French Security Incident Response Team

FrSIRT   

      

   français French  anglais English

 
Vulnerability Notification Service
 FrSIRT Partner Program
 14-Day Free Trial
Contact FrSIRT Sales Dept.
 

Security Advisories
Linux Security Advisories
Virus and Threats Advisories
Latest Security News
Latest Zero Day Threats
Advisories and vulnerabilities by Vendor
Advisories and vulnerabilities by Keyword
 

Report a security incident
Report a new vulnerability
Security Mailinglist
 

Our Company
FrSIRT in the News
Advertise on FrSIRT.COM
Security Researchers and Exploit Writers Jobs
Contact Us

Fedora Security Update Fixes xscreensaver Local Security Bypass Issue

Title : Fedora Security Update Fixes xscreensaver Local Security Bypass Issue
Advisory ID : FrSIRT/ADV-2007-3766
CVE ID : CVE-2007-5585
Rated as : Low Risk 
Remotely Exploitable : No
Locally Exploitable : Yes
Release Date : 2007-11-07

Advisory Details
 
  Description
  Affected Products
  Solution
  References
Technical Description    Receive FrSIRT alerts in a Text format  Receive FrSIRT alerts in a PDF format  Receive FrSIRT alerts in an XML format  Receive FrSIRT notifications by SMS 

A vulnerability has been identified in Fedora, which could be exploited by local attackers to bypass security restrictions [...]

Solution

Upgrade the affected packages :

63f5d297c3d58456a6c38ce6ff343523ec9d6c23 xscreensaver-gl-extras-gss-5.03-14.fc8.ppc64.rpm
1972511f3aecc1b31820efa0a8375aa271464e84 xscreensaver-extras-gss-5.03-14.fc8.ppc64.rpm
407b9e927ade17a5916c5316309ea459c96eee81 xscreensaver-extras-5.03-14.fc8.ppc64.rpm
a9afb11998a5adf8127e069ad7ed8733533c8f34 xscreensaver-gl-extras-5.03-14.fc8.ppc64.rpm
1d6b79fc2a7d7b27946bb4a2a2f1e7a75e7ef5d4 xscreensaver-gl-base-5.03-14.fc8.ppc64.rpm
aa029f1af7c1132313ea025b94446cd90455eeb3 xscreensaver-base-5.03-14.fc8.ppc64.rpm
281f8f7d226c7302122a50499e119dd35ff2e6e4 xscreensaver-5.03-14.fc8.ppc64.rpm
eb6e8fda8fe536d1425b501db79b2ed134583986 xscreensaver-debuginfo-5.03-14.fc8.ppc64.rpm
e7db6cf1b1415d214b6ea260012a84abeb8f34cc xscreensaver-5.03-14.fc8.i386.rpm
005e7fb84fdd39f49f640c1b67fe0eed9031fd81 xscreensaver-extras-5.03-14.fc8.i386.rpm
065ed5e5b618a0bb910f216c711a4b272db8902d xscreensaver-debuginfo-5.03-14.fc8.i386.rpm
4c40978acc0cfa64fef8f05ec15c6b27ed62154b xscreensaver-gl-extras-5.03-14.fc8.i386.rpm
1420ea4dde90fdd2b4b7fc2f0d89f952148d6890 xscreensaver-gl-base-5.03-14.fc8.i386.rpm
b2c738bb3ca209c4aee400029134f2b7a882fb91 xscreensaver-base-5.03-14.fc8.i386.rpm
a7a837c714d9eb91637c44f9295c5b700397c580 xscreensaver-extras-gss-5.03-14.fc8.i386.rpm
99192fbc12dec5779c75c53bfa1c62986412f93c xscreensaver-gl-extras-gss-5.03-14.fc8.i386.rpm
742757626f257d1daa005cf04810f3b095d694c3 xscreensaver-gl-base-5.03-14.fc8.x86_64.rpm
a9b85bae65c65a30ea2095854d699c6a3ba605f0 xscreensaver-gl-extras-5.03-14.fc8.x86_64.rpm
eac6082d90617c023db40b3d58e8b498af482db6 xscreensaver-debuginfo-5.03-14.fc8.x86_64.rpm
e1072cb47c42b2fe8b463b451dcbcd91f2c6b00d xscreensaver-base-5.03-14.fc8.x86_64.rpm
7eb61c7cbf30404758a0722f47fdb6e997edab74 xscreensaver-5.03-14.fc8.x86_64.rpm
d09d5b505397ebb4f72fc0d5537f8b5c4b31bec8 xscreensaver-extras-gss-5.03-14.fc8.x86_64.rpm
2051b98a49410e87d9212c823ddc80c25ac9e47e xscreensaver-gl-extras-gss-5.03-14.fc8.x86_64.rpm
571918b7b29b808dd6d20240ebf07d0f8198c096 xscreensaver-extras-5.03-14.fc8.x86_64.rpm
c3c3ac06d7c0156c111f7ddf1588890f084824a9 xscreensaver-debuginfo-5.03-14.fc8.ppc.rpm
7812123dfac7b4c7fecebb50f06597f2b78a80d2 xscreensaver-base-5.03-14.fc8.ppc.rpm
955ed8f1496c972467fcfa2b2089b2b63ba22bae xscreensaver-gl-extras-5.03-14.fc8.ppc.rpm
d7c99dac1b1dd37264c2d1dc31c776ff8ef4bd72 xscreensaver-gl-extras-gss-5.03-14.fc8.ppc.rpm
ae67bcbba3f9fb59f47a14a39ccd070f73aa1974 xscreensaver-extras-gss-5.03-14.fc8.ppc.rpm
e3208f219ee3929086d867fb43d7590c44ed4c79 xscreensaver-extras-5.03-14.fc8.ppc.rpm
e5cc767d93d9b09e8b5885f7c612646a42ed3aa4 xscreensaver-gl-base-5.03-14.fc8.ppc.rpm
f30a3b486eca52b5541368b4daf647389048e8bf xscreensaver-5.03-14.fc8.ppc.rpm
9fabeba54fe774805b5cb6ff6afa700f2828e1be xscreensaver-5.03-14.fc8.src.rpm

ChangeLog

2007-11-07 : Initial release

Vulnerability Management

Subscribe to FrSIRT VNS and receive real-time e-mail and SMS alerts when new vulnerabilities, exploits, or patches relevant to your systems and network configurations are available.

Feedback

If you have additional information or corrections for this security advisory please submit them via our contact form or by email to updates@frsirt.com.
 
 

Search
      

Mailinglist
    
 

IBM WebSphere Application Server Security Exposure Vulnerabilities

IBM AIX DNS Transaction ID Remote Cache Poisoning Vulnerability

IBM Tivoli Directory Server Entry Handling Double-Free Vulnerability

IBM AFP Viewer Plug-In "SRC" Property Buffer Overflow Vulnerability

IBM Hardware Management Console Cross Site Scripting Vulnerabilities

IBM OS/400 BrSmRcvAndCheck Local Buffer Overflow Vulnerability

IBM DB2 Multiple Buffer Overflow and Security Bypass Vulnerabilities

Sun Solaris System Management Agent Buffer Overflow Vulnerability

Sun Update Fixes Mozilla Thunderbird Multiple Vulnerabilities

Sun Java JDK and JRE Code Execution and Security Bypass Issues

Sun Solaris DNS Protocol Remote Cache Poisoning Vulnerability

Sun Solaris Tomcat JSP/Servlet Container Multiple Vulnerabilities

Sun Java System Access Manager XSLT Code Execution Vulnerability

Sun Solaris 10 Adobe Reader Multiple Code Execution Vulnerabilities

Mozilla Firefox for Mac OS X GIF Rendering Code Execution Vulnerability

Mozilla Products Remote Code Execution and Security Bypass Issues

Mozilla Products Code Execution and Injection Vulnerabilities

Mozilla JavaScript Garbage Collector Code Execution Vulnerability

Mozilla Thunderbird Code Execution and Cross Site Scripting Issues

Mozilla Firefox and SeaMonkey Multiple Remote Code Execution Issues

Mozilla Thunderbird Multiple Security Bypass and Code Execution Issues

Copyright 2003-2008 © FrSIRT.COM - Privacy Policy