安全研究
安全漏洞
SuSE XScreenSaver多个安全漏洞
发布日期:2003-11-28
更新日期:2006-06-06
受影响系统:
Jamie Zawinski XScreenSaver <= 4.15描述:
BUGTRAQ ID: 9125
CVE(CAN) ID: CVE-2003-1294
SuSE是一款开放源代码的Linux操作系统。
SuSE包含的xscreensaver存在多个漏洞,本地攻击者进行拒绝服务攻击,或可能进行权限提升。
xscreensaver处理验证信息校验时存在问题,可导致崩溃保护程序崩溃,另外xscreensaver在处理验证时会以不安全的方式建立临时文件,可导致破坏本地系统文件。
<*来源:SuSE advisory
链接:http://secunia.com/advisories/20224/print/
http://lwn.net/Alerts/184909
*>
建议:
厂商补丁:
RedHat
------
RedHat已经为此发布了一个安全公告(RHSA-2006:0498-01)以及相应补丁:
RHSA-2006:0498-01:Moderate: xscreensaver security update
链接:http://lwn.net/Alerts/184909
补丁下载:
Red Hat Enterprise Linux AS (Advanced Server) version 2.1:
SRPMS:
ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/xscreensaver-3.33-4.rhel21.3.src.rpm
f8a3f186605e8c1e94118d560724cd0c xscreensaver-3.33-4.rhel21.3.src.rpm
i386:
3f48fa1db2d0c4224dd968a3a4a10033 xscreensaver-3.33-4.rhel21.3.i386.rpm
ia64:
dfe54c3a32cc18cd4cdf4ccfe073cba0 xscreensaver-3.33-4.rhel21.3.ia64.rpm
Red Hat Linux Advanced Workstation 2.1:
SRPMS:
ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/xscreensaver-3.33-4.rhel21.3.src.rpm
f8a3f186605e8c1e94118d560724cd0c xscreensaver-3.33-4.rhel21.3.src.rpm
ia64:
dfe54c3a32cc18cd4cdf4ccfe073cba0 xscreensaver-3.33-4.rhel21.3.ia64.rpm
Red Hat Enterprise Linux ES version 2.1:
SRPMS:
ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/xscreensaver-3.33-4.rhel21.3.src.rpm
f8a3f186605e8c1e94118d560724cd0c xscreensaver-3.33-4.rhel21.3.src.rpm
i386:
3f48fa1db2d0c4224dd968a3a4a10033 xscreensaver-3.33-4.rhel21.3.i386.rpm
Red Hat Enterprise Linux WS version 2.1:
SRPMS:
ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/xscreensaver-3.33-4.rhel21.3.src.rpm
f8a3f186605e8c1e94118d560724cd0c xscreensaver-3.33-4.rhel21.3.src.rpm
i386:
3f48fa1db2d0c4224dd968a3a4a10033 xscreensaver-3.33-4.rhel21.3.i386.rpm
Red Hat Enterprise Linux AS version 3:
SRPMS:
ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/xscreensaver-4.10-20.src.rpm
aeb44a2230e0891747e7c678e165c2b0 xscreensaver-4.10-20.src.rpm
i386:
32064f1c5108a2fc8d440099113a915f xscreensaver-4.10-20.i386.rpm
c3c5cbe5a9f4dc689ba1cc8168dfda10 xscreensaver-debuginfo-4.10-20.i386.rpm
ia64:
ac46f647bd7930f3dcf10b74d4f8f9ec xscreensaver-4.10-20.ia64.rpm
ebf73db97fdda4f4d65e6897050ca206 xscreensaver-debuginfo-4.10-20.ia64.rpm
ppc:
6023bea1b1145194a72487f7418b9c8b xscreensaver-4.10-20.ppc.rpm
fcb479f611c9053efd9d845bcdbc7ffe xscreensaver-debuginfo-4.10-20.ppc.rpm
s390:
0e9f6a02afe107a9b52334eb89c0a0b1 xscreensaver-4.10-20.s390.rpm
26f350733c38fc054ea14b3cf8f08b77 xscreensaver-debuginfo-4.10-20.s390.rpm
s390x:
e48435174e377c0c7b78b2f87c16aab5 xscreensaver-4.10-20.s390x.rpm
7772d366de77b390edd9e3593b1d6d5b xscreensaver-debuginfo-4.10-20.s390x.rpm
可使用下列命令安装补丁:
rpm -Fvh [文件名]
Jamie Zawinski
--------------
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
http://www.jwz.org/xscreensaver/download.html
浏览次数:3396
严重程度:0(网友投票)
绿盟科技给您安全的保障