FrSIRT - Fedora Security Update Fixes Blam Untrusted Search Path Weakness / Exploit (Security Advisories)

French Security Incident Response Team

French

English

Fedora Security Update Fixes Blam Untrusted Search Path Weakness

Title : Fedora Security Update Fixes Blam Untrusted Search Path Weakness
Advisory ID : FrSIRT/ADV-2007-4023
CVE ID : CVE-2005-4790
Rated as : Low Risk

Remotely Exploitable : No
Locally Exploitable : Yes
Release Date : 2007-11-28

Advisory Details

Description

Affected Products

Solution

References

Technical Description

A vulnerability has been identified in Fedora, which could be exploited by local attackers to potentially obtain elevated privileges [...]

Solution

Upgrade the affected packages :

7bc7f1f01d672abaa13f4a2e4c02a8c01a1f1c2e blam-1.8.3-9.fc7.i386.rpm
0c9aa73347873be18fca0e9d0accd8a31634fa34 blam-debuginfo-1.8.3-9.fc7.i386.rpm
5a05537c6b4aabccd52ec6c308bee3015acb9918 blam-debuginfo-1.8.3-9.fc7.x86_64.rpm
5cc7d651d09410b957605518285581434fe6f626 blam-1.8.3-9.fc7.x86_64.rpm
1c89824bf2ccc11c11406acb32cb3c3d126eaeb2 blam-1.8.3-9.fc7.ppc.rpm
b10961d8e75d2716a1c145667ff753e7717df80f blam-debuginfo-1.8.3-9.fc7.ppc.rpm
4413684e045f0c2fa88816ce4fce6064e11bf91a blam-1.8.3-9.fc7.src.rpm

8c2691d5d608dfe4ebe49d19c5648e98f796e799 blam-debuginfo-1.8.3-11.fc8.i386.rpm
2aa1c2490235906853b3b33dbc8b307cbf7c5a7e blam-1.8.3-11.fc8.i386.rpm
affe4814232cf9abaf7b9222cf1eb6a4fa4a0f3c blam-debuginfo-1.8.3-11.fc8.x86_64.rpm
ed5e6144b7719e3b2d5f1d70f26bdbe4b298d490 blam-1.8.3-11.fc8.x86_64.rpm
d0967a8905fb3aaa46f3ba302bec787eae2446f8 blam-1.8.3-11.fc8.ppc.rpm
d52414a5eabf5d02af9109f3191d215ca57cfb25 blam-debuginfo-1.8.3-11.fc8.ppc.rpm
17ceb85f572cec39fe2df132d4c92bb83de8a951 blam-1.8.3-11.fc8.src.rpm

ChangeLog

2007-11-28 : Initial release

Vulnerability Management

Subscribe to FrSIRT VNS and receive real-time e-mail and SMS alerts when new vulnerabilities, exploits, or patches relevant to your systems and network configurations are available.

Feedback

If you have additional information or corrections for this security advisory please submit them via our contact form or by email to updates@frsirt.com.

Mailinglist

	Apple iPhone and iPod touch Multiple Code Execution Vulnerabilities
	Apple Xcode Code Execution and Information Disclosure Vulnerabilities
	Apple TV Data Processing Remote Code Execution Vulnerabilities
	Apple Mac OS X Command Execution and Security Bypass Issues
	Apple Safari for Mac OS X Remote Code Execution Vulnerability
	Apple Mac OS X ARDAgent Local Privilege Escalation Vulnerability
	Apple Safari Code Execution and Information Disclosure Vulnerabilities

	IBM WebSphere Application Server Security Exposure Vulnerabilities
	IBM AIX DNS Transaction ID Remote Cache Poisoning Vulnerability
	IBM Tivoli Directory Server Entry Handling Double-Free Vulnerability
	IBM AFP Viewer Plug-In "SRC" Property Buffer Overflow Vulnerability
	IBM Hardware Management Console Cross Site Scripting Vulnerabilities
	IBM OS/400 BrSmRcvAndCheck Local Buffer Overflow Vulnerability
	IBM DB2 Multiple Buffer Overflow and Security Bypass Vulnerabilities

	Mozilla Firefox for Mac OS X GIF Rendering Code Execution Vulnerability
	Mozilla Products Remote Code Execution and Security Bypass Issues
	Mozilla Products Code Execution and Injection Vulnerabilities
	Mozilla JavaScript Garbage Collector Code Execution Vulnerability
	Mozilla Thunderbird Code Execution and Cross Site Scripting Issues
	Mozilla Firefox and SeaMonkey Multiple Remote Code Execution Issues
	Mozilla Thunderbird Multiple Security Bypass and Code Execution Issues