SuSE XScreenSaver多个安全漏洞

漏洞信息详情

SuSE XScreenSaver多个安全漏洞

• CNNVD编号：CNNVD-200312-414
• 危害等级： 低危
  
  
• CVE编号：
  CVE-2003-1294
  
• 漏洞类型：
  
  
  未知
  
• 发布时间：
  
  2003-11-28
  
• 威胁类型：
  
  
  本地
  
• 更新时间：
  
  2006-03-01
  
• 厂        商：
  
  xscreensaver
• 漏洞来源：
  SuSE advisory

Novell SUSE是美国Novell公司的一个Linux操作系统发行版。
SuSE包含的xscreensaver存在多个漏洞，本地攻击者进行拒绝服务攻击，或可能进行权限提升。
xscreensaver处理验证信息校验时存在问题，可导致崩溃保护程序崩溃，另外xscreensaver在处理验证时会以不安全的方式建立临时文件，可导致破坏本地系统文件。

厂商补丁：
RedHat
——
RedHat已经为此发布了一个安全公告(RHSA-2006:0498-01)以及相应补丁:

RHSA-2006:0498-01：Moderate: xscreensaver security update

链接：http://lwn.net/Alerts/184909” target=”_blank”>
http://lwn.net/Alerts/184909

补丁下载：

Red Hat Enterprise Linux AS (Advanced Server) version 2.1:

SRPMS:

ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/xscreensaver-3.33-4.rhel21.3.src.rpm

f8a3f186605e8c1e94118d560724cd0c xscreensaver-3.33-4.rhel21.3.src.rpm

i386:

3f48fa1db2d0c4224dd968a3a4a10033 xscreensaver-3.33-4.rhel21.3.i386.rpm

ia64:

dfe54c3a32cc18cd4cdf4ccfe073cba0 xscreensaver-3.33-4.rhel21.3.ia64.rpm

Red Hat Linux Advanced Workstation 2.1:

SRPMS:

ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/xscreensaver-3.33-4.rhel21.3.src.rpm

f8a3f186605e8c1e94118d560724cd0c xscreensaver-3.33-4.rhel21.3.src.rpm

ia64:

dfe54c3a32cc18cd4cdf4ccfe073cba0 xscreensaver-3.33-4.rhel21.3.ia64.rpm

Red Hat Enterprise Linux ES version 2.1:

SRPMS:

ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/xscreensaver-3.33-4.rhel21.3.src.rpm

f8a3f186605e8c1e94118d560724cd0c xscreensaver-3.33-4.rhel21.3.src.rpm

i386:

3f48fa1db2d0c4224dd968a3a4a10033 xscreensaver-3.33-4.rhel21.3.i386.rpm

Red Hat Enterprise Linux WS version 2.1:

SRPMS:

ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/xscreensaver-3.33-4.rhel21.3.src.rpm

f8a3f186605e8c1e94118d560724cd0c xscreensaver-3.33-4.rhel21.3.src.rpm

i386:

3f48fa1db2d0c4224dd968a3a4a10033 xscreensaver-3.33-4.rhel21.3.i386.rpm

Red Hat Enterprise Linux AS version 3:

SRPMS:

ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/xscreensaver-4.10-20.src.rpm

aeb44a2230e0891747e7c678e165c2b0 xscreensaver-4.10-20.src.rpm

i386:

32064f1c5108a2fc8d440099113a915f xscreensaver-4.10-20.i386.rpm

c3c5cbe5a9f4dc689ba1cc8168dfda10 xscreensaver-debuginfo-4.10-20.i386.rpm

ia64:

ac46f647bd7930f3dcf10b74d4f8f9ec xscreensaver-4.10-20.ia64.rpm

ebf73db97fdda4f4d65e6897050ca206 xscreensaver-debuginfo-4.10-20.ia64.rpm

ppc:

6023bea1b1145194a72487f7418b9c8b xscreensaver-4.10-20.ppc.rpm

fcb479f611c9053efd9d845bcdbc7ffe xscreensaver-debuginfo-4.10-20.ppc.rpm

s390:

0e9f6a02afe107a9b52334eb89c0a0b1 xscreensaver-4.10-20.s390.rpm

26f350733c38fc054ea14b3cf8f08b77 xscreensaver-debuginfo-4.10-20.s390.rpm

s390x:

e48435174e377c0c7b78b2f87c16aab5 xscreensaver-4.10-20.s390x.rpm

7772d366de77b390edd9e3593b1d6d5b xscreensaver-debuginfo-4.10-20.s390x.rpm

可使用下列命令安装补丁：

rpm -Fvh [文件名]
Jamie Zawinski
————–
目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载：

http://www.jwz.org/xscreensaver/download.html” target=”_blank”>
http://www.jwz.org/xscreensaver/download.html

来源: bugzilla.redhat.com
链接:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=182286

来源: bugzilla.redhat.com
链接:https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=124968

来源: BID
名称: 9125
链接:http://www.securityfocus.com/bid/9125

来源: www.novell.com
链接:http://www.novell.com/linux/download/updates/90_i386.html

来源: OVAL
名称: oval:org.mitre.oval:def:10848
链接:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10848

来源: jwz.livejournal.com
链接:http://jwz.livejournal.com/310943.html

来源: REDHAT
名称: RHSA-2006:0498
链接:http://www.redhat.com/support/errata/RHSA-2006-0498.html

来源: VUPEN
名称: ADV-2006-1948
链接:http://www.frsirt.com/english/advisories/2006/1948

来源: support.avaya.com
链接:http://support.avaya.com/elmodocs2/security/ASA-2006-107.htm

来源: SECUNIA
名称: 20782
链接:http://secunia.com/advisories/20782

来源: SECUNIA
名称: 20456
链接:http://secunia.com/advisories/20456

来源: SECUNIA
名称: 20226
链接:http://secunia.com/advisories/20226

来源: SECUNIA
名称: 20224
链接:http://secunia.com/advisories/20224

来源: SGI
名称: 20060602-01-U
链接:ftp://patches.sgi.com/support/free/security/advisories/20060602-01-U.asc

来源：NSFOCUS
名称：5736
链接：http://www.nsfocus.net/vulndb/5736