Test Kennung:	1.3.6.1.4.1.25623.1.0.51202
Kategorie:	Red Hat Local Security Checks
Titel:	RedHat Security Advisory RHSA-2003:021
Zusammenfassung:	NOSUMMARY
Beschreibung:	Description: The remote host is missing updates announced in advisory RHSA-2003:021. Updated packages fix a vulnerability found in the Kerberos FTP client distributed with the Red Hat Linux Advanced Server krb5 packages. [Updated 06 Feb 2003] Added fixed packages for Advanced Workstation 2.1. For Advanced Workstation 2.1 these packages also fix CVE-2002-1235 as described in RHSA-2002:250 Kerberos is a network authentication system. A problem has been found in the Kerberos FTP client. When retrieving a file with a name beginning with a pipe character, the FTP client will pass the file name to the command shell in a system() call. This could allow a malicious FTP server to write to files outside of the current directory or execute commands as the user running the FTP client. The Kerberos FTP client runs as the default FTP client when the Kerberos package krb5-workstation is installed on a Red Hat Linux Advanced Server distribution. All users of Kerberos are advised to upgrade to these errata packages which contain a backported patch and are not vulnerable to this issue. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2003-021.html http://www.kb.cert.org/vuls/id/258721 http://marc.theaimsgroup.com/?l=bugtraq&m=87602746719482 http://marc.theaimsgroup.com/?l=bugtraq&m=87602746719527 Risk factor : Critical CVSS Score: 10.0
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2003-0041 http://www.mandriva.com/security/advisories?name=MDKSA-2003:021 http://www.redhat.com/support/errata/RHSA-2003-020.html http://secunia.com/advisories/7979 http://secunia.com/advisories/8114 http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0047.html Common Vulnerability Exposure (CVE) ID: CVE-2002-1235 BugTraq ID: 6024 http://www.securityfocus.com/bid/6024 Bugtraq: 20021023 MITKRB5-SA-2002-002: Buffer overflow in kadmind4 (Google Search) http://marc.info/?l=bugtraq&m=103539530729206&w=2 Bugtraq: 20021026 Updated: MITKRB5-SA-2002-002: Buffer overflow in kadmind4 (Google Search) http://marc.info/?l=bugtraq&m=103564944215101&w=2 Bugtraq: 20021027 KRB5-SORCERER2002-10-27 Security Update (Google Search) http://archives.neohapsis.com/archives/bugtraq/2002-10/0399.html Bugtraq: 20021027 Re: Buffer overflow in kadmind4 (Google Search) http://marc.info/?l=bugtraq&m=103582805330339&w=2 Bugtraq: 20021028 GLSA: krb5 (Google Search) http://marc.info/?l=bugtraq&m=103582517126392&w=2 http://www.cert.org/advisories/CA-2002-29.html CERT/CC vulnerability note: VU#875073 http://www.kb.cert.org/vuls/id/875073 Conectiva Linux advisory: CLA-2002:534 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000534 Debian Security Information: DSA-183 (Google Search) http://www.debian.org/security/2002/dsa-183 Debian Security Information: DSA-184 (Google Search) http://www.debian.org/security/2002/dsa-184 Debian Security Information: DSA-185 (Google Search) http://www.debian.org/security/2002/dsa-185 FreeBSD Security Advisory: FreeBSD-SA-02:40 http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-073.php NETBSD Security Advisory: NetBSD-SA2002-026 ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-026.txt.asc http://www.redhat.com/support/errata/RHSA-2002-242.html http://www.iss.net/security_center/static/10430.php
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.