FrSIRT - Fedora Security Update Fixes Inotify-tools Buffer Overflow Vulnerability / Exploit (Security Advisories)

French Security Incident Response Team

French

English

Fedora Security Update Fixes Inotify-tools Buffer Overflow Vulnerability

Title : Fedora Security Update Fixes Inotify-tools Buffer Overflow Vulnerability
Advisory ID : FrSIRT/ADV-2007-3831
CVE ID : CVE-2007-5037
Rated as : Moderate Risk

Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-11-12

Advisory Details

Description

Affected Products

Solution

References

Technical Description

A vulnerability has been identified in Fedora, which could be exploited by attackers to execute arbitrary code [...]

Solution

Upgrade the affected packages :

2e2312863c6dacd8cce2957f781bad17c98f30da inotify-tools-devel-3.11-1.fc7.ppc64.rpm
f95157e1afc3fc63ade33c43705888d7e4f6b2ff inotify-tools-debuginfo-3.11-1.fc7.ppc64.rpm
8bc30e9362876e9b42b550a9e0244d27b5def322 inotify-tools-3.11-1.fc7.ppc64.rpm
e3ad0fa64196062ad17937aeef72afc5aae276be inotify-tools-3.11-1.fc7.i386.rpm
f672a5ab3cda48829a73a9d3448768c765f8ac1e inotify-tools-debuginfo-3.11-1.fc7.i386.rpm
62b8dec724acf521c43963ba3f70e5ef78018929 inotify-tools-devel-3.11-1.fc7.i386.rpm
e365b0a88b8c5f81adbfc448665c1294b7912cc3 inotify-tools-3.11-1.fc7.x86_64.rpm
547d36e971883a1b15f1aa72954abd09fc2bea1d inotify-tools-debuginfo-3.11-1.fc7.x86_64.rpm
39dc900b1924af6ef90e7ca0f033adb1fe0cb5c8 inotify-tools-devel-3.11-1.fc7.x86_64.rpm
fc59c2a1756120614d3ea6a765153df4fe68c641 inotify-tools-debuginfo-3.11-1.fc7.ppc.rpm
bc580b1c329c13dc157ca06e8c38d69efb7d2d4a inotify-tools-devel-3.11-1.fc7.ppc.rpm
340a5eab4e13a493cf00ba81ab5f3bfb637547b3 inotify-tools-3.11-1.fc7.ppc.rpm
85953da330a6b93607112ba57f98f985bf2de880 inotify-tools-3.11-1.fc7.src.rpm

ChangeLog

2007-11-12 : Initial release

Vulnerability Management

Subscribe to FrSIRT VNS and receive real-time e-mail and SMS alerts when new vulnerabilities, exploits, or patches relevant to your systems and network configurations are available.

Feedback

If you have additional information or corrections for this security advisory please submit them via our contact form or by email to updates@frsirt.com.

Mailinglist

	Oracle Products Command Execution and SQL Injection Vulnerabilities
	Oracle Products Multiple Code Execution and SQL Injection Vulnerabilities
	Oracle Database "PITRIG_DROPMETADATA" Buffer Overflow Vulnerability
	Oracle Products Multiple Code Execution and SQL Injection Vulnerabilities
	Oracle JInitiator ActiveX Control Multiple Remote Buffer Overflow Vulnerabilities
	Oracle Products Multiple Remote Command Execution and SQL Injection Vulnerabilities
	Oracle Products Multiple Remote Command Execution and SQL Injection Vulnerabilities

	Sun Solaris Tomcat JSP/Servlet Container Multiple Vulnerabilities
	Sun Java System Access Manager XSLT Code Execution Vulnerability
	Sun Solaris 10 Adobe Reader Multiple Code Execution Vulnerabilities
	Sun Solaris "snmpXdmid" Packet Handling Denial of Service Vulnerability
	Sun Solaris FreeType2 Library Multiple Memory Corruption Vulnerabilities
	Sun Java System Calendar Server Denial of Service Vulnerability
	Sun Solaris SMA SNMPv3 Authentication Bypass Vulnerability

	IBM Tivoli Directory Server Entry Handling Double-Free Vulnerability
	IBM AFP Viewer Plug-In "SRC" Property Buffer Overflow Vulnerability
	IBM Hardware Management Console Cross Site Scripting Vulnerabilities
	IBM OS/400 BrSmRcvAndCheck Local Buffer Overflow Vulnerability
	IBM DB2 Multiple Buffer Overflow and Security Bypass Vulnerabilities
	IBM WebSphere Application Server Security Exposure Vulnerability
	IBM AIX Multiple Command Local Privilege Escalation Vulnerabilities