FrSIRT - Fedora Security Update Fixes Xen Insecure Temporary File Vulnerability / Exploit

French Security Incident Response Team

Français

English

Fedora Security Update Fixes Xen Insecure Temporary File Vulnerability

Date de Publication : 2007-11-06 © FrSIRT.COM
Titre : Fedora Security Update Fixes Xen Insecure Temporary File Vulnerability
Identifiant : FrSIRT/AVIS-2007-3740
CVE ID : CVE-2007-3919
Risque : Bas (1/4) -

Exploitable à distance : Oui
Exploitable en local : Oui

En savoir plus

Description

Produits affectés

Solution

Références

Description Technique

Une vulnérabilité a été identifiée dans Fedora, elle pourrait être exploitée par des attaquants locaux afin de contourner les mesures de sécurité [...]

Solution

Installer les mises à jour :

http://download.fedora.redhat.com/pub/fedora/linux/core/updates/6/

fdd90270390597e8a610e0f311c2138c1c7baa80 SRPMS/xen-3.0.3-13.fc6.src.rpm
fdd90270390597e8a610e0f311c2138c1c7baa80 noarch/xen-3.0.3-13.fc6.src.rpm
8163a0a42843e72852c7f7330974229072075504 x86_64/xen-3.0.3-13.fc6.x86_64.rpm
2056553fde1257731eba7ac360d8802c1a938edb x86_64/debug/xen-debuginfo-3.0.3-13.fc6.x86_64.rpm
be95a5f72620f0dc14d3c932a32268fa8dcb3a84 x86_64/xen-libs-3.0.3-13.fc6.x86_64.rpm
4308908c4cd0950b49f8c109232a9d05f3a5b50d x86_64/xen-devel-3.0.3-13.fc6.x86_64.rpm
de7e3e494d6cb309a5bdde9637a113b0cbb398ab i386/debug/xen-debuginfo-3.0.3-13.fc6.i386.rpm
ddacf1c9cfc8d7c15f10c81234654cf4ea53027c i386/xen-3.0.3-13.fc6.i386.rpm
099b3c99d6c9efa2bf148b257b2b480f6c31e0ea i386/xen-libs-3.0.3-13.fc6.i386.rpm
4fc5028b60a1dcd857e0fb1c0e31f7be33d67ee3 i386/xen-devel-3.0.3-13.fc6.i386.rpm

Historique

2007-11-06 : Version Initiale

Recevez les bulletins FrSIRT

Le service FrSIRT VNS permet aux professionnels de la sécurité (RSSI, DSI, administrateurs et consultants) de recevoir en temps-réel, par email, SMS et flux RSS/XML, des bulletins de vulnérabilités complets, détaillés et personnalisés.

Recherche

Newsletter

	Apple Mac OS X Code Execution Vulnerabilities
	Apple iPhone and iPod touch Multiple Code Execution Vulnerabilities
	Apple Xcode Code Execution and Information Disclosure Vulnerabilities
	Apple TV Data Processing Remote Code Execution Vulnerabilities
	Apple Mac OS X Command Execution Vulnerabilities
	Apple Safari for Mac OS X Remote Code Execution Vulnerability
	Apple Mac OS X ARDAgent Local Privilege Escalation Vulnerability

	Oracle Products Multiple Code Execution Vulnerabilities
	Oracle Products Command Execution and SQL Injection Vulnerabilities
	Oracle Products Multiple Code Execution and SQL Injection Vulnerabilities
	Oracle Database "PITRIG_DROPMETADATA" Buffer Overflow Vulnerability
	Oracle Products Multiple Code Execution and SQL Injection Vulnerabilities
	Oracle JInitiator ActiveX Control Multiple Remote Buffer Overflow Vulnerabilities
	Oracle Products Multiple Remote Command Execution and SQL Injection Vulnerabilities

	Sun Solaris Covert Channel Local Security Bypass Vulnerability
	Sun Solaris NFS RPC Zone Denial of Service Vulnerability
	Sun Solaris NFS Kernel Module Local Denial of Service Vulnerability
	Sun Solaris NFSv4 Client Kernel Module Denial of Service Vulnerability
	Sun Java System Portal Server Cross Site Scripting Vulnerability
	Sun rdesktop Code Execution and Denial of Service
	Sun Java System Web Proxy Server Denial of Service Vulnerability