Oracle Solaris Third-Party Patch Update : gnome (cve_2007_4460_symlink_attack)

high Nessus Plugin ID 80625

Synopsis

The remote Solaris system is missing a security patch for third-party software.

Description

The remote Solaris system is missing necessary patches to address security updates :

- The RenderV2ToFile function in tag_file.cpp in id3lib (aka libid3) 3.8.3 allows local users to overwrite arbitrary files via a symlink attack on a temporary file whose name is constructed from the name of a file being tagged. (CVE-2007-4460)

- poppler before 0.22.1 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors that trigger an 'invalid memory access' in (1) splash/Splash.cc, (2) poppler/Function.cc, and (3) poppler/Stream.cc.
(CVE-2013-1788)

- splash/Splash.cc in poppler before 0.22.1 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to the (1) Splash::arbitraryTransformMask, (2) Splash::blitMask, and (3) Splash::scaleMaskYuXu functions. (CVE-2013-1789)

- poppler/Stream.cc in poppler before 0.22.1 allows context-dependent attackers to have an unspecified impact via vectors that trigger a read of uninitialized memory by the CCITTFaxStream::lookChar function.
(CVE-2013-1790)

Solution

Upgrade to Solaris 11.1.10.5.0.

See Also

http://www.nessus.org/u?4a913f44

http://www.nessus.org/u?970742a4

http://www.nessus.org/u?b9b3af73

Plugin Details

Severity: High

ID: 80625

File Name: solaris11_gnome_20130924.nasl

Version: 1.3

Type: local

Published: 1/19/2015

Updated: 1/14/2021

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 7.2

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/o:oracle:solaris:11.1, p-cpe:/a:oracle:solaris:gnome

Required KB Items: Host/local_checks_enabled, Host/Solaris11/release, Host/Solaris11/pkg-list

Patch Publication Date: 9/24/2013

Reference Information

CVE: CVE-2007-4460, CVE-2013-1788, CVE-2013-1789, CVE-2013-1790