French Security Incident Response Team

FrSIRT   

      

   français French  anglais English

 
Vulnerability Notification Service
 FrSIRT Partner Program
 14-Day Free Trial
Contact FrSIRT Sales Dept.
 

Security Advisories
Linux Security Advisories
Virus and Threats Advisories
Latest Security News
Latest Zero Day Threats
Advisories and vulnerabilities by Vendor
Advisories and vulnerabilities by Keyword
 

Report a security incident
Report a new vulnerability
Security Mailinglist
 

Our Company
FrSIRT in the News
Advertise on FrSIRT.COM
Security Researchers and Exploit Writers Jobs
Contact Us

Mandriva Security Update Fixes perl-Tk Code Execution Vulnerability

Title : Mandriva Security Update Fixes perl-Tk Code Execution Vulnerability
Advisory ID : FrSIRT/ADV-2008-1002
CVE ID : CVE-2006-4484
Rated as : Moderate Risk 
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2008-03-27

Advisory Details
 
  Description
  Affected Products
  Solution
  References
Technical Description    Receive FrSIRT alerts in a Text format  Receive FrSIRT alerts in a PDF format  Receive FrSIRT alerts in an XML format  Receive FrSIRT notifications by SMS 

A vulnerability has been identified in Mandriva, which could be exploited by attackers to cause a denial of service or execute arbitrary code [...]

Solution

Upgrade the affected packages :

Mandriva Linux 2007.0:
617890813c4fbde09881f93318d8fb0c 2007.0/i586/perl-Tk-804.027-7.1mdv2007.0.i586.rpm
e9a52dbb6ae3c66329e8804db7540255 2007.0/i586/perl-Tk-devel-804.027-7.1mdv2007.0.i586.rpm
62ec6966a6e1b75a32cc69ba429383d9 2007.0/i586/perl-Tk-doc-804.027-7.1mdv2007.0.i586.rpm
35c904dd5d8fdfcb1289cff6f5683ffd 2007.0/SRPMS/perl-Tk-804.027-7.1mdv2007.0.src.rpm

Mandriva Linux 2007.0/X86_64:
1c90b8668b367864a7a745e7c5fe7a3e 2007.0/x86_64/perl-Tk-804.027-7.1mdv2007.0.x86_64.rpm
94e06f5c06bdaaca2387d78f883bd42b 2007.0/x86_64/perl-Tk-devel-804.027-7.1mdv2007.0.x86_64.rpm
c716b24bd69c972f60d8a77a297571fb 2007.0/x86_64/perl-Tk-doc-804.027-7.1mdv2007.0.x86_64.rpm
35c904dd5d8fdfcb1289cff6f5683ffd 2007.0/SRPMS/perl-Tk-804.027-7.1mdv2007.0.src.rpm

Mandriva Linux 2007.1:
ccd8c93b6638f18f44956e3a7976843f 2007.1/i586/perl-Tk-804.027-7.1mdv2007.1.i586.rpm
6f36c284047f89d996039a4890ef24a5 2007.1/i586/perl-Tk-devel-804.027-7.1mdv2007.1.i586.rpm
ea68a42b822f65622c08401438e18f3a 2007.1/i586/perl-Tk-doc-804.027-7.1mdv2007.1.i586.rpm
ba77b6b3ba20990bb584112edd8a8a11 2007.1/SRPMS/perl-Tk-804.027-7.1mdv2007.1.src.rpm

Mandriva Linux 2007.1/X86_64:
64c30b9a6521ee330c3ab503c7af4a81 2007.1/x86_64/perl-Tk-804.027-7.1mdv2007.1.x86_64.rpm
3af0d32f148366759bc38b6ebe9d0ed2 2007.1/x86_64/perl-Tk-devel-804.027-7.1mdv2007.1.x86_64.rpm
a7deec6b34f5ae1b4a2415f184fce3f6 2007.1/x86_64/perl-Tk-doc-804.027-7.1mdv2007.1.x86_64.rpm
ba77b6b3ba20990bb584112edd8a8a11 2007.1/SRPMS/perl-Tk-804.027-7.1mdv2007.1.src.rpm

Mandriva Linux 2008.0:
c0640864a0032ccb32e154b1eeb31e46 2008.0/i586/perl-Tk-804.027-7.1mdv2008.0.i586.rpm
cc4587989566c6cc9834aa766a97de70 2008.0/i586/perl-Tk-devel-804.027-7.1mdv2008.0.i586.rpm
bbff9b65728eb4be47ffd4fdde627364 2008.0/i586/perl-Tk-doc-804.027-7.1mdv2008.0.i586.rpm
08a52245b151a07de2f1ff578f5b94d4 2008.0/SRPMS/perl-Tk-804.027-7.1mdv2008.0.src.rpm

Mandriva Linux 2008.0/X86_64:
4784cc19583484e691657d027557e273 2008.0/x86_64/perl-Tk-804.027-7.1mdv2008.0.x86_64.rpm
e2cb98338952dbcf381ac41755c5bbcf 2008.0/x86_64/perl-Tk-devel-804.027-7.1mdv2008.0.x86_64.rpm
8f5e35f7f7ddffe3a0bc557fc7124f97 2008.0/x86_64/perl-Tk-doc-804.027-7.1mdv2008.0.x86_64.rpm
08a52245b151a07de2f1ff578f5b94d4 2008.0/SRPMS/perl-Tk-804.027-7.1mdv2008.0.src.rpm

Corporate 3.0:
664977154c6d3a6cf097535e4e4cffb6 corporate/3.0/i586/perl-Tk-800.024-4.1.C30mdk.i586.rpm
7ac67c7e4768fda4bc24f64f46de052f corporate/3.0/i586/perl-Tk-devel-800.024-4.1.C30mdk.i586.rpm
86a465731211ca4f8b5eb06736580f7a corporate/3.0/i586/perl-Tk-doc-800.024-4.1.C30mdk.i586.rpm
efeb7e3c708c1891dca5291e89a90ffb corporate/3.0/SRPMS/perl-Tk-800.024-4.1.C30mdk.src.rpm

Corporate 3.0/X86_64:
e273a52a8ce4b4df938f6f1a332c5a9a corporate/3.0/x86_64/perl-Tk-800.024-4.1.C30mdk.x86_64.rpm
c626b81ebcca6319a493da41daa64c59 corporate/3.0/x86_64/perl-Tk-devel-800.024-4.1.C30mdk.x86_64.rpm
59ba63dec80a1409340053b8d036c16a corporate/3.0/x86_64/perl-Tk-doc-800.024-4.1.C30mdk.x86_64.rpm
efeb7e3c708c1891dca5291e89a90ffb corporate/3.0/SRPMS/perl-Tk-800.024-4.1.C30mdk.src.rpm

Corporate 4.0:
40a305aea1ccccac122eeaa29623fc9d corporate/4.0/i586/perl-Tk-804.027-4.1.20060mlcs4.i586.rpm
500f724e392a66d8b77883ef45bb0d27 corporate/4.0/i586/perl-Tk-devel-804.027-4.1.20060mlcs4.i586.rpm
c37c8e2110050388d91fb82f23bc365a corporate/4.0/i586/perl-Tk-doc-804.027-4.1.20060mlcs4.i586.rpm
57e6e403c1e65b45c85ea086a3dcf861 corporate/4.0/SRPMS/perl-Tk-804.027-4.1.20060mlcs4.src.rpm

Corporate 4.0/X86_64:
33856879c459ad1b8d105860d6a93bdf corporate/4.0/x86_64/perl-Tk-804.027-4.1.20060mlcs4.x86_64.rpm
cd1461f7f031beea459abbcecfd74780 corporate/4.0/x86_64/perl-Tk-devel-804.027-4.1.20060mlcs4.x86_64.rpm
fa087aea0cf09672dd2a25e57461ab15 corporate/4.0/x86_64/perl-Tk-doc-804.027-4.1.20060mlcs4.x86_64.rpm
57e6e403c1e65b45c85ea086a3dcf861 corporate/4.0/SRPMS/perl-Tk-804.027-4.1.20060mlcs4.src.rpm

ChangeLog

2008-03-27 : Initial release

Vulnerability Management

Subscribe to FrSIRT VNS and receive real-time e-mail and SMS alerts when new vulnerabilities, exploits, or patches relevant to your systems and network configurations are available.

Feedback

If you have additional information or corrections for this security advisory please submit them via our contact form or by email to updates@frsirt.com.
 
 

Search
      

Mailinglist
    
 

Microsoft Office Word Document Handling Code Execution Vulnerability

Microsoft SQL Server Privilege Escalation Vulnerabilities (MS08-040)

Microsoft Exchange Server Cross Site Scripting Issues (MS08-039)

Microsoft Windows Explorer Remote Code Execution (MS08-038)

Microsoft Windows Multiple DNS Spoofing Vulnerabilities (MS08-037)

Microsoft Access Snapshot Viewer ActiveX Control Vulnerability

Microsoft Internet Explorer Frame Cross-Domain Scripting Vulnerability

Apple iPhone and iPod touch Multiple Code Execution Vulnerabilities

Apple Xcode Code Execution and Information Disclosure Vulnerabilities

Apple TV Data Processing Remote Code Execution Vulnerabilities

Apple Mac OS X Command Execution and Security Bypass Issues

Apple Safari for Mac OS X Remote Code Execution Vulnerability

Apple Mac OS X ARDAgent Local Privilege Escalation Vulnerability

Apple Safari Code Execution and Information Disclosure Vulnerabilities

Sun Solaris System Management Agent Buffer Overflow Vulnerability

Sun Update Fixes Mozilla Thunderbird Multiple Vulnerabilities

Sun Java JDK and JRE Code Execution and Security Bypass Issues

Sun Solaris DNS Protocol Remote Cache Poisoning Vulnerability

Sun Solaris Tomcat JSP/Servlet Container Multiple Vulnerabilities

Sun Java System Access Manager XSLT Code Execution Vulnerability

Sun Solaris 10 Adobe Reader Multiple Code Execution Vulnerabilities

Copyright 2003-2008 © FrSIRT.COM - Privacy Policy