• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Gnome VFS 'extfs' Scripts Undisclosed Vulnerability

Solution:
RedHat has released a Fedora Legacy advisory FLSA:1944 along with fixes for RedHat Linux. Please see the referenced advisory for more information.

RedHat has released two advisories (FEDORA-2004-272, FEDORA-2004-273) to address this issue in Fedora Core 1 and Fedora Core 2. Please see the referenced advisories for more information.

RedHat has released advisory RHSA-2004:373-13 and fixes to resolve this issue. Please see the referenced advisory for further information.

Avaya has released an advisory that acknowledges this vulnerability for Avaya products. Fixes are not currently available; customers are advised to remove Gnome packages from their server or apply patches supplied by the Operating System vendor. Please see the referenced Avaya advisory at the following location for further details:
http://support.avaya.com/japple/css/japple?temp.groupID=128450&temp.selectedFamily=128451&temp.selectedProduct=154235&temp.selectedBucket=126655&temp.feedbackState=askForFeedback&temp.documentID=198525&PAGE=avaya.css.CSSLvl1Detail&executeTransaction=avaya.css.UsageUpdate()

SGI has made available Patch 10095, correcting this vulnerability for systems running SGI Advanced Linux Environment 3:

Patch 10095 is available from http://support.sgi.com/ and
ftp://patches.sgi.com/support/free/security/patches/ProPack/3/

The individual RPMs from Patch 10095 are available from:
ftp://oss.sgi.com/projects/sgi_propack/download/3/updates/RPMS
ftp://oss.sgi.com/projects/sgi_propack/download/3/updates/SRPMS

SuSE Linux has released fixes for this issue.

Fedora Core 3 advisory FEDORA-2004-514 including an updated version of Midnight Commander is available to address this issue. Please see the referenced advisory for more information.

Red Hat has released advisory RHSA-2004:464-09 to address this issue in Midnight Commander for Red Hat Enterprise Linux. Please see the advisory in Web references for more information.


RedHat Linux 7.3 i386

• RedHat gnome-vfs-1.0.5-4.1.legacy.i386.rpm
  RedHat Linux 7.3
  http://download.fedoralegacy.org/redhat/7.3/updates/i386/gnome-vfs-1.0 .5-4.1.legacy.i386.rpm


• RedHat gnome-vfs-devel-1.0.5-4.1.legacy.i386.rpm
  RedHat Linux 7.3
  http://download.fedoralegacy.org/redhat/7.3/updates/i386/gnome-vfs-dev el-1.0.5-4.1.legacy.i386.rpm

RedHat Linux 9.0 i386

• RedHat gnome-vfs-1.0.5-13.1.legacy.i386.rpm
  RedHat Linux 9
  http://download.fedoralegacy.org/redhat/9/updates/i386/gnome-vfs-1.0.5 -13.1.legacy.i386.rpm


• RedHat gnome-vfs-devel-1.0.5-13.1.legacy.i386.rpm
  RedHat Linux 9
  http://download.fedoralegacy.org/redhat/9/updates/i386/gnome-vfs-devel -1.0.5-13.1.legacy.i386.rpm


• RedHat gnome-vfs2-2.2.2-4.1.legacy.i386.rpm
  RedHat Linux 9
  http://download.fedoralegacy.org/redhat/9/updates/i386/gnome-vfs2-2.2. 2-4.1.legacy.i386.rpm


• RedHat gnome-vfs2-devel-2.2.2-4.1.legacy.i386.rpm
  RedHat Linux 9
  http://download.fedoralegacy.org/redhat/9/updates/i386/gnome-vfs2-deve l-2.2.2-4.1.legacy.i386.rpm

S.u.S.E. Linux Personal 9.2

• SuSE gnome-vfs-1.0.5-808.2.i586.rpm
  ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/gnome-vfs-1.0.5-8 08.2.i586.rpm


• SuSE gnome-vfs2-2.6.1-38.2.i586.rpm
  ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/gnome-vfs2-2.6.1- 38.2.i586.rpm


• SuSE gnome-vfs2-doc-2.6.1-38.2.i586.rpm
  ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/gnome-vfs2-doc-2. 6.1-38.2.i586.rpm