 2006.0:
61f3c7fe9cf1a69e889cfa4d476473af
2006.0/RPMS/cfengine-base-2.1.15-2.2.20060mdk.i586.rpm
5a7d6087787de6a9f98288c415562ced
2006.0/RPMS/cfengine-cfagent-2.1.15-2.2.20060mdk.i586.rpm
0cd9ecbccf2a0b4e775d6629b1b7416f
2006.0/RPMS/cfengine-cfenvd-2.1.15-2.2.20060mdk.i586.rpm
5c10e7371d807d4f42f2524f24809a92
2006.0/RPMS/cfengine-cfexecd-2.1.15-2.2.20060mdk.i586.rpm
0bd54480c32575625f3d42badf59d690
2006.0/RPMS/cfengine-cfservd-2.1.15-2.2.20060mdk.i586.rpm
1b3213afe77bd75af306a63f746994cd
2006.0/SRPMS/cfengine-2.1.15-2.2.20060mdk.src.rpm

Mandrivalinux 2006.0/X86_64:
e81ea72b0431a8cc40753a6dee7037d2
x86_64/2006.0/RPMS/cfengine-base-2.1.15-2.2.20060mdk.x86_64.rpm
f997658d8fa1dea25353906141443ba9
x86_64/2006.0/RPMS/cfengine-cfagent-2.1.15-2.2.20060mdk.x86_64.rpm
bc560e64dc5de8046b9d14be43621a10
x86_64/2006.0/RPMS/cfengine-cfenvd-2.1.15-2.2.20060mdk.x86_64.rpm
1d3cb518f0266f57c182712350935fb8
x86_64/2006.0/RPMS/cfengine-cfexecd-2.1.15-2.2.20060mdk.x86_64.rpm
db890abf046c63d91fc5fb60c6b796a8
x86_64/2006.0/RPMS/cfengine-cfservd-2.1.15-2.2.20060mdk.x86_64.rpm
1b3213afe77bd75af306a63f746994cd
x86_64/2006.0/SRPMS/cfengine-2.1.15-2.2.20060mdk.src.rpm

Corporate Server 2.1:
12057e0591bdb14e49b74d5c1c268196
corporate/2.1/RPMS/cfengine-1.6.3-8.3.C21mdk.i586.rpm
4026484a33d7d324da1dce56fd697842
corporate/2.1/SRPMS/cfengine-1.6.3-8.3.C21mdk.src.rpm

Corporate Server 2.1/X86_64:
4dc4d9a367d056f053af80118cee8886
x86_64/corporate/2.1/RPMS/cfengine-1.6.3-8.3.C21mdk.x86_64.rpm
4026484a33d7d324da1dce56fd697842
x86_64/corporate/2.1/SRPMS/cfengine-1.6.3-8.3.C21mdk.src.rpm

Corporate 3.0:
0c82f22f7ef0f6db35eb5f19caba9d2d
corporate/3.0/RPMS/cfengine-1.6.5-3.3.C30mdk.i586.rpm
ac84162471431da5f5afae45d48ca5c8
corporate/3.0/SRPMS/cfengine-1.6.5-3.3.C30mdk.src.rpm

Corporate 3.0/X86_64:
bb704e30c6f6c0edb0b03d6a6d6c62d3
x86_64/corporate/3.0/RPMS/cfengine-1.6.5-3.3.C30mdk.x86_64.rpm
ac84162471431da5f5afae45d48ca5c8
x86_64/corporate/3.0/SRPMS/cfengine-1.6.5-3.3.C30mdk.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFDTybimqjQ0CJFipgRAnAGAKCwLA12aj2WBEZPLtGTHajy6/2QggCcCkA5
FWV/Ex2QdPdLfLAJjl/YiME=
=RgFb
-----END PGP SIGNATURE-----


------------=_1129262278-811-1060
Content-Type: text/plain; name="message.footer"
Content-Disposition: inline; filename="message.footer"
Content-Transfer-Encoding: 8bit

To unsubscribe, send a email to sympa@mandrivalinux.org
with this subject : unsubscribe security-announce
_______________________________________________________
Want to buy your Pack or Services from Mandriva?
Go to http://www.mandrivastore.com
Join the Club : http://www.mandrivaclub.com
_______________________________________________________

------------=_1129262278-811-1060--
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung