French Security Incident Response Team

FrSIRT   

      

   français French  anglais English

 
Vulnerability Notification Service
 FrSIRT Partner Program
 14-Day Free Trial
Contact FrSIRT Sales Dept.
 

Security Advisories
Linux Security Advisories
Virus and Threats Advisories
Latest Security News
Latest Zero Day Threats
Advisories and vulnerabilities by Vendor
Advisories and vulnerabilities by Keyword
 

Report a security incident
Report a new vulnerability
Security Mailinglist
 

Our Company
FrSIRT in the News
Advertise on FrSIRT.COM
Security Researchers and Exploit Writers Jobs
Contact Us

Mandriva Security Update Fixes PWLib Denial of Service Vulnerability

Title : Mandriva Security Update Fixes PWLib Denial of Service Vulnerability
Advisory ID : FrSIRT/ADV-2007-3713
CVE ID : CVE-2007-4897
Rated as : Low Risk 
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-11-05

Advisory Details
 
  Description
  Affected Products
  Solution
  References
Technical Description    Receive FrSIRT alerts in a Text format  Receive FrSIRT alerts in a PDF format  Receive FrSIRT alerts in an XML format  Receive FrSIRT notifications by SMS 

A vulnerability has been identified in Mandriva, which could be exploited by attackers to cause a denial of service [...]

Solution

Upgrade the affected packages :

Mandriva Linux 2007.0:
4bfc45bd6236ac7659c16d4feba43091 2007.0/i586/libpwlib1-1.10.2-2.1mdv2007.0.i586.rpm
84cea52a64deef3df562a5de3750d20e 2007.0/i586/libpwlib1-devel-1.10.2-2.1mdv2007.0.i586.rpm
978af2994d3c5dcb68d2284d6bf4d0b7 2007.0/i586/libpwlib1-plugins-1.10.2-2.1mdv2007.0.i586.rpm
64ca0ae79677f914c8c699a227b0eae1 2007.0/i586/libpwlib1-plugins-avc-1.10.2-2.1mdv2007.0.i586.rpm
3a31d6eea21466adb7e4e67dc6ee5cfd 2007.0/i586/libpwlib1-plugins-dc-1.10.2-2.1mdv2007.0.i586.rpm
caadaec51df423b89a7f3a3e2eacbb2c 2007.0/SRPMS/pwlib-1.10.2-2.1mdv2007.0.src.rpm

Mandriva Linux 2007.0/X86_64:
90955615e7f4cdcd85bdf6d0b38b39a1 2007.0/x86_64/lib64pwlib1-1.10.2-2.1mdv2007.0.x86_64.rpm
70d13f9ef3892ee761325a87692aa01b 2007.0/x86_64/lib64pwlib1-devel-1.10.2-2.1mdv2007.0.x86_64.rpm
59584508e6651e76f6e0b03953fd6981 2007.0/x86_64/lib64pwlib1-plugins-1.10.2-2.1mdv2007.0.x86_64.rpm
c828a72fdc9c39d8b1d89fb3c3ae6a78 2007.0/x86_64/lib64pwlib1-plugins-avc-1.10.2-2.1mdv2007.0.x86_64.rpm
5d64b400ab9206a00955425c5ff4b577 2007.0/x86_64/lib64pwlib1-plugins-dc-1.10.2-2.1mdv2007.0.x86_64.rpm
caadaec51df423b89a7f3a3e2eacbb2c 2007.0/SRPMS/pwlib-1.10.2-2.1mdv2007.0.src.rpm

Mandriva Linux 2007.1:
6de321ca2091bb5d35393f6da5374e74 2007.1/i586/libpwlib1-1.10.5-1.1mdv2007.1.i586.rpm
ff1a2fc457b5f6c96c88eb3b4f966a51 2007.1/i586/libpwlib1-devel-1.10.5-1.1mdv2007.1.i586.rpm
9be1480880bd440c965f822aecbb997f 2007.1/i586/libpwlib1-plugins-1.10.5-1.1mdv2007.1.i586.rpm
dcbd0515c7b463a3b392af866df0a67d 2007.1/i586/libpwlib1-plugins-avc-1.10.5-1.1mdv2007.1.i586.rpm
f9fd8e259564dec1da67742f88259aee 2007.1/i586/libpwlib1-plugins-dc-1.10.5-1.1mdv2007.1.i586.rpm
2a2d05b989a6c0c33c5aa0481555d5f7 2007.1/SRPMS/pwlib-1.10.5-1.1mdv2007.1.src.rpm

Mandriva Linux 2007.1/X86_64:
8ed6153bca8d7ba7bf00b64c19ca2e4b 2007.1/x86_64/lib64pwlib1-1.10.5-1.1mdv2007.1.x86_64.rpm
028e266dcfe898f5e66bc5e6101fb952 2007.1/x86_64/lib64pwlib1-devel-1.10.5-1.1mdv2007.1.x86_64.rpm
a79400f5f945015d5ee59c2edb54425e 2007.1/x86_64/lib64pwlib1-plugins-1.10.5-1.1mdv2007.1.x86_64.rpm
81640e8727aa5a474db2b920472a7e4d 2007.1/x86_64/lib64pwlib1-plugins-avc-1.10.5-1.1mdv2007.1.x86_64.rpm
6ceb9298e5db9fc861355e5ec3ba0afd 2007.1/x86_64/lib64pwlib1-plugins-dc-1.10.5-1.1mdv2007.1.x86_64.rpm
2a2d05b989a6c0c33c5aa0481555d5f7 2007.1/SRPMS/pwlib-1.10.5-1.1mdv2007.1.src.rpm

Mandriva Linux 2008.0:
07c5dd8c2f8a564b60b0fb1cbf770323 2008.0/i586/libpwlib1-1.10.10-2.1mdv2008.0.i586.rpm
a9596ac6c7ed9604f7d674ea843acc3f 2008.0/i586/libpwlib1-devel-1.10.10-2.1mdv2008.0.i586.rpm
4ec351c5bb57d2883b3cab9813831115 2008.0/i586/libpwlib1-plugins-1.10.10-2.1mdv2008.0.i586.rpm
f5fd094f33496c98ad8d3b2c5687e3ef 2008.0/i586/libpwlib1-plugins-avc-1.10.10-2.1mdv2008.0.i586.rpm
8bb1307d4810fa065e2dd8e6d01f83b6 2008.0/i586/libpwlib1-plugins-dc-1.10.10-2.1mdv2008.0.i586.rpm
c9d691a9c0d4fa8bee1e1f879d23201b 2008.0/SRPMS/pwlib-1.10.10-2.1mdv2008.0.src.rpm

Mandriva Linux 2008.0/X86_64:
88b3a46ab5106a47d40ac0d5f448ba88 2008.0/x86_64/lib64pwlib1-1.10.10-2.1mdv2008.0.x86_64.rpm
9886151d07a498669322de5c9a34a58b 2008.0/x86_64/lib64pwlib1-devel-1.10.10-2.1mdv2008.0.x86_64.rpm
618d84b58b6287643bd381ae94267d38 2008.0/x86_64/lib64pwlib1-plugins-1.10.10-2.1mdv2008.0.x86_64.rpm
69470a8b930804ce8475b143dfca8b02 2008.0/x86_64/lib64pwlib1-plugins-avc-1.10.10-2.1mdv2008.0.x86_64.rpm
d473d19c955655ac78e5deb3e9b2f49e 2008.0/x86_64/lib64pwlib1-plugins-dc-1.10.10-2.1mdv2008.0.x86_64.rpm
c9d691a9c0d4fa8bee1e1f879d23201b 2008.0/SRPMS/pwlib-1.10.10-2.1mdv2008.0.src.rpm

Corporate 3.0:
769c95db126e8dbf1935af7c3ed04f0e corporate/3.0/i586/libpwlib1-1.5.2-2.2.C30mdk.i586.rpm
5bd83f298d7a21c047fe5d0bff250022 corporate/3.0/i586/libpwlib1-devel-1.5.2-2.2.C30mdk.i586.rpm
37ebe166490bd05ad0a9e9d345a3db1a corporate/3.0/SRPMS/pwlib-1.5.2-2.2.C30mdk.src.rpm

Corporate 3.0/X86_64:
8384099d3a1c847d3014fa38e504bc00 corporate/3.0/x86_64/lib64pwlib1-1.5.2-2.2.C30mdk.x86_64.rpm
125d19bcf8ef1a6f2b4d2addead8c6c4 corporate/3.0/x86_64/lib64pwlib1-devel-1.5.2-2.2.C30mdk.x86_64.rpm
37ebe166490bd05ad0a9e9d345a3db1a corporate/3.0/SRPMS/pwlib-1.5.2-2.2.C30mdk.src.rpm

ChangeLog

2007-11-05 : Initial release

Vulnerability Management

Subscribe to FrSIRT VNS and receive real-time e-mail and SMS alerts when new vulnerabilities, exploits, or patches relevant to your systems and network configurations are available.

Feedback

If you have additional information or corrections for this security advisory please submit them via our contact form or by email to updates@frsirt.com.
 
 

Search
      

Mailinglist
    
 

IBM Lotus Quickr Denial of Service and Security Bypass Vulnerabilities

IBM Tivoli Netcool/Webtop Multiple Security Bypass Vulnerabilities

IBM WebSphere Application Server Security Exposure Vulnerabilities

IBM DB2 Universal Database Multiple Denial of Service

IBM AIX "swcons" Insecure Permission Privilege Escalation Vulnerability

IBM WebSphere Application Server Cross Site Scripting Vulnerability

IBM DB2 CLR Stored Procedures Unspecified Vulnerability

Apple Mac OS X Code Execution and Security Bypass Vulnerabilities

Apple TV Multiple File Processing Code Execution Vulnerabilities

Apple Mac OS X Code Execution and Security Bypass Vulnerabilities

Apple iPhone Code Execution and Security Bypass Vulnerabilities

Apple QuickTime Multiple Remote Code Execution Vulnerabilities

Apple iTunes Driver Integer Overflow Privilege Escalation Vulnerability

Apple iPod touch Code Execution and Security Bypass Vulnerabilities

Oracle Products Multiple Code Execution and Security Bypass Issues

Oracle Products Command Execution and SQL Injection Vulnerabilities

Oracle Products Multiple Code Execution and SQL Injection Vulnerabilities

Oracle Database "PITRIG_DROPMETADATA" Buffer Overflow Vulnerability

Oracle Products Multiple Code Execution and SQL Injection Vulnerabilities

Oracle JInitiator ActiveX Control Multiple Remote Buffer Overflow Vulnerabilities

Oracle Products Multiple Remote Command Execution and SQL Injection Vulnerabilities

Copyright 2003-2008 © FrSIRT.COM - Privacy Policy