exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Mandriva Linux Security Advisory 2009-245

Mandriva Linux Security Advisory 2009-245
Posted Sep 24, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-245 - The g_file_copy function in glib 2.0 sets the permissions of a target file to the permissions of a symbolic link (777), which allows user-assisted local users to modify files of other users, as demonstrated by using Nautilus to modify the permissions of the user home directory. This update provides a solution to this vulnerability.

tags | advisory, local
systems | linux, mandriva
advisories | CVE-2009-3289
SHA-256 | b7303f77179201e87765e107657cd61646d6660cc3ab11a9bd0f445dc8c4fed0

Mandriva Linux Security Advisory 2009-245

Change Mirror Download

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2009:245
http://www.mandriva.com/security/
_______________________________________________________________________

Package : glib2.0
Date : September 24, 2009
Affected: 2008.1, 2009.0, 2009.1, Enterprise Server 5.0
_______________________________________________________________________

Problem Description:

A vulnerability was discovered and corrected in glib2.0:

The g_file_copy function in glib 2.0 sets the permissions of a
target file to the permissions of a symbolic link (777), which
allows user-assisted local users to modify files of other users,
as demonstrated by using Nautilus to modify the permissions of the
user home directory (CVE-2009-3289).

This update provides a solution to this vulnerability.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3289
_______________________________________________________________________

Updated Packages:

Mandriva Linux 2008.1:
ae1c20e8d9112331477f1431f47158e2 2008.1/i586/glib2.0-common-2.16.2-1.2mdv2008.1.i586.rpm
fd14fb35d8a7b26ee2cae61e21136c06 2008.1/i586/glib-gettextize-2.16.2-1.2mdv2008.1.i586.rpm
84b497096a9a71555d3fd8d1f712c879 2008.1/i586/libgio2.0_0-2.16.2-1.2mdv2008.1.i586.rpm
de7c95da4c50e889da9c78941e3970ee 2008.1/i586/libglib2.0_0-2.16.2-1.2mdv2008.1.i586.rpm
2361590b32522048bcc190ea009eb419 2008.1/i586/libglib2.0-devel-2.16.2-1.2mdv2008.1.i586.rpm
d184482ba568dccf84035c5b93755c49 2008.1/SRPMS/glib2.0-2.16.2-1.2mdv2008.1.src.rpm

Mandriva Linux 2008.1/X86_64:
907f731ab0bfbd5b4ddea8b52a401be3 2008.1/x86_64/glib2.0-common-2.16.2-1.2mdv2008.1.x86_64.rpm
c974d23646c611b4e0414da1236540ec 2008.1/x86_64/glib-gettextize-2.16.2-1.2mdv2008.1.x86_64.rpm
0192faa9b22c4a8e720683dd355b6711 2008.1/x86_64/lib64gio2.0_0-2.16.2-1.2mdv2008.1.x86_64.rpm
a3ef3597c55b264cddfab163248ad8a9 2008.1/x86_64/lib64glib2.0_0-2.16.2-1.2mdv2008.1.x86_64.rpm
892df1175f288fa14100aad9d6bce63d 2008.1/x86_64/lib64glib2.0-devel-2.16.2-1.2mdv2008.1.x86_64.rpm
d184482ba568dccf84035c5b93755c49 2008.1/SRPMS/glib2.0-2.16.2-1.2mdv2008.1.src.rpm

Mandriva Linux 2009.0:
2133c89664c7d752644230af6f28d397 2009.0/i586/glib2.0-common-2.18.1-1.2mdv2009.0.i586.rpm
58ef4dd4f636f35314f633a8249328c4 2009.0/i586/glib-gettextize-2.18.1-1.2mdv2009.0.i586.rpm
194d89e8844e1dc2e80bcb27a05bfcaa 2009.0/i586/libgio2.0_0-2.18.1-1.2mdv2009.0.i586.rpm
c5f6d66e26ffa64cb35418c2daf5d090 2009.0/i586/libglib2.0_0-2.18.1-1.2mdv2009.0.i586.rpm
bfd7c4003ef1ad91c137eefd55f35047 2009.0/i586/libglib2.0-devel-2.18.1-1.2mdv2009.0.i586.rpm
37955dd7418fb7822cbdb7098cf2ea39 2009.0/SRPMS/glib2.0-2.18.1-1.2mdv2009.0.src.rpm

Mandriva Linux 2009.0/X86_64:
2f1a001b5e54002a72b16cfd8fad3822 2009.0/x86_64/glib2.0-common-2.18.1-1.2mdv2009.0.x86_64.rpm
042458c3417c73c3ba76b6a93de5988d 2009.0/x86_64/glib-gettextize-2.18.1-1.2mdv2009.0.x86_64.rpm
529cd61cc5d548a6e19465fdaa1ce65f 2009.0/x86_64/lib64gio2.0_0-2.18.1-1.2mdv2009.0.x86_64.rpm
acbcba01934b850ae7aa699821fb5e65 2009.0/x86_64/lib64glib2.0_0-2.18.1-1.2mdv2009.0.x86_64.rpm
f72882f0dba8a21683ca131b64dd084e 2009.0/x86_64/lib64glib2.0-devel-2.18.1-1.2mdv2009.0.x86_64.rpm
37955dd7418fb7822cbdb7098cf2ea39 2009.0/SRPMS/glib2.0-2.18.1-1.2mdv2009.0.src.rpm

Mandriva Linux 2009.1:
62fcdba32560bae021c1aaee8f893135 2009.1/i586/glib2.0-common-2.20.1-1.1mdv2009.1.i586.rpm
ef882c5f43b25c925cefcd4d0a003871 2009.1/i586/glib-gettextize-2.20.1-1.1mdv2009.1.i586.rpm
979d21c7ca8eef8bc81ab2588e899d0c 2009.1/i586/libgio2.0_0-2.20.1-1.1mdv2009.1.i586.rpm
67cd61d9d06b4a19c3c4d5377dfadf01 2009.1/i586/libglib2.0_0-2.20.1-1.1mdv2009.1.i586.rpm
96c2b24ac048e13cf93c61c73ac9bbcf 2009.1/i586/libglib2.0-devel-2.20.1-1.1mdv2009.1.i586.rpm
8f909b3e5122784881a84ea94cf0443d 2009.1/SRPMS/glib2.0-2.20.1-1.1mdv2009.1.src.rpm

Mandriva Linux 2009.1/X86_64:
637690f302da59aa5a13470898281056 2009.1/x86_64/glib2.0-common-2.20.1-1.1mdv2009.1.x86_64.rpm
ed01dca71724f9a299964f6edf59c86b 2009.1/x86_64/glib-gettextize-2.20.1-1.1mdv2009.1.x86_64.rpm
2a3ddb7c73e78abd6bd15fd7c829d971 2009.1/x86_64/lib64gio2.0_0-2.20.1-1.1mdv2009.1.x86_64.rpm
a44e47d08bdca6e674914df2262f6c77 2009.1/x86_64/lib64glib2.0_0-2.20.1-1.1mdv2009.1.x86_64.rpm
7ad51363e921eed94a0a1710a3cabdcd 2009.1/x86_64/lib64glib2.0-devel-2.20.1-1.1mdv2009.1.x86_64.rpm
8f909b3e5122784881a84ea94cf0443d 2009.1/SRPMS/glib2.0-2.20.1-1.1mdv2009.1.src.rpm

Mandriva Enterprise Server 5:
01450569f510200a6a18e0b11a5360e2 mes5/i586/glib2.0-common-2.18.1-1.2mdvmes5.i586.rpm
f72db45f7da3fbfde0e42ee38fa131ea mes5/i586/glib-gettextize-2.18.1-1.2mdvmes5.i586.rpm
93e7fd1becd3a58b7accd21b4fe47691 mes5/i586/libgio2.0_0-2.18.1-1.2mdvmes5.i586.rpm
fe0b723bb741cd748b3763300e06525f mes5/i586/libglib2.0_0-2.18.1-1.2mdvmes5.i586.rpm
1918d153e32f3817079cfd55eabbc45d mes5/i586/libglib2.0-devel-2.18.1-1.2mdvmes5.i586.rpm
429eb4dc41a60f541dc25d3a58b5a16a mes5/SRPMS/glib2.0-2.18.1-1.2mdvmes5.src.rpm

Mandriva Enterprise Server 5/X86_64:
ff56e85b39fbc52791cbbaccda8da9ad mes5/x86_64/glib2.0-common-2.18.1-1.2mdvmes5.x86_64.rpm
3b4dbdd21a6b278b58d18f4653139913 mes5/x86_64/glib-gettextize-2.18.1-1.2mdvmes5.x86_64.rpm
406d2832060188af668adee3e20d361a mes5/x86_64/lib64gio2.0_0-2.18.1-1.2mdvmes5.x86_64.rpm
824900021d2e4cff1075f8810a398aa5 mes5/x86_64/lib64glib2.0_0-2.18.1-1.2mdvmes5.x86_64.rpm
ce39c721b0d676865af49afd8acf2154 mes5/x86_64/lib64glib2.0-devel-2.18.1-1.2mdvmes5.x86_64.rpm
429eb4dc41a60f541dc25d3a58b5a16a mes5/SRPMS/glib2.0-2.18.1-1.2mdvmes5.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFKu0thmqjQ0CJFipgRAsTcAKCZ1SX8iSD9PaX0xiD1dBHb9BU2BgCg2VZS
a+AVv7uHtHqlcEuzMoRta0A=
=DG/m
-----END PGP SIGNATURE-----
Login or Register to add favorites

File Archive:

December 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    0 Files
  • 2
    Dec 2nd
    41 Files
  • 3
    Dec 3rd
    25 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close