[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[DONE] wml://{security/2007/dsa-1271.wml}

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- --- english/security/2007/dsa-1271.wml	2017-11-01 10:11:09.703803791 +0500
+++ russian/security/2007/dsa-1271.wml	2018-02-27 12:13:10.326512249 +0500
@@ -1,43 +1,44 @@
- -<define-tag description>design error</define-tag>
+#use wml::debian::translation-check translation="1.2" maintainer="Lev Lamberov"
+<define-tag description>оÑ?ибка пÑ?оекÑ?иÑ?ованиÑ?</define-tag>
 <define-tag moreinfo>
- -<p>A design error has been identified in the OpenAFS, a cross-platform
- -distributed filesystem included with Debian.</p>
+<p>Ð? OpenAFS, кÑ?оÑ?Ñ?плаÑ?Ñ?оÑ?менной Ñ?аÑ?пÑ?еделÑ?нной Ñ?айловой Ñ?иÑ?Ñ?еме, вÑ?одÑ?Ñ?ей в Ñ?оÑ?Ñ?ав
+Debian, бÑ?ла обнаÑ?Ñ?жена оÑ?ибка пÑ?оекÑ?иÑ?ованиÑ?.</p>
 
- -<p>OpenAFS historically has enabled setuid filesystem support for the local
- -cell.  However, with its existing protocol, OpenAFS can only use
- -encryption, and therefore integrity protection, if the user is
- -authenticated.  Unauthenticated access doesn't do integrity protection.
- -The practical result is that it's possible for an attacker with
- -knowledge of AFS to forge an AFS FetchStatus call and make an arbitrary
- -binary file appear to an AFS client host to be setuid.  If they can then
- -arrange for that binary to be executed, they will be able to achieve
- -privilege escalation.</p>
- -
- -<p>OpenAFS 1.3.81-3sarge2 changes the default behavior to disable setuid
- -files globally, including the local cell.  It is important to note that
- -this change will not take effect until the AFS kernel module, built from
- -the openafs-modules-source package, is rebuilt and loaded into your
- -kernel.  As a temporary workaround until the kernel module can be
- -reloaded, setuid support can be manually disabled for the local cell by
- -running the following command as root</p>
+<p>Ð?Ñ?Ñ?оÑ?иÑ?еÑ?ки в OpenAFS бÑ?ла вклÑ?Ñ?ена поддеÑ?жка setuid длÑ? локалÑ?ной
+Ñ?Ñ?ейки. Тем не менее, Ñ? Ñ?Ñ?Ñ?еÑ?Ñ?вÑ?Ñ?Ñ?им пÑ?оÑ?околом Ñ?айловаÑ? Ñ?иÑ?Ñ?ема OpenAFS
+можеÑ? лиÑ?Ñ? иÑ?полÑ?зоваÑ?Ñ? Ñ?иÑ?Ñ?ование и заÑ?иÑ?Ñ? Ñ?елоÑ?Ñ?ноÑ?Ñ?и в Ñ?ом Ñ?лÑ?Ñ?ае, еÑ?ли полÑ?зоваÑ?елÑ?
+аÑ?Ñ?енÑ?иÑ?иÑ?иÑ?ован. Ð?еаÑ?Ñ?енÑ?иÑ?иÑ?иÑ?ованнÑ?й доÑ?Ñ?Ñ?п не пÑ?едполагаеÑ? заÑ?иÑ?Ñ? Ñ?елоÑ?Ñ?ноÑ?Ñ?и даннÑ?Ñ?.
+Ð? иÑ?оге злоÑ?мÑ?Ñ?ленник, обладаÑ?Ñ?ий знаниÑ?ми AFS, можеÑ? подделаÑ?Ñ? AFS-вÑ?зов
+FetchStatus и Ñ?делаÑ?Ñ? Ñ?ак, Ñ?Ñ?обÑ? пÑ?оизволÑ?нÑ?й двоиÑ?нÑ?й Ñ?айл на клиенÑ?Ñ?ком AFS-Ñ?зле
+имел Ñ?лаг setuid. Ð?Ñ?ли заÑ?ем злоÑ?мÑ?Ñ?ленник можеÑ? Ñ?делаÑ?Ñ? Ñ?ак, Ñ?Ñ?обÑ? Ñ?Ñ?оÑ? Ñ?айл
+бÑ?л вÑ?полнен, Ñ?о он можеÑ? повÑ?Ñ?иÑ?Ñ? Ñ?вои пÑ?ивилегии
+в Ñ?иÑ?Ñ?еме.</p>
+
+<p>Ð? OpenAFS веÑ?Ñ?ии 1.3.81-3sarge2 пÑ?оизведенÑ? изменениÑ? поведениÑ? по Ñ?молÑ?аниÑ?. ТепеÑ?Ñ?
+Ñ?айлÑ? setuid оÑ?клÑ?Ñ?енÑ? глобалÑ?но, вклÑ?Ñ?аÑ? и локалÑ?нÑ?Ñ? Ñ?Ñ?ейкÑ?. Ð?ажно оÑ?меÑ?иÑ?Ñ?, Ñ?Ñ?о
+данное изменение не бÑ?деÑ? пÑ?именено до Ñ?еÑ? поÑ?, пока AFS-модÑ?лÑ? Ñ?дÑ?а, Ñ?обÑ?аннÑ?й из
+пакеÑ?а openafs-modules-source, не бÑ?деÑ? Ñ?обÑ?ан и загÑ?Ñ?жен заново в ваÑ?е
+Ñ?дÑ?о. Ð? каÑ?еÑ?Ñ?ве вÑ?еменного Ñ?еÑ?ениÑ? Ñ?казанной пÑ?облемÑ? до моменÑ?а пеÑ?езагÑ?Ñ?зки модÑ?лÑ?
+Ñ?дÑ?а поддеÑ?жкÑ? setuid длÑ? локалÑ?ной Ñ?Ñ?ейки можно оÑ?клÑ?Ñ?иÑ?Ñ? вÑ?Ñ?Ñ?нÑ?Ñ?,
+вÑ?полнив Ñ?ледÑ?Ñ?Ñ?Ñ?Ñ? командÑ? оÑ? лиÑ?а Ñ?Ñ?пеÑ?полÑ?зоваÑ?елÑ?</p>
 
 <p><kbd>fs setcell -cell &lt;localcell&gt; -nosuid</kbd></p>
 
- -<p>Following the application of this update, if you are certain there is
- -no security risk of an attacker forging AFS fileserver responses, you
- -can re-enable setuid status selectively with the following command,
- -however this should not be done on sites that are visible to the
- -Internet</p>
+<p>Ð?Ñ?ли вÑ? Ñ?веÑ?енÑ?, Ñ?Ñ?о поÑ?ле пÑ?именениÑ? данного обновлениÑ? длÑ? ваÑ? оÑ?Ñ?Ñ?Ñ?Ñ?Ñ?вÑ?еÑ?
+Ñ?иÑ?к Ñ?ого, Ñ?Ñ?о злоÑ?мÑ?Ñ?ленник подделаеÑ? оÑ?веÑ?Ñ? Ñ?айлового Ñ?еÑ?веÑ?а AFS, Ñ?о вÑ?
+можеÑ?е вÑ?боÑ?оÑ?но вклÑ?Ñ?иÑ?Ñ? setuid-Ñ?Ñ?аÑ?Ñ?Ñ? Ñ? помоÑ?Ñ?Ñ? Ñ?казанной ниже командÑ?, но
+Ñ?Ñ?ого не Ñ?ледÑ?еÑ? делаÑ?Ñ? на маÑ?инаÑ?, видимÑ?Ñ? в Ñ?еÑ?и
+Ð?нÑ?еÑ?неÑ?</p>
 
 <p><kbd>fs setcell -cell &lt;localcell&gt; -suid</kbd></p>
 
- -<p>For the stable distribution (sarge), this problem has been fixed in
- -version 1.3.81-3sarge2.</p>
+<p>Ð? Ñ?Ñ?абилÑ?ном вÑ?пÑ?Ñ?ке (sarge) Ñ?Ñ?а пÑ?облема бÑ?ла иÑ?пÑ?авлена в
+веÑ?Ñ?ии 1.3.81-3sarge2.</p>
 
- -<p>For the unstable distribution (sid) and the upcoming stable
- -distribution (etch), this problem will be fixed in version 1.4.2-6.</p>
+<p>Ð? неÑ?Ñ?абилÑ?ном (sid) и гоÑ?овÑ?Ñ?емÑ?Ñ? Ñ?Ñ?абилÑ?ном (etch) вÑ?пÑ?Ñ?каÑ?
+Ñ?Ñ?а пÑ?облема бÑ?деÑ? иÑ?пÑ?авлена в веÑ?Ñ?ии 1.4.2-6.</p>
 
- -<p>We recommend that you upgrade your openafs package.</p>
+<p>РекомендÑ?еÑ?Ñ?Ñ? обновиÑ?Ñ? пакеÑ? openafs.</p>
 </define-tag>
 
 # do not modify the following line
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE3mumcdV9mwCc9oZQXudu4gIW0qUFAlqVBQ0ACgkQXudu4gIW
0qVQ3A//fGTrPde6wnDpqGHW6cOq/DEAW/nXBjl6po8Q2+iDd3Grn5zXsfqcEM/5
NiepSORwHzYXsT8bloceOkvnRJOrCI4056J6dW4Y/n4ITGQMGXneCwUt56uITobR
Ya6T3CQWxgLxK1+XpRvwJYlSzfwVDRiUo0UaEUA9mnlMduRU4QbF6aolC50KpCbP
IqxFDYUYTF045hteGDgRlLADuqmbqFAfbyllfndkQm2rAszJicwSPZJaKZXVXYnt
65RQoq7rDSCnHIUOJessJi/0w2BxY2AnjzX0S6HijU7v4A0e4JMYmrw45pQn9oMG
Por+g67pO6mxPOlq3xHzpGXMgUeakD7sB/STs74e8R+MELVjmC05PjEBb9Dx+f9R
P8kxj5rn02/jnFFsOgVDDe7NZLiOQDZbkiektqFenTxjMwQ1lYKRAjgTKgdrbVOX
WAIrQiES307ETJ99bMohCVOLiVO2wQu7SjPFwkOba+5Nw0QrgGdwrvygaKJfMp33
3Yln1PYQkC0BgFjhezDBjPvh5RlGZrJj8+2DQiYkHeAJL7dcwPuB4Xgt4KGWVq1a
H0qMogNYs+U7U44zQJa9oQpSbj2e1sJIcHUbwQMOhKGJ5xFcG5iLLTSha4UvF/lV
9F/y6b7D3GU1FcRI93K6EKk9bfeaf0Z/su5xCJSxo6XqdQiXHmA=
=wjPR
-----END PGP SIGNATURE-----
Reply to: