FrSIRT - Fedora Security Update Fixes id3lib Insecure Temporary Files Vulnerability / Exploit (Security Advisories)

French Security Incident Response Team

French

English

Fedora Security Update Fixes id3lib Insecure Temporary Files Vulnerability

Title : Fedora Security Update Fixes id3lib Insecure Temporary Files Vulnerability
Advisory ID : FrSIRT/ADV-2007-2961
CVE ID : CVE-2007-4460
Rated as : Low Risk

Remotely Exploitable : No
Locally Exploitable : Yes
Release Date : 2007-08-27

Advisory Details

Description

Affected Products

Solution

References

Technical Description

A vulnerability has been identified in Fedora, which could be exploited by malicious users to bypass security restrictions [...]

Solution

Upgrade the affected packages :

e6b3087e4bbf2dfa8dd88f41b6ea9877992e386f id3lib-3.8.3-17.fc7.ppc64.rpm
5dbd4f22a208836933133c1c0fb241c939394dc0 id3lib-debuginfo-3.8.3-17.fc7.ppc64.rpm
6be196648013797251adfeaae6b52720c25f94d4 id3lib-devel-3.8.3-17.fc7.ppc64.rpm
c4cc4c16f97561fae3a5f70330ab7964c1640969 id3lib-3.8.3-17.fc7.i386.rpm
2b5ae4415358b2c59247b264b3b1d1a99cbd2b9a id3lib-devel-3.8.3-17.fc7.i386.rpm
0f2544b47b544b9e8ca54e19c21ed2b2b3a210d4 id3lib-debuginfo-3.8.3-17.fc7.i386.rpm
037f38b2988545ad440c5174a7313c4fec58f0f1 id3lib-debuginfo-3.8.3-17.fc7.x86_64.rpm
ab54ab72585de3a83ef4b7502e04e57dfe6e4ab7 id3lib-3.8.3-17.fc7.x86_64.rpm
e167543feb1561e259edbcc0e49cf63487ed2eb1 id3lib-devel-3.8.3-17.fc7.x86_64.rpm
f836a7b9b33c183fc6009d611c1efd1dee4a0876 id3lib-3.8.3-17.fc7.ppc.rpm
7e2badfdca50550fdf15d0f467d4c5e4843a7e7b id3lib-debuginfo-3.8.3-17.fc7.ppc.rpm
cdfa2d1d118b41d394278f4330a63f7b47bf46ea id3lib-devel-3.8.3-17.fc7.ppc.rpm
3a9864090c09df3d7aa82eeacb6adaff2ec19592 id3lib-3.8.3-17.fc7.src.rpm

ChangeLog

2007-08-27 : Initial release

Vulnerability Management

Subscribe to FrSIRT VNS and receive real-time e-mail and SMS alerts when new vulnerabilities, exploits, or patches relevant to your systems and network configurations are available.

Feedback

If you have additional information or corrections for this security advisory please submit them via our contact form or by email to updates@frsirt.com.

Mailinglist

	Cisco Products Remote DNS Cache Poisoning Vulnerability
	Cisco Wide Area Application Services CUPS Remote Vulnerability
	Cisco UCM Denial of Service and Authentication Bypass Vulnerabilities
	Cisco Intrusion Prevention System Jumbo Frame Vulnerability
	Cisco VPN Client Deterministic Network Enhancer Privilege Escalation
	Cisco Products SNMPv3 Authentication Packets Vulnerabilities
	Cisco PIX and ASA Security Bypass and Denial of Service

	Oracle Products Multiple Code Execution and Security Bypass Issues
	Oracle Products Command Execution and SQL Injection Vulnerabilities
	Oracle Products Multiple Code Execution and SQL Injection Vulnerabilities
	Oracle Database "PITRIG_DROPMETADATA" Buffer Overflow Vulnerability
	Oracle Products Multiple Code Execution and SQL Injection Vulnerabilities
	Oracle JInitiator ActiveX Control Multiple Remote Buffer Overflow Vulnerabilities
	Oracle Products Multiple Remote Command Execution and SQL Injection Vulnerabilities

	Sun Solaris System Management Agent Buffer Overflow Vulnerability
	Sun Update Fixes Mozilla Thunderbird Multiple Vulnerabilities
	Sun Java JDK and JRE Code Execution and Security Bypass Issues
	Sun Solaris DNS Protocol Remote Cache Poisoning Vulnerability
	Sun Solaris Tomcat JSP/Servlet Container Multiple Vulnerabilities
	Sun Java System Access Manager XSLT Code Execution Vulnerability
	Sun Solaris 10 Adobe Reader Multiple Code Execution Vulnerabilities