FrSIRT - Mandriva Security Update Fixes PolicyKit Format String Vulnerability / Exploit (Security Advisories)

French Security Incident Response Team

French

English

Mandriva Security Update Fixes PolicyKit Format String Vulnerability

Title : Mandriva Security Update Fixes PolicyKit Format String Vulnerability
Advisory ID : FrSIRT/ADV-2008-1254
CVE ID : CVE-2008-1658
Rated as : Low Risk

Remotely Exploitable : No
Locally Exploitable : Yes
Release Date : 2008-04-17

Advisory Details

Description

Affected Products

Solution

References

Technical Description

A vulnerability has been identified in Mandriva, which could be exploited by local attackers to cause a denial of service or potentially execute arbitrary code [...]

Solution

Upgrade the affected packages :

Mandriva Linux 2008.1:
aa8e182bb5e5d8fe952cfab4c62bf055 2008.1/i586/libpolkit2-0.7-5.1mdv2008.1.i586.rpm
2c2de3341fd2e7b0181215c49b373953 2008.1/i586/libpolkit-devel-0.7-5.1mdv2008.1.i586.rpm
54bc0d67f70ada707da9ac5d35ac6f8a 2008.1/i586/policykit-0.7-5.1mdv2008.1.i586.rpm
864e3c1f5c99ad74a284fe3f35964515 2008.1/i586/policykit-docs-0.7-5.1mdv2008.1.i586.rpm
e19c68b55d06d4ad8a00a9c82e38e3fa 2008.1/SRPMS/policykit-0.7-5.1mdv2008.1.src.rpm

Mandriva Linux 2008.1/X86_64:
79e9c91841bf90f09fd7184050164bfe 2008.1/x86_64/lib64polkit2-0.7-5.1mdv2008.1.x86_64.rpm
3bb998cc6595c0f70c47cb22f411962b 2008.1/x86_64/lib64polkit-devel-0.7-5.1mdv2008.1.x86_64.rpm
16ede4d785e987f5e65361570d80bcdc 2008.1/x86_64/policykit-0.7-5.1mdv2008.1.x86_64.rpm
c114e50ab7f564a281ddd1096dbde53c 2008.1/x86_64/policykit-docs-0.7-5.1mdv2008.1.x86_64.rpm
e19c68b55d06d4ad8a00a9c82e38e3fa 2008.1/SRPMS/policykit-0.7-5.1mdv2008.1.src.rpm

Credits

Vulnerability reported by Ubuntu.

ChangeLog

2008-04-17 : Initial release

Vulnerability Management

Subscribe to FrSIRT VNS and receive real-time e-mail and SMS alerts when new vulnerabilities, exploits, or patches relevant to your systems and network configurations are available.

Feedback

If you have additional information or corrections for this security advisory please submit them via our contact form or by email to updates@frsirt.com.

Mailinglist

	Mozilla Products Code Execution and Security Bypass Vulnerabilities
	Mozilla Firefox for Mac OS X GIF Rendering Code Execution Vulnerability
	Mozilla Products Remote Code Execution and Security Bypass Issues
	Mozilla Products Code Execution and Injection Vulnerabilities
	Mozilla JavaScript Garbage Collector Code Execution Vulnerability
	Mozilla Thunderbird Code Execution and Cross Site Scripting Issues
	Mozilla Firefox and SeaMonkey Multiple Remote Code Execution Issues

	IBM Lotus Quickr Denial of Service and Security Bypass Vulnerabilities
	IBM Tivoli Netcool/Webtop Multiple Security Bypass Vulnerabilities
	IBM WebSphere Application Server Security Exposure Vulnerabilities
	IBM DB2 Universal Database Multiple Denial of Service
	IBM AIX "swcons" Insecure Permission Privilege Escalation Vulnerability
	IBM WebSphere Application Server Cross Site Scripting Vulnerability
	IBM DB2 CLR Stored Procedures Unspecified Vulnerability

	Cisco Unity Security Bypass and Denial of Service
	Cisco UCM SIP Remote Denial of Service
	Cisco IOS Denial of Service and Security Bypass Vulnerabilities
	Cisco PIX and ASA Information Disclosure and DoS Vulnerabilities
	Cisco Secure ACS EAP Remote Denial Of Service Vulnerability
	Cisco Products Remote DNS Cache Poisoning Vulnerability
	Cisco Wide Area Application Services CUPS Remote Vulnerability