Vulnerability BDU:2023-01948: Information

Description

Уязвимость automount-демона браузеров Tor, Firefox, Firefox ESR и почтового клиента Thunderbird, позволяющая нарушителю обойти ограничения безопасности

Severity: MEDIUM (6.5) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

URL: https://bdu.fstec.ru/vul/2023-01948
Published: Oct. 26, 2017
Modified: Oct. 26, 2017
Error type identifier: CWE-200

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
firefoxsisyphus62.0.3-alt1126.0.1-alt1ALT-PU-2018-2423-1214118Fixed
firefoxp1062.0.3-alt1118.0.2-alt0.p10.1ALT-PU-2018-2423-1214118Fixed
firefoxp962.0.3-alt1105.0.1-alt0.c9.1ALT-PU-2018-2423-1214118Fixed
firefoxp862.0.3-alt0.M80P.168.0.1-alt0.M80P.1ALT-PU-2018-2479-1214248Fixed
firefoxc10f162.0.3-alt1112.0.2-alt0.p10.1ALT-PU-2018-2423-1214118Fixed
firefoxc9f262.0.3-alt1105.0.1-alt0.c9.1ALT-PU-2018-2423-1214118Fixed
firefoxc760.6.1-alt0.M70C.160.8.0-alt0.M70C.1ALT-PU-2019-1726-1218597Fixed
firefoxp1162.0.3-alt1126.0.1-alt1ALT-PU-2018-2423-1214118Fixed
firefox-esrsisyphus60.2.0-alt1115.11.0-alt1ALT-PU-2018-2304-1212803Fixed
firefox-esrp1060.2.0-alt1115.11.0-alt1ALT-PU-2018-2304-1212803Fixed
firefox-esrp960.2.0-alt1102.11.0-alt0.c9.1ALT-PU-2018-2304-1212803Fixed
firefox-esrp860.2.0-alt0.M80P.168.4.1-alt0.M80P.1ALT-PU-2018-2343-1212912Fixed
firefox-esrc10f160.2.0-alt1115.9.1-alt0.c10.1ALT-PU-2018-2304-1212803Fixed
firefox-esrc9f260.2.0-alt1102.12.0-alt0.c9.1ALT-PU-2018-2304-1212803Fixed
firefox-esrp1160.2.0-alt1115.11.0-alt1ALT-PU-2018-2304-1212803Fixed
thunderbirdsisyphus60.3.0-alt1115.9.0-alt1ALT-PU-2018-2669-1210777Fixed
thunderbirdp1060.3.0-alt1115.9.0-alt1ALT-PU-2018-2669-1210777Fixed
thunderbirdp960.3.0-alt1102.11.0-alt0.c9.1ALT-PU-2018-2669-1210777Fixed
thunderbirdp860.7.2-alt0.M80P.160.8.0-alt0.M80P.1ALT-PU-2019-2196-1216874Fixed
thunderbirdc10f160.3.0-alt1115.9.0-alt0.c10.1ALT-PU-2018-2669-1210777Fixed
thunderbirdc9f260.3.0-alt1102.11.0-alt0.c9.1ALT-PU-2018-2669-1210777Fixed
thunderbirdc760.8.0-alt0.M70C.160.8.0-alt0.M70C.1ALT-PU-2019-2345-1234994Fixed
thunderbirdp1160.3.0-alt1115.9.0-alt1ALT-PU-2018-2669-1210777Fixed

References to Advisories, Solutions, and Tools

Vulnerability Status
Подтверждена производителем
Presence of an exploit
Существует в открытом доступе
Fix status
Уязвимость устранена
Software Type
Операционная система, Прикладное ПО информационных систем, Сетевое средство, Сетевое программное средство
Solution
Использование рекомендаций:
Для Tor:
https://blog.torproject.org/tor-browser-709-released/
https://trac.torproject.org/projects/tor/ticket/24052

Для программных продуктов Red Hat Inc.:
https://access.redhat.com/security/cve/cve-2017-16541

Для программных продуктов Mozilla Corp.:
https://www.mozilla.org/en-US/security/advisories/mfsa2018-21/
https://www.mozilla.org/en-US/security/advisories/mfsa2018-20/
https://www.mozilla.org/en-US/security/advisories/mfsa2018-25/

Для Альт Линукс:
https://cve.basealt.ru/otchet-po-obnovleniiam-ot-31072019.html

Для Debian GNU/Linux:
https://www.debian.org/security/2018/dsa-4327
https://lists.debian.org/debian-lts-announce/2018/11/msg00011.html

Для программных продуктов Novell Inc.:
https://www.suse.com/security/cve/CVE-2017-16541.html
Sources
https://access.redhat.com/security/cve/cve-2017-16541
https://www.mozilla.org/en-US/security/advisories/mfsa2018-21/
https://www.mozilla.org/en-US/security/advisories/mfsa2018-20/
https://www.mozilla.org/en-US/security/advisories/mfsa2018-25/
https://cve.basealt.ru/otchet-po-obnovleniiam-ot-31072019.html
https://safe-surf.ru/specialists/base-vulnerabilities/619388/
https://www.debian.org/security/2018/dsa-4327
https://lists.debian.org/debian-lts-announce/2018/11/msg00011.html
https://www.suse.com/security/cve/CVE-2017-16541.html
Other system identifiers
CVE-2017-16541
MFSA 2018-21
VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
Version: v24.5.3
Back to top