{"$ref":"https://www.cert.ssi.gouv.fr/openapi.json","affected_systems":[{"description":"FreeBSD 5.0, FreeBSD 4.8 et versions ant\u00e9rieures ;","product":{"name":"N/A","vendor":{"name":"FreeBSD","scada":false}}},{"description":"Versions de Mac OS X ant\u00e9rieures \u00e0 10.2.6.","product":{"name":"N/A","vendor":{"name":"FreeBSD","scada":false}}},{"description":"OpenBSD 3.3 et versions ant\u00e9rieures ;","product":{"name":"OpenBSD","vendor":{"name":"OpenBSD","scada":false}}},{"description":"NetBSD 1.6.1 et versions ant\u00e9rieures ;","product":{"name":"N/A","vendor":{"name":"NetBSD","scada":false}}}],"affected_systems_content":null,"content":"## Description\n\nUne vuln\u00e9rabilit\u00e9 de type d\u00e9bordement de m\u00e9moire est pr\u00e9sente dans la\nfonction realpath() de la biblioth\u00e8que standard C (libc) sur diff\u00e9rents\nsyst\u00e8mes d'exploitation de souche BSD (FreeBSD, NetBSD, OpenBSD, Mac OS\nX).\n\nCette vuln\u00e9rabilit\u00e9 peut \u00eatre exploit\u00e9e au travers d'applications\nutilisant cette fonction, comme le service ftp (ftpd), pour r\u00e9aliser une\nex\u00e9cution de code arbitraire pouvant entra\u00eener une \u00e9l\u00e9vation de\nprivil\u00e8ges ou un d\u00e9ni de service.\n\n## Solution\n\nAppliquer le correctif de l'\u00e9diteur :\n\n-   Bulletin de s\u00e9curit\u00e9 FreeBSD-SA-03-08 de FreeBSD :\n\n        ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-03:08.realpath.asc\n\n-   Bulletin de s\u00e9curit\u00e9 NetBSD-SA2003-011 de NetBSD :\n\n        ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-011.txt.asc\n\n-   Bulletin de s\u00e9curit\u00e9 d'OpenBSD :\n\n        http://www.openbsd.org/errata.html#realpath\n\n-   Bulletin de s\u00e9curit\u00e9 d'Apple pour Mac OS X Server :\n\n        http://docs.info.apple.com/article.html?artnum=120238\n\n-   Bulletin de s\u00e9curit\u00e9 d'Apple pour Mac OS X Client :\n\n        http://docs.info.apple.com/article.html?artnum=120239\n","cves":[],"links":[],"reference":"CERTA-2003-AVI-134","revisions":[{"description":"version initiale.","revision_date":"2003-08-06T00:00:00.000000"},{"description":"ajout r\u00e9f\u00e9rences aux bulletins de s\u00e9curit\u00e9 d'Apple pour Mac OS X.","revision_date":"2003-08-18T00:00:00.000000"}],"risks":[{"description":"Ex\u00e9cution de code arbitraire \u00e0 distance"},{"description":"D\u00e9ni de service"},{"description":"\u00c9l\u00e9vation de privil\u00e8ges"}],"summary":null,"title":"Vuln\u00e9rabilit\u00e9 de la fonction realpath pour les syst\u00e8mes BSD","vendor_advisories":[{"published_at":null,"title":"Avis de s\u00e9curit\u00e9 d'OpenBSD","url":null},{"published_at":null,"title":"Avis de s\u00e9curit\u00e9 2003-011 de NetBSD","url":null},{"published_at":null,"title":"Note VU#743092 du CERT/CC","url":"http://www.kb.cert.org/vuls/id/743092"},{"published_at":null,"title":"Avis de s\u00e9curit\u00e9 FreeBSD-SA-03:08 de FreeBSD","url":null}]}