Otkrivena je sigurnosna ranjivost programskog paketa ettercap koju lokalni zlonamjerni korisnik može iskoristiti za izmjenu proizvoljnih datoteka s povećanim ovlastima.
Paket:
ettercap 0.x
Operacijski sustavi:
Fedora 15, Fedora 16
Kritičnost:
3.1
Problem:
nepravilno rukovanje ovlastima
Iskorištavanje:
lokalno
Posljedica:
dobivanje većih privilegija, izmjena podataka
Rješenje:
programska zakrpa proizvođača
CVE:
CVE-2010-3843
Izvorni ID preporuke:
FEDORA-2012-1054
Izvor:
Fedora
Problem:
Ranjivost je otkrivena u datoteci "tmp/.ettercap_gtk" koja stvara privremene datoteke na nesiguran način.
Posljedica:
Ranjivost može iskoristiti lokalni napadač kako bi promijenio proizvoljne datoteke s povećanim ovlastima.
Rješenje:
Korisnicima se savjetuje korištenje dostupne zakrpe.
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2012-1054
2012-01-31 21:17:48
--------------------------------------------------------------------------------
Name : ettercap
Product : Fedora 16
Version : 0.7.4
Release : 3.fc16
URL : http://ettercap.sourceforge.net
Summary : Network traffic sniffer/analyser, NCURSES interface version
Description :
Ettercap is a suite for man in the middle attacks on LAN. It features
sniffing of live connections, content filtering on the fly and many other
interesting tricks. It supports active and passive dissection of many
protocols (even ciphered ones) and includes many feature for network and host
analysis.
This package contains the NCURSES version.
--------------------------------------------------------------------------------
Update Information:
New upstream, and patch for insecure global settings file.
Restored RPM_OPT_FLAGS to build.
New upstream, and patch for insecure global settings file.
New upstream, and patch for insecure global settings file.
New upstream, and patch for insecure global settings file.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Jan 30 2012 Jon Ciesla <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 0.7.4-3
- RPM_OPT_FLAGS fix, BZ 785562.
* Thu Jan 26 2012 Jon Ciesla <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 0.7.4-2
- Patch for CVE-2010-3843.
* Thu Jan 26 2012 Jon Ciesla <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 0.7.4-1
- New upstream. Now BRs bison, flex.
* Fri Jan 13 2012 Fedora Release Engineering <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> -
0.7.3-40
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
* Tue Dec 6 2011 Adam Jackson <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 0.7.3-39
- Rebuild for new libpng
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #643454 - CVE-2010-3843 ettercap: insecure global settings file
[fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=643454
[ 2 ] Bug #783675 - Segfault in curses interface
https://bugzilla.redhat.com/show_bug.cgi?id=783675
[ 3 ] Bug #659903 - Segmentation Fault on ettercap
https://bugzilla.redhat.com/show_bug.cgi?id=659903
[ 4 ] Bug #785562 - ettercap 0.7.4-2 not built with $RPM_OPT_FLAGS
https://bugzilla.redhat.com/show_bug.cgi?id=785562
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update ettercap' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
https://admin.fedoraproject.org/mailman/listinfo/package-announce
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2012-1066
2012-01-31 21:18:15
--------------------------------------------------------------------------------
Name : ettercap
Product : Fedora 15
Version : 0.7.4
Release : 3.fc15
URL : http://ettercap.sourceforge.net
Summary : Network traffic sniffer/analyser, NCURSES interface version
Description :
Ettercap is a suite for man in the middle attacks on LAN. It features
sniffing of live connections, content filtering on the fly and many other
interesting tricks. It supports active and passive dissection of many
protocols (even ciphered ones) and includes many feature for network and host
analysis.
This package contains the NCURSES version.
--------------------------------------------------------------------------------
Update Information:
New upstream, and patch for insecure global settings file.
Restored RPM_OPT_FLAGS to build.
New upstream, and patch for insecure global settings file.
New upstream, and patch for insecure global settings file.
New upstream, and patch for insecure global settings file.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Jan 30 2012 Jon Ciesla <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 0.7.4-3
- RPM_OPT_FLAGS fix, BZ 785562.
* Thu Jan 26 2012 Jon Ciesla <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 0.7.4-2
- Patch for CVE-2010-3843.
* Thu Jan 26 2012 Jon Ciesla <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 0.7.4-1
- New upstream. Now BRs bison, flex.
* Fri Jan 13 2012 Fedora Release Engineering <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> -
0.7.3-40
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
* Tue Dec 6 2011 Adam Jackson <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 0.7.3-39
- Rebuild for new libpng
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #643454 - CVE-2010-3843 ettercap: insecure global settings file
[fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=643454
[ 2 ] Bug #783675 - Segfault in curses interface
https://bugzilla.redhat.com/show_bug.cgi?id=783675
[ 3 ] Bug #659903 - Segmentation Fault on ettercap
https://bugzilla.redhat.com/show_bug.cgi?id=659903
[ 4 ] Bug #785562 - ettercap 0.7.4-2 not built with $RPM_OPT_FLAGS
https://bugzilla.redhat.com/show_bug.cgi?id=785562
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update ettercap' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
https://admin.fedoraproject.org/mailman/listinfo/package-announce
Posljednje sigurnosne preporuke