FrSIRT - Mandriva Security Update Fixes Vixie Cron Local Denial of Service Issue / Exploit

French Security Incident Response Team

Français

English

Mandriva Security Update Fixes Vixie Cron Local Denial of Service Issue

Date de Publication : 2007-12-04 © FrSIRT.COM
Titre : Mandriva Security Update Fixes Vixie Cron Local Denial of Service Issue
Identifiant : FrSIRT/AVIS-2007-4075
CVE ID : CVE-2007-1856
Risque : Bas (1/4) -

Exploitable à distance : Non
Exploitable en local : Oui

En savoir plus

Description

Produits affectés

Solution

Références

Description Technique

Une vulnérabilité a été identifiée dans Mandriva, elle pourrait être exploitée par des attaquants locaux afin de causer un déni de service [...]

Solution

Installer les mises à jour :

Mandriva Linux 2007.0:
123b5f8f021f12d910a4348e9a557ec7 2007.0/i586/vixie-cron-4.1-9.1mdv2007.0.i586.rpm
682d18fa3ebec317be382fb40c140745 2007.0/SRPMS/vixie-cron-4.1-9.1mdv2007.0.src.rpm

Mandriva Linux 2007.0/X86_64:
e797aa1deb1aa45a3ac31967341d4271 2007.0/x86_64/vixie-cron-4.1-9.1mdv2007.0.x86_64.rpm
682d18fa3ebec317be382fb40c140745 2007.0/SRPMS/vixie-cron-4.1-9.1mdv2007.0.src.rpm

Mandriva Linux 2007.1:
901d627bc295b396d1b9d331a7b538cd 2007.1/i586/vixie-cron-4.1-9.1mdv2007.1.i586.rpm
e08498cdcb6f66fd167e6cd22d6c7c6b 2007.1/SRPMS/vixie-cron-4.1-9.1mdv2007.1.src.rpm

Mandriva Linux 2007.1/X86_64:
dba8945a07a6c835bc58d33884b1f50b 2007.1/x86_64/vixie-cron-4.1-9.1mdv2007.1.x86_64.rpm
e08498cdcb6f66fd167e6cd22d6c7c6b 2007.1/SRPMS/vixie-cron-4.1-9.1mdv2007.1.src.rpm

Mandriva Linux 2008.0:
1b273c4f69665e22bf56f3da76c52556 2008.0/i586/vixie-cron-4.1-9.1mdv2008.0.i586.rpm
148738b227103c0b1ee25e5f6ca747eb 2008.0/SRPMS/vixie-cron-4.1-9.1mdv2008.0.src.rpm

Mandriva Linux 2008.0/X86_64:
ebcf2fcf7c88dd88688eb4aa9f8a6bb2 2008.0/x86_64/vixie-cron-4.1-9.1mdv2008.0.x86_64.rpm
148738b227103c0b1ee25e5f6ca747eb 2008.0/SRPMS/vixie-cron-4.1-9.1mdv2008.0.src.rpm

Historique

2007-12-04 : Version Initiale

Recevez les bulletins FrSIRT

Le service FrSIRT VNS permet aux professionnels de la sécurité (RSSI, DSI, administrateurs et consultants) de recevoir en temps-réel, par email, SMS et flux RSS/XML, des bulletins de vulnérabilités complets, détaillés et personnalisés.

Recherche

Newsletter

	Apple iPhone and iPod touch Multiple Code Execution Vulnerabilities
	Apple Xcode Code Execution and Information Disclosure Vulnerabilities
	Apple TV Data Processing Remote Code Execution Vulnerabilities
	Apple Mac OS X Command Execution Vulnerabilities
	Apple Safari for Mac OS X Remote Code Execution Vulnerability
	Apple Mac OS X ARDAgent Local Privilege Escalation Vulnerability
	Apple Safari Code Execution and Information Disclosure Vulnerabilities

	Microsoft Office Word Document Handling Code Execution Vulnerability
	Microsoft SQL Server Privilege Escalation Vulnerabilities (MS08-040)
	Microsoft Exchange Server Cross Site Scripting Issues (MS08-039)
	Microsoft Windows Explorer Remote Code Execution (MS08-038)
	Microsoft Windows Multiple DNS Spoofing Vulnerabilities (MS08-037)
	Microsoft Access Snapshot Viewer ActiveX Control Vulnerability
	Microsoft Internet Explorer Frame Cross-Domain Scripting Vulnerability

	Oracle Products Multiple Code Execution Vulnerabilities
	Oracle Products Command Execution and SQL Injection Vulnerabilities
	Oracle Products Multiple Code Execution and SQL Injection Vulnerabilities
	Oracle Database "PITRIG_DROPMETADATA" Buffer Overflow Vulnerability
	Oracle Products Multiple Code Execution and SQL Injection Vulnerabilities
	Oracle JInitiator ActiveX Control Multiple Remote Buffer Overflow Vulnerabilities
	Oracle Products Multiple Remote Command Execution and SQL Injection Vulnerabilities