(RHSA-2004:373) gnome-vfs security update

2004-08-0400:00:00

access.redhat.com

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.012 Low

EPSS

Percentile

83.9%

JSON

GNOME VFS is the GNOME virtual file system. It provides a modular
architecture and ships with several modules that implement support for file
systems, HTTP, FTP, and others. The extfs backends make it possible to
implement file systems for GNOME VFS using scripts.

Flaws have been found in several of the GNOME VFS extfs backend scripts.
Red Hat Enterprise Linux ships with vulnerable scripts, but they are not
used by default. An attacker who is able to influence a user to open a
specially-crafted URI using gnome-vfs could perform actions as that user.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2004-0494 to this issue.

Users of Red Hat Enterprise Linux should upgrade to these updated packages,
which remove these unused scripts.

OSVersionArchitecturePackageVersionFilename
RedHatanyi386gnome-vfs2-devel< 2.2.5-2E.1gnome-vfs2-devel-2.2.5-2E.1.i386.rpm
RedHatanyx86_64gnome-vfs2-devel< 2.2.5-2E.1gnome-vfs2-devel-2.2.5-2E.1.x86_64.rpm
RedHatanyppcgnome-vfs2-devel< 2.2.5-2E.1gnome-vfs2-devel-2.2.5-2E.1.ppc.rpm
RedHatanyppcgnome-vfs2< 2.2.5-2E.1gnome-vfs2-2.2.5-2E.1.ppc.rpm
RedHatanyia64gnome-vfs2-devel< 2.2.5-2E.1gnome-vfs2-devel-2.2.5-2E.1.ia64.rpm
RedHatanyx86_64gnome-vfs2< 2.2.5-2E.1gnome-vfs2-2.2.5-2E.1.x86_64.rpm
RedHatanys390gnome-vfs2-devel< 2.2.5-2E.1gnome-vfs2-devel-2.2.5-2E.1.s390.rpm
RedHatanys390xgnome-vfs2< 2.2.5-2E.1gnome-vfs2-2.2.5-2E.1.s390x.rpm
RedHatanyia64gnome-vfs-devel< 1.0.1-18.1gnome-vfs-devel-1.0.1-18.1.ia64.rpm
RedHatanyi386gnome-vfs< 1.0.1-18.1gnome-vfs-1.0.1-18.1.i386.rpm

OS	Version	Architecture	Package	Version	Filename
RedHat	any	i386	gnome-vfs2-devel	< 2.2.5-2E.1	gnome-vfs2-devel-2.2.5-2E.1.i386.rpm
RedHat	any	x86_64	gnome-vfs2-devel	< 2.2.5-2E.1	gnome-vfs2-devel-2.2.5-2E.1.x86_64.rpm
RedHat	any	ppc	gnome-vfs2-devel	< 2.2.5-2E.1	gnome-vfs2-devel-2.2.5-2E.1.ppc.rpm
RedHat	any	ppc	gnome-vfs2	< 2.2.5-2E.1	gnome-vfs2-2.2.5-2E.1.ppc.rpm
RedHat	any	ia64	gnome-vfs2-devel	< 2.2.5-2E.1	gnome-vfs2-devel-2.2.5-2E.1.ia64.rpm
RedHat	any	x86_64	gnome-vfs2	< 2.2.5-2E.1	gnome-vfs2-2.2.5-2E.1.x86_64.rpm
RedHat	any	s390	gnome-vfs2-devel	< 2.2.5-2E.1	gnome-vfs2-devel-2.2.5-2E.1.s390.rpm
RedHat	any	s390x	gnome-vfs2	< 2.2.5-2E.1	gnome-vfs2-2.2.5-2E.1.s390x.rpm
RedHat	any	ia64	gnome-vfs-devel	< 1.0.1-18.1	gnome-vfs-devel-1.0.1-18.1.ia64.rpm
RedHat	any	i386	gnome-vfs	< 1.0.1-18.1	gnome-vfs-1.0.1-18.1.i386.rpm