English | Deutsch | Español | Português
 UserID:
 Passwd:
new user
 About:   Dedicated  | Advanced  | Standard  | Recurring  | No Risk  | Desktop  | Basic  | Single  | Security Seal  | FAQ
  Price/Feature Summary  | Order  | New Vulnerabilities  | Confidentiality  | Vulnerability Search
 Vulnerability   
Search   
    Search 148472 CVE descriptions
and 72306 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 --------------------------------------------------------------------------
   Turbolinux Security Advisory TLSA-2005-13
   http://www.turbolinux.co.jp/security/
                                             security-team@turbolinux.co.jp
 --------------------------------------------------------------------------

 Original released date: 31 Jan 2005
 Last revised: 22 Feb 2005

 Package: netatalk

 Summary: Symlink attack may allow arbitrary file overwriting

 More information:
    Netatalk is an implementation of the AppleTalk Protocol Suite for
    Unix/Linux systems.

    A vulnerability in the manner in which netatalk handles temporary files
    could allow local users to overwrite arbitrary files via a symlink attack.

 Impact:
    This vulerability may allow local users to overwrite arbitrary files
    via a symbolic link attack.

 Affected Products:
    - Turbolinux Appliance Server 1.0 Hosting Edition
    - Turbolinux Appliance Server 1.0 Workgroup Edition
    - Turbolinux 10 Server
    - Turbolinux 8 Server
    - Turbolinux 8 Workstation
    - Turbolinux 7 Server
    - Turbolinux 7 Workstation

 Solution:
    Please use the turbopkg (zabom) tool to apply the update. 
 ---------------------------------------------
 # turbopkg
 or
 # zabom update netatalk netatalk-devel
 ---------------------------------------------


 <Turbolinux Appliance Server 1.0 Hosting Edition>

   Source Packages
   Size: MD5

   netatalk-1.5.3.1-9.src.rpm
       609552 78f0195e98da6aa3099b52819f394e8c

   Binary Packages
   Size: MD5

   netatalk-1.5.3.1-9.i586.rpm
       332397 06e4b6efe05ab2602900f1e67183b3a7

 <Turbolinux Appliance Server 1.0 Workgroup Edition>

   Source Packages
   Size: MD5

   netatalk-1.6.4-12.src.rpm
       739387 719d6ce58a4c8fb269d16596dd592b71

   Binary Packages
   Size: MD5

   netatalk-1.6.4-12.i586.rpm
       357514 c7b778e198cb37c98df37e88de01fa59
   netatalk-devel-1.6.4-12.i586.rpm
        75926 e3831d80494c4c4addca5d687de8d3d1

 <Turbolinux 10 Server>

   Source Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/SRPMS/netatalk-1.6.4-12.src.rpm
       739387 d0b8b6db55bb0f02259177cdc842239f

   Binary Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/netatalk-1.6.4-12.i586.rpm
       373863 70fea31008c80d04921f941211c5007c
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/netatalk-debug-1.6.4-12.i586.rpm
      1117197 1cceeeed067dd935dbb9bce22c7863ec
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/netatalk-devel-1.6.4-12.i586.rpm
        76831 a9ebfaf3c7f4d21c1006a3417378be6f

 <Turbolinux 8 Server>

   Source Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/SRPMS/netatalk-1.5.3.1-8.src.rpm
       609435 a726fbcd1b151575be7762b9d4f3a5b3

   Binary Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/netatalk-1.5.3.1-8.i586.rpm
       340525 106a4b43bc89dc325033022d5ebc0f2a
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/netatalk-devel-1.5.3.1-8.i586.rpm
        62778 2b33a74da3352f77dc816274fa7588e3

 <Turbolinux 8 Workstation>

   Source Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/SRPMS/netatalk-1.5.2-2.src.rpm
       800817 96e0841dec8ac28cc112f1f02a9b73c9

   Binary Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/netatalk-1.5.2-2.i586.rpm
       339704 4ef7cf4ef7389c50fd41b3d6b2eb4a71
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/netatalk-devel-1.5.2-2.i586.rpm
        62028 726a249c7ed0b406c9f7f99d92f7ce46

 <Turbolinux 7 Server>

   Source Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/SRPMS/netatalk-1.5pre8-2.src.rpm
       599952 1dcba6ce5a384d518709de4eebf2eb9e

   Binary Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/netatalk-1.5pre8-2.i586.rpm
       318838 39f32dfebab4392d0b1582087b8a5c5e
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/netatalk-devel-1.5pre8-2.i586.rpm
        61317 2751e06623a991603af22eae009b7a74

 <Turbolinux 7 Workstation>

   Source Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/SRPMS/netatalk-1.5pre8-2.src.rpm
       599952 623f4495a73c09079f6fdabae52b3c0f

   Binary Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/netatalk-1.5pre8-2.i586.rpm
       318685 ca6c8f5e41a414af8f570cdead4f73f0
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/netatalk-devel-1.5pre8-2.i586.rpm
        61420 5a9329c07ccde291d40d1979be6eefe7


 References:

 CVE
   [CAN-2004-0974]
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0974

 --------------------------------------------------------------------------
 Revision History
    31 Jan 2005 Initial release
    22 Feb 2005 Added Turbolinux Appliance Server 1.0 Hosting Edition,
                      Turbolinux Appliance Server 1.0 Workgroup Edition,
                      Turbolinux 10 Server
 --------------------------------------------------------------------------

 Copyright(C) 2005 Turbolinux, Inc. All rights reserved. 

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.7 (GNU/Linux)

iD8DBQFCGtB8K0LzjOqIJMwRAiiQAJ4x7HuWzeyt/Qv0SDjJ3jXOXTsBlwCdFwM0
ew5rWhGSVC/hcbTsnk707RI=
=Curj
-----END PGP SIGNATURE-----

New User Registration
Email:
UserID:
Passwd:
Please email me your monthly newsletters, informing the latest services, improvements & surveys.
Please email me a vulnerability test announcement whenever a new test is added.
   Privacy
Registered User Login
 
UserID:   
Passwd:  

 Forgot userid or passwd?
Email/Userid:




Home | About Us | Contact Us | Partner Programs | Developer APIs | Privacy | Mailing Lists | Abuse
Security Audits | Managed DNS | Network Monitoring | Site Analyzer | Internet Research Reports
Web Probe

© 1998-2019 E-Soft Inc. All rights reserved.