French Security Incident Response Team

FrSIRT   

      

   français French  anglais English

 
Vulnerability Notification Service
 FrSIRT Partner Program
 14-Day Free Trial
Contact FrSIRT Sales Dept.
 

Security Advisories
Linux Security Advisories
Virus and Threats Advisories
Latest Security News
Latest Zero Day Threats
Advisories and vulnerabilities by Vendor
Advisories and vulnerabilities by Keyword
 

Report a security incident
Report a new vulnerability
Security Mailinglist
 

Our Company
FrSIRT in the News
Advertise on FrSIRT.COM
Security Researchers and Exploit Writers Jobs
Contact Us

Mandriva Security Update Fixes Librpcsecgss Code Execution Vulnerability

Title : Mandriva Security Update Fixes Librpcsecgss Code Execution Vulnerability
Advisory ID : FrSIRT/ADV-2007-3127
CVE ID : CVE-2007-3999
Rated as : Critical 
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-09-13

Advisory Details
 
  Description
  Affected Products
  Solution
  References
Technical Description    Receive FrSIRT alerts in a Text format  Receive FrSIRT alerts in a PDF format  Receive FrSIRT alerts in an XML format  Receive FrSIRT notifications by SMS 

A vulnerability has been identified in Mandriva, which could be exploited by attackers to cause a denial of service or take complete control of an affected system [...]

Solution

Upgrade the affected packages :

Mandriva Linux 2007.0:
adee4ad65f8a754f8ccc6b4c8045859a 2007.0/i586/librpcsecgss2-0.12-2.1mdv2007.0.i586.rpm
6667d2fe30b9afa56d545f41d439bab8 2007.0/i586/librpcsecgss2-devel-0.12-2.1mdv2007.0.i586.rpm
82dd8353114027f39ea40147fa65d977 2007.0/SRPMS/librpcsecgss-0.12-2.1mdv2007.0.src.rpm

Mandriva Linux 2007.0/X86_64:
aa72629dcbf7b309d1255ba8b4e9c7a8 2007.0/x86_64/lib64rpcsecgss2-0.12-2.1mdv2007.0.x86_64.rpm
d4e208540e449e43ad3a791134b34085 2007.0/x86_64/lib64rpcsecgss2-devel-0.12-2.1mdv2007.0.x86_64.rpm
82dd8353114027f39ea40147fa65d977 2007.0/SRPMS/librpcsecgss-0.12-2.1mdv2007.0.src.rpm

Mandriva Linux 2007.1:
163c85ca6bcd8fb0255f09ed6dc87d25 2007.1/i586/librpcsecgss3-0.14-1.1mdv2007.1.i586.rpm
09660ca474ed5fa9264cba9260304271 2007.1/i586/librpcsecgss3-devel-0.14-1.1mdv2007.1.i586.rpm
e0a0fe57468e16a68c106a8cab72f826 2007.1/SRPMS/librpcsecgss-0.14-1.1mdv2007.1.src.rpm

Mandriva Linux 2007.1/X86_64:
8b30c8009536197215abc9c0b5e43ae2 2007.1/x86_64/lib64rpcsecgss3-0.14-1.1mdv2007.1.x86_64.rpm
4e4d10c2f7eb72948d6baee8f9c0039d 2007.1/x86_64/lib64rpcsecgss3-devel-0.14-1.1mdv2007.1.x86_64.rpm
e0a0fe57468e16a68c106a8cab72f826 2007.1/SRPMS/librpcsecgss-0.14-1.1mdv2007.1.src.rpm

Corporate 4.0:
ecd5d4eff04e2e09f7a6850da0b4dff1 corporate/4.0/i586/librpcsecgss0-0.5-1.1.20060mlcs4.i586.rpm
7d77ed46e5427ce213987cbee409785e corporate/4.0/i586/librpcsecgss0-devel-0.5-1.1.20060mlcs4.i586.rpm
3f64577e676dfd9aa09d829fe9de24bd corporate/4.0/i586/librpcsecgss2-0.12-1.1.20060mlcs4.i586.rpm
2f5c87cc699941cb1062c00fe19e37a5 corporate/4.0/i586/librpcsecgss2-devel-0.12-1.1.20060mlcs4.i586.rpm
33512d4c9c0c349ef5a013e4b9b25332 corporate/4.0/SRPMS/librpcsecgss-0.12-1.1.20060mlcs4.src.rpm
bd310e2ed1a24a876e8b06617034408f corporate/4.0/SRPMS/librpcsecgss0-0.5-1.1.20060mlcs4.src.rpm

Corporate 4.0/X86_64:
65df0614cbc92a6135759f984001dc6f corporate/4.0/x86_64/lib64rpcsecgss0-0.5-1.1.20060mlcs4.x86_64.rpm
0b37d5b2b99606080577a6e55cd92d49 corporate/4.0/x86_64/lib64rpcsecgss0-devel-0.5-1.1.20060mlcs4.x86_64.rpm
52c1e1c4cbfe5968e360a7c953bae101 corporate/4.0/x86_64/lib64rpcsecgss2-0.12-1.1.20060mlcs4.x86_64.rpm
7f324edf9b9eba95453d3f002f3688b7 corporate/4.0/x86_64/lib64rpcsecgss2-devel-0.12-1.1.20060mlcs4.x86_64.rpm
33512d4c9c0c349ef5a013e4b9b25332 corporate/4.0/SRPMS/librpcsecgss-0.12-1.1.20060mlcs4.src.rpm
bd310e2ed1a24a876e8b06617034408f corporate/4.0/SRPMS/librpcsecgss0-0.5-1.1.20060mlcs4.src.rpm

ChangeLog

2007-09-13 : Initial release

Vulnerability Management

Subscribe to FrSIRT VNS and receive real-time e-mail and SMS alerts when new vulnerabilities, exploits, or patches relevant to your systems and network configurations are available.

Feedback

If you have additional information or corrections for this security advisory please submit them via our contact form or by email to updates@frsirt.com.
 
 

Search
      

Mailinglist
    
 

Cisco Wide Area Application Services CUPS Remote Vulnerability

Cisco UCM Denial of Service and Authentication Bypass Vulnerabilities

Cisco Intrusion Prevention System Jumbo Frame Vulnerability

Cisco VPN Client Deterministic Network Enhancer Privilege Escalation

Cisco Products SNMPv3 Authentication Packets Vulnerabilities

Cisco PIX and ASA Security Bypass and Denial of Service

Cisco IOS Secure Shell Remote Denial of Service

IBM Tivoli Directory Server Entry Handling Double-Free Vulnerability

IBM AFP Viewer Plug-In "SRC" Property Buffer Overflow Vulnerability

IBM Hardware Management Console Cross Site Scripting Vulnerabilities

IBM OS/400 BrSmRcvAndCheck Local Buffer Overflow Vulnerability

IBM DB2 Multiple Buffer Overflow and Security Bypass Vulnerabilities

IBM WebSphere Application Server Security Exposure Vulnerability

IBM AIX Multiple Command Local Privilege Escalation Vulnerabilities

Mozilla Products Remote Code Execution and Security Bypass Issues

Mozilla Firefox Unspecified Remote Command Execution Vulnerability

Mozilla JavaScript Garbage Collector Code Execution Vulnerability

Mozilla Thunderbird Code Execution and Cross Site Scripting Issues

Mozilla Firefox and SeaMonkey Multiple Remote Code Execution Issues

Mozilla Thunderbird Multiple Security Bypass and Code Execution Issues

Mozilla Firefox and SeaMonkey Multiple Remote Code Execution Issues

Copyright 2003-2008 © FrSIRT.COM - Privacy Policy