French Security Incident Response Team

FrSIRT   

      

   français French  anglais English

 
Vulnerability Notification Service
 FrSIRT Partner Program
 14-Day Free Trial
Contact FrSIRT Sales Dept.
 

Security Advisories
Linux Security Advisories
Virus and Threats Advisories
Latest Security News
Latest Zero Day Threats
Advisories and vulnerabilities by Vendor
Advisories and vulnerabilities by Keyword
 

Report a security incident
Report a new vulnerability
Security Mailinglist
 

Our Company
FrSIRT in the News
Advertise on FrSIRT.COM
Security Researchers and Exploit Writers Jobs
Contact Us

Trustix Security Update Fixes Multiple Code Execution and Security Bypass Issues

Title : Trustix Security Update Fixes Multiple Code Execution and Security Bypass Issues
Advisory ID : FrSIRT/ADV-2007-2686
CVE ID : CVE-2007-1349 - CVE-2007-1900 - CVE-2007-2756 - CVE-2007-2872 - CVE-2007-2926 - CVE-2007-3007 - CVE-2007-3377 - CVE-2007-3409 - CVE-2007-3564 - CVE-2007-3725 - CVE-2007-3798
Rated as : High Risk 
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-07-30

Advisory Details
 
  Description
  Affected Products
  Solution
  References
Technical Description    Receive FrSIRT alerts in a Text format  Receive FrSIRT alerts in a PDF format  Receive FrSIRT alerts in an XML format  Receive FrSIRT notifications by SMS 

Multiple vulnerabilities have been identified in Trustix, which could be exploited by attackers to bypass security restrictions, cause a denial of service or execute arbitrary code [...]

Solution

Upgrade the affected packages :

http://http.trustix.org/pub/trustix/updates/

385242c4da523acb7ecaff616901b223 3.0.5/rpms/bind-9.3.4-4tr.i586.rpm
4167a783f1c3411b5164ab9995e8113c 3.0.5/rpms/bind-devel-9.3.4-4tr.i586.rpm
3d2dc1d76c375cd4cf8e5f9e4a4ddf95 3.0.5/rpms/bind-libs-9.3.4-4tr.i586.rpm
f2d0cba38984af70e4f59f0d60ff2302 3.0.5/rpms/bind-light-9.3.4-4tr.i586.rpm
aff99e42d42a8b254daa4dd584be5f1e 3.0.5/rpms/bind-light-devel-9.3.4-4tr.i586.rpm
274cd85cad7ca003fb0f878340edb285 3.0.5/rpms/bind-utils-9.3.4-4tr.i586.rpm
6a99712b78627068aa0b7fa8f26b7e7d 3.0.5/rpms/clamav-0.91-1tr.i586.rpm
2ff6fcd209c53b53fc6c9206c300eec4 3.0.5/rpms/clamav-devel-0.91-1tr.i586.rpm
09e20d036d2b53c7a65624aa6882123e 3.0.5/rpms/curl-7.16.4-1tr.i586.rpm
9e2e4ef2609cf03088b9445bdab80631 3.0.5/rpms/curl-devel-7.16.4-1tr.i586.rpm
600b93c576cd56863475f24a0ecc3f4f 3.0.5/rpms/mod_perl-2.0.2-3tr.i586.rpm
c07c04028d2b514a463de72a875506db 3.0.5/rpms/mod_perl-devel-2.0.2-3tr.i586.rpm
cabcfcc1cfba5743ec30bb3e3eb318c2 3.0.5/rpms/perl-net-dns-0.48-9tr.i586.rpm
e20885f62af0966f141d816d5379acd0 3.0.5/rpms/php-5.2.3-2tr.i586.rpm
4e21162333b73d66dde4e52b2963b1b2 3.0.5/rpms/php-calendar-5.2.3-2tr.i586.rpm
9549f8f5a80e4bf8a2b39285eeb1fc9c 3.0.5/rpms/php-cli-5.2.3-2tr.i586.rpm
612598724164f92956a46dfd82519910 3.0.5/rpms/php-curl-5.2.3-2tr.i586.rpm
fa21e93e332faad2156b9981fcab0412 3.0.5/rpms/php-dba-5.2.3-2tr.i586.rpm
41248154da73754b2e239b76733cfe50 3.0.5/rpms/php-devel-5.2.3-2tr.i586.rpm
276c9d70f92c8ba4df771334b5c1c6c5 3.0.5/rpms/php-exif-5.2.3-2tr.i586.rpm
11b1dee7b0f395962001bd2b63155d1f 3.0.5/rpms/php-fcgi-5.2.3-2tr.i586.rpm
8a2bdc6d26c532ec1b42420315729f99 3.0.5/rpms/php-gd-5.2.3-2tr.i586.rpm
2fae9844d133102ffda34ff18564ca84 3.0.5/rpms/php-imap-5.2.3-2tr.i586.rpm
dec194258270480cd4b4d7bf43ae8fc2 3.0.5/rpms/php-ldap-5.2.3-2tr.i586.rpm
5a0dc23348b76defab4c24b2da562b5f 3.0.5/rpms/php-mcrypt-5.2.3-2tr.i586.rpm
1f695f95099d08d832697f517f806cf1 3.0.5/rpms/php-mhash-5.2.3-2tr.i586.rpm
c412e4fb7e16ef4ac71f399c41779deb 3.0.5/rpms/php-mssql-5.2.3-2tr.i586.rpm
b42f4883c03145d946ed6d869d22f72a 3.0.5/rpms/php-mysql-5.2.3-2tr.i586.rpm
35222a6bfe9e049f0a806b4a35015e79 3.0.5/rpms/php-mysqli-5.2.3-2tr.i586.rpm
f351b5011818d1415a5117bafc22eb4e 3.0.5/rpms/php-openssl-5.2.3-2tr.i586.rpm
f46ea8caa3dc48c7ea8c54964abc5152 3.0.5/rpms/php-pdo-mysql-5.2.3-2tr.i586.rpm
84344f18f94e2b97e5c77920c876f51c 3.0.5/rpms/php-pdo-sqlite-5.2.3-2tr.i586.rpm
622bdb0b15bf0bd00fecaedd2971f71b 3.0.5/rpms/php-pgsql-5.2.3-2tr.i586.rpm
cdaadbf37e4e4875cae29d314747be04 3.0.5/rpms/php-pspell-5.2.3-2tr.i586.rpm
bb957f6b81cf29dc8aec0b6d8f82e55c 3.0.5/rpms/php-snmp-5.2.3-2tr.i586.rpm
3e865b30e6b7b58e2bb09cc1eeb1c371 3.0.5/rpms/php-sqlite-5.2.3-2tr.i586.rpm
842fbe08b207b9a1fea602ed32f4b7b2 3.0.5/rpms/php-xslt-5.2.3-2tr.i586.rpm
0c7646b5d3e9206f019ffed95a9b4c41 3.0.5/rpms/php-zlib-5.2.3-2tr.i586.rpm
beb5bb381f3c2283cc79194ae0812822 3.0.5/rpms/tcpdump-3.8.3-9tr.i586.rpm

a391402b4cc09fdfa8fbb691c91b2b08 3.0/rpms/bind-9.3.4-3tr.i586.rpm
5de35bd610263cb60389245644a9fb8e 3.0/rpms/bind-devel-9.3.4-3tr.i586.rpm
e8a5943aa49d1fafa50b58e6421b2e9a 3.0/rpms/bind-libs-9.3.4-3tr.i586.rpm
1942f8178c7c9b56e62bad4fc309f976 3.0/rpms/bind-light-9.3.4-3tr.i586.rpm
fc3940a06e5415dd7f20d6e13b698938 3.0/rpms/bind-light-devel-9.3.4-3tr.i586.rpm
4a3e1e31aa6f4b97f1cdd68091d345ee 3.0/rpms/bind-utils-9.3.4-3tr.i586.rpm
706e7200ae5bdba1029f5b764de7839b 3.0/rpms/clamav-0.91-1tr.i586.rpm
7bcb48add43435ddc6844c8788838b78 3.0/rpms/clamav-devel-0.91-1tr.i586.rpm
4eb9d1ca7eb019819db2beb1c0345991 3.0/rpms/curl-7.16.4-1tr.i586.rpm
faeafe6f0ddb8dc82d050e1f652f9d2d 3.0/rpms/curl-devel-7.16.4-1tr.i586.rpm
8fdc1d78fcd94fde400413e892fd9e24 3.0/rpms/mod_perl-2.0.0-5tr.i586.rpm
45979e4b4f3c2cfc57d7ac31620825b1 3.0/rpms/mod_perl-devel-2.0.0-5tr.i586.rpm
929644b8b2092afb00b2de2eb7e407dc 3.0/rpms/perl-net-dns-0.48-8tr.i586.rpm
1209b0a10694606d18e74f89e18c4a03 3.0/rpms/php-5.2.3-2tr.i586.rpm
a11d6834c9ed3fff9bad1490dea865aa 3.0/rpms/php-calendar-5.2.3-2tr.i586.rpm
d2cc2b3a319ae3093a91b0f6570fe47a 3.0/rpms/php-cli-5.2.3-2tr.i586.rpm
0ebf7ad7a6b286d1385ba51b1817516c 3.0/rpms/php-curl-5.2.3-2tr.i586.rpm
98b72bc17b2c31021390197c4b06c89d 3.0/rpms/php-dba-5.2.3-2tr.i586.rpm
43e23f9064f04a02476ae13ef4f4d1be 3.0/rpms/php-devel-5.2.3-2tr.i586.rpm
f168fe8c914d57ee87d0649b01f97e77 3.0/rpms/php-exif-5.2.3-2tr.i586.rpm
ad8c9a6cf39987f899009976a16fb0a5 3.0/rpms/php-fcgi-5.2.3-2tr.i586.rpm
cfa1a50f86dfd87ec7cd8619152d4b71 3.0/rpms/php-gd-5.2.3-2tr.i586.rpm
da6f567e3c3e1ef8a7ed8f75bb437a05 3.0/rpms/php-imap-5.2.3-2tr.i586.rpm
05691bf3d3226fa05b0a2734583a7556 3.0/rpms/php-ldap-5.2.3-2tr.i586.rpm
8e3f6a0c74ebb806b10d8a863ac3ba13 3.0/rpms/php-mcrypt-5.2.3-2tr.i586.rpm
490351006a445007b04513876e1abed8 3.0/rpms/php-mhash-5.2.3-2tr.i586.rpm
ea375b107428a5a07df36af4138b225c 3.0/rpms/php-mssql-5.2.3-2tr.i586.rpm
621ab19d1951642fbe1039aa7dd4ee55 3.0/rpms/php-mysql-5.2.3-2tr.i586.rpm
081788130aa74b739f7a6f2f1672b6ac 3.0/rpms/php-mysqli-5.2.3-2tr.i586.rpm
98c91e97a36d76b054094c4aef8ba303 3.0/rpms/php-openssl-5.2.3-2tr.i586.rpm
a116f66211a0e41646d7bb057f93c994 3.0/rpms/php-pdo-mysql-5.2.3-2tr.i586.rpm
8f956f1d14920866c0699006471de2de 3.0/rpms/php-pdo-sqlite-5.2.3-2tr.i586.rpm
58e83e31a64595b671209aa2b032de9e 3.0/rpms/php-pgsql-5.2.3-2tr.i586.rpm
5e318866d6f8d8d654bcb940469fb25a 3.0/rpms/php-pspell-5.2.3-2tr.i586.rpm
7d4dc479904dcac651efe6c8307004c0 3.0/rpms/php-snmp-5.2.3-2tr.i586.rpm
7c2903bd5bde33b5194895932f2336eb 3.0/rpms/php-sqlite-5.2.3-2tr.i586.rpm
9dcfdcddbf8dfb3eb066893c7e184032 3.0/rpms/php-xslt-5.2.3-2tr.i586.rpm
2b22a6a4c46cf1dcc823d0be52a1ee6b 3.0/rpms/php-zlib-5.2.3-2tr.i586.rpm
3e5a930e898b69ff03d010bb4d50e3d0 3.0/rpms/tcpdump-3.8.3-8tr.i586.rpm
d3c601bd616c19da0da2180e7029cc2c 2.2/rpms/bind-9.3.4-3tr.i586.rpm
ba5ab37e1c1f98b73ecf7988cafafc10 2.2/rpms/bind-devel-9.3.4-3tr.i586.rpm
c5173096b50c73537bc149a24074ab47 2.2/rpms/bind-libs-9.3.4-3tr.i586.rpm
ec8157264cccbe97f111647682625ed0 2.2/rpms/bind-light-9.3.4-3tr.i586.rpm
e58d3dac7a5ed83a33291dc0493d07fc 2.2/rpms/bind-light-devel-9.3.4-3tr.i586.rpm
701f16b002778ca84844b85d2adff688 2.2/rpms/bind-utils-9.3.4-3tr.i586.rpm
d0f1c9fb436123f8d0a9d7e1af85c885 2.2/rpms/clamav-0.91-1tr.i586.rpm
f296443ddff0566e9d474643ff33b962 2.2/rpms/clamav-devel-0.91-1tr.i586.rpm
3f9a03adaa1171d960cdbfe08ea6795b 2.2/rpms/curl-7.15.3-3tr.i586.rpm
5332054611bdba805908521670783b96 2.2/rpms/curl-devel-7.15.3-3tr.i586.rpm
60489eeffd8bf5958fde66628a343974 2.2/rpms/mod_perl-2.0.0-5tr.i586.rpm
dd0202812215babf987e20525ec940db 2.2/rpms/mod_perl-devel-2.0.0-5tr.i586.rpm
5f1b350a7ea7ef3d7964259a179ebb3a 2.2/rpms/perl-net-dns-0.48-3tr.i586.rpm
6e4d88ef05463a6895bded9a04d6c417 2.2/rpms/php-5.2.3-1tr.i586.rpm
df38a5edbb2d8d5836173206fb4aa51e 2.2/rpms/php-cli-5.2.3-1tr.i586.rpm
b7358a367b60569d7198fea6d3d0f0cd 2.2/rpms/php-curl-5.2.3-1tr.i586.rpm
335875d9db23623630c8e7a2f7ff6b35 2.2/rpms/php-devel-5.2.3-1tr.i586.rpm
f445894ec53b9b0d7ec69c38e37db59f 2.2/rpms/php-exif-5.2.3-1tr.i586.rpm
6dfbf73af362155eb654b3bbf5900fe2 2.2/rpms/php-fcgi-5.2.3-1tr.i586.rpm
79dc33da7ef677c44241b4985acd6e0f 2.2/rpms/php-gd-5.2.3-1tr.i586.rpm
ac208d692c6868c07d787b72405b77ec 2.2/rpms/php-imap-5.2.3-1tr.i586.rpm
281562426b06aaa035569925354b08a3 2.2/rpms/php-ldap-5.2.3-1tr.i586.rpm
3aceb6b5e05e0949959a90f762172c6a 2.2/rpms/php-mcrypt-5.2.3-1tr.i586.rpm
7dc951138c0d5abf8a8437eec57d734e 2.2/rpms/php-mhash-5.2.3-1tr.i586.rpm
698e5c3b296094a84600673439a8ba2e 2.2/rpms/php-mssql-5.2.3-1tr.i586.rpm
f76695798ecf9f0c3c4005e309a97010 2.2/rpms/php-mysql-5.2.3-1tr.i586.rpm
063183e965f09e8c0581d4a21c31accb 2.2/rpms/php-mysqli-5.2.3-1tr.i586.rpm
f04605d40bfed9290308d47c3464ac0c 2.2/rpms/php-openssl-5.2.3-1tr.i586.rpm
227afb0b6004cd4e07d2e276cc639b34 2.2/rpms/php-pdo-mysql-5.2.3-1tr.i586.rpm
5854d898328e4446c3d4b36e7b454695 2.2/rpms/php-pdo-sqlite-5.2.3-1tr.i586.rpm
eed1a233aef2fdddd4d1961b2bc2a7c2 2.2/rpms/php-pgsql-5.2.3-1tr.i586.rpm
9ef05f267ba75169f28298783372a8ad 2.2/rpms/php-sqlite-5.2.3-1tr.i586.rpm
c20518aaa32dd4b9b2f906c96c99b0c8 2.2/rpms/php-zlib-5.2.3-1tr.i586.rpm
f9031f0f637cabfbf0113743a5d1ac8d 2.2/rpms/tcpdump-3.8.3-4tr.i586.rpm

ChangeLog

2007-07-30 : Initial release

Vulnerability Management

Subscribe to FrSIRT VNS and receive real-time e-mail and SMS alerts when new vulnerabilities, exploits, or patches relevant to your systems and network configurations are available.

Feedback

If you have additional information or corrections for this security advisory please submit them via our contact form or by email to updates@frsirt.com.
 
 

Search
      

Mailinglist
    
 

Microsoft Visual Studio "Msmask32" Code Execution Vulnerability

Microsoft PowerPoint Command Execution Vulnerabilities (MS08-051)

Microsoft Windows Messenger Data Disclosure (MS08-050)

Microsoft Windows Event System Code Execution (MS08-049)

Microsoft Outlook and Mail Security Bypass Vulnerability (MS08-048)

Microsoft Windows IPsec Policy Data Disclosure Vulnerability (MS08-047)

Microsoft Windows MSCMS Code Execution Vulnerability (MS08-046)

Cisco PIX and ASA Information Disclosure and DoS Vulnerabilities

Cisco Secure ACS EAP Remote Denial Of Service Vulnerability

Cisco Products Remote DNS Cache Poisoning Vulnerability

Cisco Wide Area Application Services CUPS Remote Vulnerability

Cisco UCM Denial of Service and Authentication Bypass Vulnerabilities

Cisco Intrusion Prevention System Jumbo Frame Vulnerability

Cisco VPN Client Deterministic Network Enhancer Privilege Escalation

Sun Solaris Covert Channel Local Security Bypass Vulnerability

Sun Solaris NFS RPC Zone Denial of Service Vulnerability

Sun Solaris NFS Kernel Module Local Denial of Service Vulnerability

Sun Solaris NFSv4 Client Kernel Module Denial of Service Vulnerability

Sun Java System Portal Server Cross Site Scripting Vulnerability

Sun rdesktop Code Execution and Denial of Service

Sun Java System Web Proxy Server Denial of Service Vulnerability

Copyright 2003-2008 © FrSIRT.COM - Privacy Policy