FrSIRT - Fedora Security Update Fixes Beagle "beagle-status" Command Execution Issue / Exploit (Security Advisories)

French Security Incident Response Team

French

English

Fedora Security Update Fixes Beagle "beagle-status" Command Execution Issue

Title : Fedora Security Update Fixes Beagle "beagle-status" Command Execution Issue
Advisory ID : FrSIRT/ADV-2006-1048
CVE ID : CVE-2006-1296
Rated as : Low Risk

Remotely Exploitable : No
Locally Exploitable : Yes
Release Date : 2006-03-22

Advisory Details

Description

Affected Products

Solution

References

Technical Description

Fedora has released updated packages to address a vulnerability identified in Beagle [...]

Solution

Upgrade the affected packages :

http://download.fedora.redhat.com/pub/fedora/linux/core/updates/5/

031b14c13c1da8a0ad078d29e7c8997f81edc108 SRPMS/beagle-0.2.3-4.src.rpm
9c05aceec3352a5822bd715bb8f1d7a7ab3b1c15 ppc/beagle-0.2.3-4.ppc.rpm
fa966f7a58099c9b24324e776d5bd3bba0ed6737 ppc/libbeagle-0.2.3-4.ppc.rpm
4faf4d0a15ab3a81a75e6b518fa6d447701c5ff7 ppc/libbeagle-devel-0.2.3-4.ppc.rpm
baedc9ecbace7961d15d42020225d1ccf5618a49 ppc/libbeagle-python-0.2.3-4.ppc.rpm
76d01133208326bd31062a9c00f70675fb74b4eb ppc/debug/beagle-debuginfo-0.2.3-4.ppc.rpm
3dd3cd525eb4c94ac2337efcf01006d3e9490a0c x86_64/beagle-0.2.3-4.x86_64.rpm
e782635126ed098076b88a037f04865ea5218d6c x86_64/libbeagle-0.2.3-4.x86_64.rpm
bfecb57a38e4a948517871c350e45aabd86e87cc x86_64/libbeagle-devel-0.2.3-4.x86_64.rpm
25559cbdf4a17e9ab98029a0a4087ec62001c38e x86_64/libbeagle-python-0.2.3-4.x86_64.rpm
724c8bf195af380c55b0ec3e72f1791962f35e63 x86_64/debug/beagle-debuginfo-0.2.3-4.x86_64.rpm
c02e35f99532418d379804a05a9b0f24dd102ae5 i386/beagle-0.2.3-4.i386.rpm
73653a24af6b10772afe5e2c24723c698750ad96 i386/libbeagle-0.2.3-4.i386.rpm
3cbcfc28429f3cd5911c6990110f40b0963d29d3 i386/libbeagle-devel-0.2.3-4.i386.rpm
340d500ecd5c38a8fc3c640b4151d2d2b547d7b8 i386/libbeagle-python-0.2.3-4.i386.rpm
8b42aa3907319ed3d0ac53eb303aa3291a734831 i386/debug/beagle-debuginfo-0.2.3-4.i386.rpm

ChangeLog

2006-03-22 : Initial release

Vulnerability Management

Subscribe to FrSIRT VNS and receive real-time e-mail and SMS alerts when new vulnerabilities, exploits, or patches relevant to your systems and network configurations are available.

Feedback

If you have additional information or corrections for this security advisory please submit them via our contact form or by email to updates@frsirt.com.

Mailinglist

	Sun Logical Domain Manager Local Privilege Escalation Vulnerability
	Sun StarOffice/StarSuite EMF Handling Buffer Overflow Vulnerability
	Sun Java Messaging Server Cross Site Scripting Vulnerability
	Sun Solaris IP Filter NAT Service DNS Cache Poisoning Vulnerability
	Sun Java System Identity Manager Security Bypass Vulnerabilities
	Sun Solaris DHCP Buffer Overflow and Denial of Service
	Sun Solstice X.25 "/dev/xty" Local Denial of Service Vulnerability

	Apple iPhone and iPod touch Multiple Code Execution Vulnerabilities
	Apple Safari Code Execution and Security Bypass Vulnerabilities
	Apple iLife and Aperture Image Handling Code Execution Vulnerabilities
	Apple Mac OS X Code Execution and Security Bypass Vulnerabilities
	Apple TV Multiple File Processing Code Execution Vulnerabilities
	Apple Mac OS X Code Execution and Security Bypass Vulnerabilities
	Apple iPhone Code Execution and Security Bypass Vulnerabilities

	IBM AIX Multiple Command Local Privilege Escalation Vulnerabilities
	IBM AIX Sendmail Header Lines Denial of Service Vulnerability
	IBM Metrica Multiple Parameter Cross Site Scripting Vulnerabilities
	IBM Lotus Quickr Unspecified Cross Site Scripting Vulnerabilities
	IBM Hardware Management Console Denial of Service Vulnerability
	IBM Tivoli Storage Manager Client Buffer Overflow Vulnerability
	IBM DB2 Denial of Service and Information Disclosure Vulnerabilities