Oracle Solaris Third-Party Patch Update : gnome (cve_2007_4460_symlink_attack)

This script is Copyright (C) 2015 Tenable Network Security, Inc.


Synopsis :

The remote Solaris system is missing a security patch for third-party
software.

Description :

The remote Solaris system is missing necessary patches to address
security updates :

- The RenderV2ToFile function in tag_file.cpp in id3lib
(aka libid3) 3.8.3 allows local users to overwrite
arbitrary files via a symlink attack on a temporary file
whose name is constructed from the name of a file being
tagged. (CVE-2007-4460)

- poppler before 0.22.1 allows context-dependent attackers
to cause a denial of service (crash) and possibly
execute arbitrary code via vectors that trigger an
'invalid memory access' in (1) splash/Splash.cc, (2)
poppler/Function.cc, and (3) poppler/Stream.cc.
(CVE-2013-1788)

- splash/Splash.cc in poppler before 0.22.1 allows
context-dependent attackers to cause a denial of service
(NULL pointer dereference and crash) via vectors related
to the (1) Splash::arbitraryTransformMask, (2)
Splash::blitMask, and (3) Splash::scaleMaskYuXu
functions. (CVE-2013-1789)

- poppler/Stream.cc in poppler before 0.22.1 allows
context-dependent attackers to have an unspecified
impact via vectors that trigger a read of uninitialized
memory by the CCITTFaxStream::lookChar function.
(CVE-2013-1790)

See also :

http://www.nessus.org/u?b5f8def1
http://www.nessus.org/u?67e14e4c
http://www.nessus.org/u?e71b3f9a

Solution :

Upgrade to Solaris 11.1.10.5.0.

Risk factor :

High / CVSS Base Score : 7.2
(CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)

Family: Solaris Local Security Checks

Nessus Plugin ID: 80625 ()

Bugtraq ID:

CVE ID: CVE-2007-4460
CVE-2013-1788
CVE-2013-1789
CVE-2013-1790

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now