1 2 3 4 5 6

Vulnerabilidades rss pdf

Coordinación de Seguridad de la Información - UNAM-CERT -- DGTIC-UNAM

Vulnerabilidad de Seguridad UNAM-CERT-2005-499 Actualización de Debian para Mozilla.

Debian liberó una actualización para la Suite de Mozilla. Esta repara varias vulnerabilidades que pueden explotarse para manipular datos, burlar ciertas restricciones de seguridad, ataques de spoofing y comprometer el sistema de un usuario.

  • Fecha de Liberación: 20-Oct-2005
  • Ultima Revisión: 21-Oct-2005
  • Fuente:

    Debian Security Notice.
    DSA-866-1 mozilla
  • CVE ID: CAN-2005-2701 CAN-2005-2702 CAN-2005-2703 CAN-2005-2704 CAN-2005-2705 CAN-2005-2706 CAN-2005-2707 CAN-2005-2871 CAN-2005-2968
  • Riesgo Altamente crítico
  • Problema de Vulnerabilidad Remoto
  • Tipo de Vulnerabilidad Múltiples vulnerabilidades

Sistemas Afectados

Debian GNU/Linux 3.1 alias sarge Mozilla Suite < 1.7.8-1sarge3
Debian GNU/Linux unstable alias sid Mozilla Suite < 1.7.12-1

  1. Descripción

    Debian liberó una actualización para la Suite de Mozilla. Esta repara varias vulnerabilidades que pueden explotarse por personas maliciosas para manipular datos, burlar ciertas restricciones de seguridad, ataques de spoofing y comprometer el sistema de un usuario.

  2. Impacto

    Security Bypass.

    Spoofing.

    Manipulación de datos.

    Acceso al sistema.

  3. Solución

    Aplicar paquetes actualizados.

    -- Debian GNU/Linux 3.1 (sarge) --

    Código Fuente:
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge3.dsc
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge3.diff.gz
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8.orig.tar.gz
    Alpha:
    http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge3_alpha.deb
    http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge3_alpha.deb
    http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge3_alpha.deb
    http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge3_alpha.deb
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge3_alpha.deb
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge3_alpha.deb
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge3_alpha.deb
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge3_alpha.deb
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge3_alpha.deb
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge3_alpha.deb
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge3_alpha.deb
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge3_alpha.deb
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge3_alpha.deb
    AMD64:
    http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge3_amd64.deb
    http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge3_amd64.deb
    http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge3_amd64.deb
    http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge3_amd64.deb
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge3_amd64.deb
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge3_amd64.deb
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge3_amd64.deb
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge3_amd64.deb
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge3_amd64.deb
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge3_amd64.deb
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge3_amd64.deb
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge3_amd64.deb
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge3_amd64.deb
    ARM:
    http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge3_arm.deb
    http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge3_arm.deb
    http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge3_arm.deb
    http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge3_arm.deb
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge3_arm.deb
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge3_arm.deb
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge3_arm.deb
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge3_arm.deb
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge3_arm.deb
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge3_arm.deb
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge3_arm.deb
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge3_arm.deb
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge3_arm.deb
    Intel IA-32:
    http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge3_i386.deb
    http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge3_i386.deb
    http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge3_i386.deb
    http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge3_i386.deb
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge3_i386.deb
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge3_i386.deb
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge3_i386.deb
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge3_i386.deb
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge3_i386.deb
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge3_i386.deb
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge3_i386.deb
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge3_i386.deb
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge3_i386.deb
    Intel IA-64:
    http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge3_ia64.deb
    http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge3_ia64.deb
    http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge3_ia64.deb
    http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge3_ia64.deb
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge3_ia64.deb
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge3_ia64.deb
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge3_ia64.deb
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge3_ia64.deb
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge3_ia64.deb
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge3_ia64.deb
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge3_ia64.deb
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge3_ia64.deb
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge3_ia64.deb
    HPPA:
    http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge3_hppa.deb
    http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge3_hppa.deb
    http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge3_hppa.deb
    http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge3_hppa.deb
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge3_hppa.deb
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge3_hppa.deb
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge3_hppa.deb
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge3_hppa.deb
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge3_hppa.deb
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge3_hppa.deb
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge3_hppa.deb
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge3_hppa.deb
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge3_hppa.deb
    Motorola 680x0:
    http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge3_m68k.deb
    http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge3_m68k.deb
    http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge3_m68k.deb
    http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge3_m68k.deb
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge3_m68k.deb
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge3_m68k.deb
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge3_m68k.deb
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge3_m68k.deb
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge3_m68k.deb
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge3_m68k.deb
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge3_m68k.deb
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge3_m68k.deb
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge3_m68k.deb
    Big endian MIPS:
    http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge3_mips.deb
    http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge3_mips.deb
    http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge3_mips.deb
    http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge3_mips.deb
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge3_mips.deb
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge3_mips.deb
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge3_mips.deb
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge3_mips.deb
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge3_mips.deb
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge3_mips.deb
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge3_mips.deb
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge3_mips.deb
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge3_mips.deb
    Little endian MIPS:
    http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge3_mipsel.deb
    http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge3_mipsel.deb
    http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge3_mipsel.deb
    http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge3_mipsel.deb
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge3_mipsel.deb
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge3_mipsel.deb
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge3_mipsel.deb
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge3_mipsel.deb
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge3_mipsel.deb
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge3_mipsel.deb
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge3_mipsel.deb
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge3_mipsel.deb
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge3_mipsel.deb
    PowerPC:
    http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge3_powerpc.deb
    http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge3_powerpc.deb
    http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge3_powerpc.deb
    http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge3_powerpc.deb
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge3_powerpc.deb
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge3_powerpc.deb
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge3_powerpc.deb
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge3_powerpc.deb
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge3_powerpc.deb
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge3_powerpc.deb
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge3_powerpc.deb
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge3_powerpc.deb
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge3_powerpc.deb
    IBM S/390:
    http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge3_s390.deb
    http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge3_s390.deb
    http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge3_s390.deb
    http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge3_s390.deb
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge3_s390.deb
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge3_s390.deb
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge3_s390.deb
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge3_s390.deb
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge3_s390.deb
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge3_s390.deb
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge3_s390.deb
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge3_s390.deb
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge3_s390.deb
    Sun Sparc:
    http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge3_sparc.deb
    http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge3_sparc.deb
    http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge3_sparc.deb
    http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge3_sparc.deb
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge3_sparc.deb
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge3_sparc.deb
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge3_sparc.deb
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge3_sparc.deb
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge3_sparc.deb
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge3_sparc.deb
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge3_sparc.deb
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge3_sparc.deb
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge3_sparc.deb

    Para la distribución unstable (sid) los problemas fueron corregidos en la versión 1.7.12-1.

  4. Apéndices

    Mayor información.

    http://www.debian.org/security/2005/dsa-866
    http://www.seguridad.unam.mx/vulnerabilidadesDB-vulne=4759
    http://www.seguridad.unam.mx/vulnerabilidadesDB-vulne=4776
    http://www.seguridad.unam.mx/vulnerabilidadesDB-vulne=4781

La Coordinación de Seguridad de la Información/UNAM-CERT agradece el apoyo en la elaboración ó traducción y revisión de éste Documento a:

  • Floriberto López Velázquez (flopez at seguridad dot unam dot mx)

UNAM-CERT
Equipo de Respuesta a Incidentes UNAM
Coordinación de Seguridad de la Información

incidentes at seguridad.unam.mx
phishing at seguridad.unam.mx
http://www.cert.org.mx
http://www.seguridad.unam.mx
ftp://ftp.seguridad.unam.mx
Tel: 56 22 81 69
Fax: 56 22 80 47

Universidad Nacional Autonoma de México Aviso legal |  Créditos |  Staff |  Administración
Copyright © Todos los derechos reservados
UNAM - CERT