Red Hat Local Security Checks : RedHat Security Advisory RHSA-2003:289

Preis/Funktionszusammenfassung | Bestellen | Neue Anfälligkeiten | Vertraulichkeit | Anfälligkeiten Suche

Anfälligkeitssuche		Suche in 61204 CVE Beschreibungen und 32582 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.51008

Kategorie: Red Hat Local Security Checks

Titel: RedHat Security Advisory RHSA-2003:289

Zusammenfassung: Redhat Security Advisory RHSA-2003:289

Beschreibung:
The remote host is missing updates announced in
advisory RHSA-2003:289.

XFree86 is an implementation of the X Window System providing the core
graphical user interface and video drivers. XDM is the X display manager.

Multiple integer overflows in the transfer and enumeration of font
libraries in XFree86 allow local or remote attackers to cause a denial of
service or execute arbitrary code via heap-based and stack-based buffer
overflow attacks. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CVE-2003-0730 to this issue.

The risk to users from this vulnerability is limited because only clients
can be affected by these bugs, however in some (non-default)
configurations, both xfs and the X Server can act as clients
to remote font servers.

XDM does not verify whether the pam_setcred function call succeeds, which
may allow attackers to gain root privileges by triggering error conditions
within PAM modules, as demonstrated in certain configurations of the
pam_krb5 module. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CVE-2003-0690 to this issue.

Users are advised to upgrade to these updated XFree86 4.1.0 packages, which
contain backported security patches and are not vulnerable to these issues.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2003-289.html

Risk factor : Critical

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2003-0690
http://cert.uni-stuttgart.de/archive/suse/security/2002/12/msg00101.html
Bugtraq: 20030916 [KDE SECURITY ADVISORY] KDM vulnerabilities (Google Search)
http://marc.theaimsgroup.com/?l=bugtraq&m=106374551513499&w=2
Debian Security Information: DSA-388 (Google Search)
http://www.debian.org/security/2003/dsa-388
Debian Security Information: DSA-443 (Google Search)
http://www.debian.org/security/2004/dsa-443
http://www.mandriva.com/security/advisories?name=MDKSA-2003:091
http://www.redhat.com/support/errata/RHSA-2003-270.html
http://www.redhat.com/support/errata/RHSA-2003-286.html
http://www.redhat.com/support/errata/RHSA-2003-289.html
Conectiva Linux advisory: CLA-2003:747
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000747
http://www.redhat.com/support/errata/RHSA-2003-287.html
http://www.redhat.com/support/errata/RHSA-2003-288.html
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:193
Common Vulnerability Exposure (CVE) ID: CVE-2003-0730
Bugtraq: 20030830 Multiple integer overflows in XFree86 (local/remote) (Google Search)
http://marc.theaimsgroup.com/?l=bugtraq&m=106229335312429&w=2
Conectiva Linux advisory: CLA-2004:821
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000821
Debian Security Information: DSA-380 (Google Search)
http://www.debian.org/security/2003/dsa-380
http://www.mandriva.com/security/advisories?name=MDKSA-2003:089
NETBSD Security Advisory: NetBSD-SA2003-015
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-015.txt.asc
SGI Security Advisory: 20031101-01-U
ftp://patches.sgi.com/support/free/security/advisories/20031101-01-U.asc
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102803-1
BugTraq ID: 8514
http://www.securityfocus.com/bid/8514
http://www.vupen.com/english/advisories/2007/0589
http://secunia.com/advisories/24168
http://secunia.com/advisories/24247

Copyright Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Dies ist nur einer von 32582 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Registrierung eines neuen Benutzers
Email:

Benutzerkennung:

Passwort:

Bitte schicken Sie mir den monatlichen Newsletter, der mich über die neuesten Services, Verbesserungen und Umfragen informiert.

Bitte schicken Sie mir eine Anfälligkeitstest Benachrichtigung, wenn ein neuer Test hinzugefügt wird.

Datenschutz

Anmeldung für registrierte Benutzer

Benutzerkennung:

Passwort:

Benutzerkennung oder Passwort vergessen?

Email/Benutzerkennung:

Test Kennung:	1.3.6.1.4.1.25623.1.0.51008
Kategorie:	Red Hat Local Security Checks
Titel:	RedHat Security Advisory RHSA-2003:289
Zusammenfassung:	Redhat Security Advisory RHSA-2003:289
Beschreibung:	The remote host is missing updates announced in advisory RHSA-2003:289. XFree86 is an implementation of the X Window System providing the core graphical user interface and video drivers. XDM is the X display manager. Multiple integer overflows in the transfer and enumeration of font libraries in XFree86 allow local or remote attackers to cause a denial of service or execute arbitrary code via heap-based and stack-based buffer overflow attacks. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2003-0730 to this issue. The risk to users from this vulnerability is limited because only clients can be affected by these bugs, however in some (non-default) configurations, both xfs and the X Server can act as clients to remote font servers. XDM does not verify whether the pam_setcred function call succeeds, which may allow attackers to gain root privileges by triggering error conditions within PAM modules, as demonstrated in certain configurations of the pam_krb5 module. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2003-0690 to this issue. Users are advised to upgrade to these updated XFree86 4.1.0 packages, which contain backported security patches and are not vulnerable to these issues. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2003-289.html Risk factor : Critical
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2003-0690 http://cert.uni-stuttgart.de/archive/suse/security/2002/12/msg00101.html Bugtraq: 20030916 [KDE SECURITY ADVISORY] KDM vulnerabilities (Google Search) http://marc.theaimsgroup.com/?l=bugtraq&m=106374551513499&w=2 Debian Security Information: DSA-388 (Google Search) http://www.debian.org/security/2003/dsa-388 Debian Security Information: DSA-443 (Google Search) http://www.debian.org/security/2004/dsa-443 http://www.mandriva.com/security/advisories?name=MDKSA-2003:091 http://www.redhat.com/support/errata/RHSA-2003-270.html http://www.redhat.com/support/errata/RHSA-2003-286.html http://www.redhat.com/support/errata/RHSA-2003-289.html Conectiva Linux advisory: CLA-2003:747 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000747 http://www.redhat.com/support/errata/RHSA-2003-287.html http://www.redhat.com/support/errata/RHSA-2003-288.html http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:193 Common Vulnerability Exposure (CVE) ID: CVE-2003-0730 Bugtraq: 20030830 Multiple integer overflows in XFree86 (local/remote) (Google Search) http://marc.theaimsgroup.com/?l=bugtraq&m=106229335312429&w=2 Conectiva Linux advisory: CLA-2004:821 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000821 Debian Security Information: DSA-380 (Google Search) http://www.debian.org/security/2003/dsa-380 http://www.mandriva.com/security/advisories?name=MDKSA-2003:089 NETBSD Security Advisory: NetBSD-SA2003-015 ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-015.txt.asc SGI Security Advisory: 20031101-01-U ftp://patches.sgi.com/support/free/security/advisories/20031101-01-U.asc http://sunsolve.sun.com/search/document.do?assetkey=1-26-102803-1 BugTraq ID: 8514 http://www.securityfocus.com/bid/8514 http://www.vupen.com/english/advisories/2007/0589 http://secunia.com/advisories/24168 http://secunia.com/advisories/24247
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com