Contact | Site en Français               

 


 

Vulnerabilities & Threats
 
  VUPEN Security Advisories
  Linux Security Advisories

  Malware Advisories
  Security Research
  Threat Watch Blog
  Zero-Day Monitor
  Search Engine
  Mailing List & RSS
 
   

>> Fedora Security Update Fixes id3lib Insecure Temporary Files Vulnerability

Title : Fedora Security Update Fixes id3lib Insecure Temporary Files Vulnerability
VUPEN ID : VUPEN/ADV-2007-2961
CVE ID : CVE-2007-4460
Rated as : Low Risk 
Remotely Exploitable : No
Locally Exploitable : Yes
Release Date : 2007-08-27

Technical Description    Receive VUPEN Security alerts in a Text format  Receive VUPEN Security alerts in a PDF format  Receive VUPEN Security alerts in an XML format  Receive VUPEN Security notifications by SMS 

A vulnerability has been identified in Fedora, which could be exploited by malicious users to bypass security restrictions. This issue is caused by an error in the "RenderV2ToFile()" [tag_file.cpp] function within id3lib that handles temporary files in an insecure manner, which could allow malicious users to conduct symlink attacks and create or overwrite arbitrary files with the privileges of the user invoking the vulnerable library.

Affected Products

Fedora 7

Solution

Upgrade the affected packages :

e6b3087e4bbf2dfa8dd88f41b6ea9877992e386f id3lib-3.8.3-17.fc7.ppc64.rpm
5dbd4f22a208836933133c1c0fb241c939394dc0 id3lib-debuginfo-3.8.3-17.fc7.ppc64.rpm
6be196648013797251adfeaae6b52720c25f94d4 id3lib-devel-3.8.3-17.fc7.ppc64.rpm
c4cc4c16f97561fae3a5f70330ab7964c1640969 id3lib-3.8.3-17.fc7.i386.rpm
2b5ae4415358b2c59247b264b3b1d1a99cbd2b9a id3lib-devel-3.8.3-17.fc7.i386.rpm
0f2544b47b544b9e8ca54e19c21ed2b2b3a210d4 id3lib-debuginfo-3.8.3-17.fc7.i386.rpm
037f38b2988545ad440c5174a7313c4fec58f0f1 id3lib-debuginfo-3.8.3-17.fc7.x86_64.rpm
ab54ab72585de3a83ef4b7502e04e57dfe6e4ab7 id3lib-3.8.3-17.fc7.x86_64.rpm
e167543feb1561e259edbcc0e49cf63487ed2eb1 id3lib-devel-3.8.3-17.fc7.x86_64.rpm
f836a7b9b33c183fc6009d611c1efd1dee4a0876 id3lib-3.8.3-17.fc7.ppc.rpm
7e2badfdca50550fdf15d0f467d4c5e4843a7e7b id3lib-debuginfo-3.8.3-17.fc7.ppc.rpm
cdfa2d1d118b41d394278f4330a63f7b47bf46ea id3lib-devel-3.8.3-17.fc7.ppc.rpm
3a9864090c09df3d7aa82eeacb6adaff2ec19592 id3lib-3.8.3-17.fc7.src.rpm

References

http://www.vupen.com/english/advisories/2007/2961
https://www.redhat.com/archives/fedora-package-announce/2007-August/msg00358.html

ChangeLog

2007-08-27 : Initial release

Vulnerability Management

Subscribe to VUPEN VNS and receive real-time e-mail and SMS alerts when new advisories or patches relevant to your systems and network configurations are available.

Feedback

If you have additional information or corrections for this security advisory please submit them via our contact form.
 

Vulnerability Alerting

Free 14-Day Trial
 
  Latest News

 

  >> 2009-06-10

     

  VUPEN Security Research
  Discovered Critical Flaws
  in Adobe Acrobat and MS
  Office Word


  >> 2009-06-02

     

  VUPEN Security Research
  Discovered Critical Flaws
  in ACDSee Products


  >> 2009-05-22

     

  VUPEN Discovered Two
  Critical Vulnerabilities in
  Novell GroupWise 8 / 7


  >> 2009-05-12

     

  Microsoft Patched 14
  Office PowerPoint Flaws

 

  >> 2009-04-28

     

  Adobe Reader / Acrobat
  Vulnerabilities Disclosed

 

 

More Informations    
    








Copyright 2003-2009 © VUPEN.COM - Privacy Policy