French Security Incident Response Team

FrSIRT   

      

   français French  anglais English

 
Vulnerability Notification Service
 FrSIRT Partner Program
 14-Day Free Trial
Contact FrSIRT Sales Dept.
 

Security Advisories
Linux Security Advisories
Virus and Threats Advisories
Latest Security News
Latest Zero Day Threats
Advisories and vulnerabilities by Vendor
Advisories and vulnerabilities by Keyword
 

Report a security incident
Report a new vulnerability
Security Mailinglist
 

Our Company
FrSIRT in the News
Advertise on FrSIRT.COM
Security Researchers and Exploit Writers Jobs
Contact Us

Mandriva Security Update Fixes id3lib Insecure Temporary Files Vulnerability

Title : Mandriva Security Update Fixes id3lib Insecure Temporary Files Vulnerability
Advisory ID : FrSIRT/ADV-2007-3126
CVE ID : CVE-2007-4460
Rated as : Low Risk 
Remotely Exploitable : No
Locally Exploitable : Yes
Release Date : 2007-09-13

Advisory Details
 
  Description
  Affected Products
  Solution
  References
Technical Description    Receive FrSIRT alerts in a Text format  Receive FrSIRT alerts in a PDF format  Receive FrSIRT alerts in an XML format  Receive FrSIRT notifications by SMS 

A vulnerability has been identified in Mandriva, which could be exploited by malicious users to bypass security restrictions [...]

Solution

Upgrade the affected packages :

Mandriva Linux 2007.0:
89ededb20e4a560dc4a15bc028bde937 2007.0/i586/id3lib-3.8.3-10.1mdv2007.0.i586.rpm
911e99bcbd3adc8d49175fa12297d6dd 2007.0/i586/libid3_3.8_3-3.8.3-10.1mdv2007.0.i586.rpm
d792ca59dcbfbba0ec75742383dd0740 2007.0/i586/libid3_3.8_3-devel-3.8.3-10.1mdv2007.0.i586.rpm
b5263e43bcc2c3e52cb96ce70769d663 2007.0/i586/libid3_3.8_3-static-devel-3.8.3-10.1mdv2007.0.i586.rpm
8046c1d4ed9191e1ea40caf4b7ba20f5 2007.0/SRPMS/id3lib-3.8.3-10.1mdv2007.0.src.rpm

Mandriva Linux 2007.0/X86_64:
330799502bac0ea9cdf3e87a89836b61 2007.0/x86_64/id3lib-3.8.3-10.1mdv2007.0.x86_64.rpm
1be980ac246eee399e840933912c38dd 2007.0/x86_64/lib64id3_3.8_3-3.8.3-10.1mdv2007.0.x86_64.rpm
9c89408b8df0db6e0525818d72179b28 2007.0/x86_64/lib64id3_3.8_3-devel-3.8.3-10.1mdv2007.0.x86_64.rpm
a46d3015c2b8281d89adcd6463b74fd0 2007.0/x86_64/lib64id3_3.8_3-static-devel-3.8.3-10.1mdv2007.0.x86_64.rpm
8046c1d4ed9191e1ea40caf4b7ba20f5 2007.0/SRPMS/id3lib-3.8.3-10.1mdv2007.0.src.rpm

Mandriva Linux 2007.1:
012881ba00ae7a43fdda8daede5094ef 2007.1/i586/id3lib-3.8.3-10.1mdv2007.1.i586.rpm
0bb593e49f8c41552d27e4e663b56273 2007.1/i586/libid3_3.8_3-3.8.3-10.1mdv2007.1.i586.rpm
1a91fab14f81fb583f7acea0486220d7 2007.1/i586/libid3_3.8_3-devel-3.8.3-10.1mdv2007.1.i586.rpm
ec3ec3f058a7aa84e19870bd11f3949f 2007.1/i586/libid3_3.8_3-static-devel-3.8.3-10.1mdv2007.1.i586.rpm
eff155d8383d433ef3b6cee13fa3c0c4 2007.1/SRPMS/id3lib-3.8.3-10.1mdv2007.1.src.rpm

Mandriva Linux 2007.1/X86_64:
7e6e147491fce23225e257049ea54231 2007.1/x86_64/id3lib-3.8.3-10.1mdv2007.1.x86_64.rpm
6e958567c9dcdd32cca5908af3d3d230 2007.1/x86_64/lib64id3_3.8_3-3.8.3-10.1mdv2007.1.x86_64.rpm
65dc5829f1df5aa29e16a7208f78efa0 2007.1/x86_64/lib64id3_3.8_3-devel-3.8.3-10.1mdv2007.1.x86_64.rpm
0cffc56e63ae5ed9bc0f6ac5143f225a 2007.1/x86_64/lib64id3_3.8_3-static-devel-3.8.3-10.1mdv2007.1.x86_64.rpm
eff155d8383d433ef3b6cee13fa3c0c4 2007.1/SRPMS/id3lib-3.8.3-10.1mdv2007.1.src.rpm

Corporate 3.0:
490549e67ef6b52bd06eaaf6dbff508a corporate/3.0/i586/libid3_3.8_3-3.8.3-6.1.C30mdk.i586.rpm
4647513ebae5dc1355d3e7f9b7ee51a5 corporate/3.0/i586/libid3_3.8_3-devel-3.8.3-6.1.C30mdk.i586.rpm
2339afded61377eff9f912bed1218cd1 corporate/3.0/i586/libid3_3.8_3-static-devel-3.8.3-6.1.C30mdk.i586.rpm
3c659b0444946057c77a019af1678810 corporate/3.0/SRPMS/id3lib-3.8.3-6.1.C30mdk.src.rpm

ChangeLog

2007-09-13 : Initial release

Vulnerability Management

Subscribe to FrSIRT VNS and receive real-time e-mail and SMS alerts when new vulnerabilities, exploits, or patches relevant to your systems and network configurations are available.

Feedback

If you have additional information or corrections for this security advisory please submit them via our contact form or by email to updates@frsirt.com.
 
 

Search
      

Mailinglist
    
 

Mozilla Firefox for Mac OS X GIF Rendering Code Execution Vulnerability

Mozilla Products Remote Code Execution and Security Bypass Issues

Mozilla Products Code Execution and Injection Vulnerabilities

Mozilla JavaScript Garbage Collector Code Execution Vulnerability

Mozilla Thunderbird Code Execution and Cross Site Scripting Issues

Mozilla Firefox and SeaMonkey Multiple Remote Code Execution Issues

Mozilla Thunderbird Multiple Security Bypass and Code Execution Issues

IBM WebSphere Application Server Security Exposure Vulnerabilities

IBM AIX DNS Transaction ID Remote Cache Poisoning Vulnerability

IBM Tivoli Directory Server Entry Handling Double-Free Vulnerability

IBM AFP Viewer Plug-In "SRC" Property Buffer Overflow Vulnerability

IBM Hardware Management Console Cross Site Scripting Vulnerabilities

IBM OS/400 BrSmRcvAndCheck Local Buffer Overflow Vulnerability

IBM DB2 Multiple Buffer Overflow and Security Bypass Vulnerabilities

Cisco Products Remote DNS Cache Poisoning Vulnerability

Cisco Wide Area Application Services CUPS Remote Vulnerability

Cisco UCM Denial of Service and Authentication Bypass Vulnerabilities

Cisco Intrusion Prevention System Jumbo Frame Vulnerability

Cisco VPN Client Deterministic Network Enhancer Privilege Escalation

Cisco Products SNMPv3 Authentication Packets Vulnerabilities

Cisco PIX and ASA Security Bypass and Denial of Service

Copyright 2003-2008 © FrSIRT.COM - Privacy Policy