CERTA-2004-AVI-221
Vulnerability from certfr_avis
Plusieurs vulnérabilités dans GNATS permettent à un utilisateur mal intentionné d'élever ses privilèges.
Description
GNATS est un outil de gestion de rapports de défauts (bug report).
Plusieurs débordements de mémoire dans GNATS permettent à un utilisateur
mal intentionné d'élever ses privilèges et d'obtenir ceux du
super-utilisateur root.
Contournement provisoire
Enlever le drapeau setuid des binaires GNATS (cela peut entraîner des limitations).
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "GNATS version 3.113.1 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "GNATS version 3.113 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "GNATS version 3.2.",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "GNATS version 3.002 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Description\n\nGNATS est un outil de gestion de rapports de d\u00e9fauts (bug report). \nPlusieurs d\u00e9bordements de m\u00e9moire dans GNATS permettent \u00e0 un utilisateur\nmal intentionn\u00e9 d\u0027\u00e9lever ses privil\u00e8ges et d\u0027obtenir ceux du\nsuper-utilisateur root.\n\n## Contournement provisoire\n\nEnlever le drapeau setuid des binaires GNATS (cela peut entra\u00eener des\nlimitations).\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [],
"initial_release_date": "2004-07-05T00:00:00",
"last_revision_date": "2004-07-05T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 INetCop :",
"url": "http://x82.inetcop.org/h0me/adv1sor1es/INCSA.2003-0x82-018-GNATS-bt.txt"
},
{
"title": "Site Internet de GNATS :",
"url": "http://www.gnu.org/software/gnats/gnats.html"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 FreeBSD pour GNATS du 02 juillet 2004 :",
"url": "http://www.vuxml.org/freebsd/"
}
],
"reference": "CERTA-2004-AVI-221",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2004-07-05T00:00:00.000000"
}
],
"risks": [
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "Plusieurs vuln\u00e9rabilit\u00e9s dans GNATS permettent \u00e0 un utilisateur mal\nintentionn\u00e9 d\u0027\u00e9lever ses privil\u00e8ges.\n",
"title": "Vuln\u00e9rabilit\u00e9 de GNATS",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 INetCop #2003-0x82-018",
"url": null
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…