Gnome VFS ‘extfs’脚本身份不明漏洞

漏洞信息详情

Gnome VFS ‘extfs’脚本身份不明漏洞

• CNNVD编号：CNNVD-200411-055
• 危害等级： 高危
  
  
• CVE编号：
  CVE-2004-0494
  
• 漏洞类型：
  
  
  未知
  
• 发布时间：
  
  2004-11-23
  
• 威胁类型：
  
  
  远程
  
• 更新时间：
  
  2005-10-20
  
• 厂        商：
  
  avaya
• 漏洞来源：
  It is unknown at t…

GNOME虚拟文件系统1.0.1之前版本的多个extfs后端脚本存在漏洞。远程攻击者可能借助gnome-vfs URI执行某些未授权的行为。

RedHat has released a Fedora Legacy advisory FLSA:1944 along with fixes for RedHat Linux. Please see the referenced advisory for more information.
RedHat has released two advisories (FEDORA-2004-272, FEDORA-2004-273) to address this issue in Fedora Core 1 and Fedora Core 2. Please see the referenced advisories for more information.
RedHat has released advisory RHSA-2004:373-13 and fixes to resolve this issue. Please see the referenced advisory for further information.
Avaya has released an advisory that acknowledges this vulnerability for Avaya products. Fixes are not currently available; customers are advised to remove Gnome packages from their server or apply patches supplied by the Operating System vendor. Please see the referenced Avaya advisory at the following location for further details:
http://support.avaya.com/japple/css/japple?temp.groupID=128450&temp.selectedFamily=128451&temp.selectedProduct=154235&temp.selectedBucket=126655&temp.feedbackState=askForFeedback&temp.documentID=198525&PAGE=avaya.css.CSSLvl1Detail&executeTransaction=avaya.css.UsageUpdate()
SGI has made available Patch 10095, correcting this vulnerability for systems running SGI Advanced Linux Environment 3:
Patch 10095 is available from
http://support.sgi.com/ and
ftp://patches.sgi.com/support/free/security/patches/ProPack/3/
The individual RPMs from Patch 10095 are available from:
ftp://oss.sgi.com/projects/sgi_propack/download/3/updates/RPMS
ftp://oss.sgi.com/projects/sgi_propack/download/3/updates/SRPMS
SuSE Linux has released fixes for this issue.
Fedora Core 3 advisory FEDORA-2004-514 including an updated version of Midnight Commander is available to address this issue. Please see the referenced advisory for more information.
Red Hat has released advisory RHSA-2004:464-09 to address this issue in Midnight Commander for Red Hat Enterprise Linux. Please see the advisory in Web references for more information.

RedHat Linux 7.3 i386

• RedHat gnome-vfs-1.0.5-4.1.legacy.i386.rpmRedHat Linux 7.3
  
  http://download.fedoralegacy.org/redhat/7.3/updates/i386/gnome-vfs-1.0
  .5-4.1.legacy.i386.rpm
• RedHat gnome-vfs-devel-1.0.5-4.1.legacy.i386.rpmRedHat Linux 7.3
  
  http://download.fedoralegacy.org/redhat/7.3/updates/i386/gnome-vfs-dev
  el-1.0.5-4.1.legacy.i386.rpm

RedHat Linux 9.0 i386

• RedHat gnome-vfs-1.0.5-13.1.legacy.i386.rpmRedHat Linux 9
  
  http://download.fedoralegacy.org/redhat/9/updates/i386/gnome-vfs-1.0.5
  -13.1.legacy.i386.rpm
• RedHat gnome-vfs-devel-1.0.5-13.1.legacy.i386.rpmRedHat Linux 9
  
  http://download.fedoralegacy.org/redhat/9/updates/i386/gnome-vfs-devel
  -1.0.5-13.1.legacy.i386.rpm
• RedHat gnome-vfs2-2.2.2-4.1.legacy.i386.rpmRedHat Linux 9
  
  http://download.fedoralegacy.org/redhat/9/updates/i386/gnome-vfs2-2.2.
  2-4.1.legacy.i386.rpm
• RedHat gnome-vfs2-devel-2.2.2-4.1.legacy.i386.rpmRedHat Linux 9
  
  http://download.fedoralegacy.org/redhat/9/updates/i386/gnome-vfs2-deve
  l-2.2.2-4.1.legacy.i386.rpm

S.u.S.E. Linux Personal 9.2

• SuSE gnome-vfs-1.0.5-808.2.i586.rpm
  ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/gnome-vfs-1.0.5-8
  08.2.i586.rpm
• SuSE gnome-vfs2-2.6.1-38.2.i586.rpm
  ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/gnome-vfs2-2.6.1-
  38.2.i586.rpm
• SuSE gnome-vfs2-doc-2.6.1-38.2.i586.rpm
  ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/gnome-vfs2-doc-2.
  6.1-38.2.i586.rpm

来源: REDHAT
名称: RHSA-2004:373
链接:http://www.redhat.com/support/errata/RHSA-2004-373.html

来源: FEDORA
名称: FLSA:1944
链接:https://bugzilla.fedora.us/show_bug.cgi?id=1944

来源: XF
名称: gnome-vfs-extfs-gain-access(16897)
链接:http://xforce.iss.net/xforce/xfdb/16897

来源: OVAL
名称: oval:org.mitre.oval:def:9854
链接:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9854

来源: rpmfind.net
链接:http://rpmfind.net/linux/RPM/suse/9.3/i386/suse/i586/gnome-vfs-1.0.5-816.2.i586.html