Test Kennung:	1.3.6.1.4.1.25623.1.0.51374
Kategorie:	Conectiva Local Security Checks
Titel:	Conectiva Security Advisory CLA-2004:881
Zusammenfassung:	NOSUMMARY
Beschreibung:	Description: The remote host is missing updates announced in advisory CLA-2004:881. rsync[1] is a program used mainly to mirror files between remote sites. rsync before 2.6.1 does not properly sanitize paths[2] when running a read and write daemon without using chroot. This could allow a remote attacker to write files outside of the rsync directory, depending on rsync's daemon privileges. Also, rsync prior to version 2.6.3 has another path sanitization vulnerability[3]. This issue could allow a remote attacker to read or write files outside of the rsync directory. This vulnerability is only exploitable when an rsync daemon is running and not within a chroot, which is not the default configuration. Solution: The apt tool can be used to perform RPM package upgrades by running 'apt-get update' followed by 'apt-get upgrade' http://rsync.samba.org/ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0426 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0792 http://www.securityspace.com/smysecure/catid.html?in=CLA-2004:881 http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=002004 Risk factor : High CVSS Score: 6.4
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2004-0426 BugTraq ID: 10247 http://www.securityfocus.com/bid/10247 Bugtraq: 20040521 [OpenPKG-SA-2004.025] OpenPKG Security Advisory (rsync) (Google Search) http://marc.info/?l=bugtraq&m=108515912212018&w=2 Computer Incident Advisory Center Bulletin: O-134 http://www.ciac.org/ciac/bulletins/o-134.shtml Computer Incident Advisory Center Bulletin: O-212 http://www.ciac.org/ciac/bulletins/o-212.shtml Debian Security Information: DSA-499 (Google Search) http://www.debian.org/security/2004/dsa-499 http://www.gentoo.org/security/en/glsa/glsa-200407-10.xml http://www.mandriva.com/security/advisories?name=MDKSA-2004:042 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9495 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A967 http://www.redhat.com/support/errata/RHSA-2004-192.html http://secunia.com/advisories/11514 http://secunia.com/advisories/11515 http://secunia.com/advisories/11523 http://secunia.com/advisories/11537 http://secunia.com/advisories/11583 http://secunia.com/advisories/11669 http://secunia.com/advisories/11688 http://secunia.com/advisories/11993 http://secunia.com/advisories/12054 http://www.slackware.org/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.403462 http://www.trustix.net/errata/misc/2004/TSL-2004-0024-rsync.asc.txt XForce ISS Database: rsync-write-files(16014) https://exchange.xforce.ibmcloud.com/vulnerabilities/16014 Common Vulnerability Exposure (CVE) ID: CVE-2004-0792 Bugtraq: 20040816 TSSA-2004-020-ES - rsync (Google Search) http://marc.info/?l=bugtraq&m=109268147522290&w=2 Bugtraq: 20040817 LNSA-#2004-0017: rsync (Aug, 17 2004) (Google Search) http://marc.info/?l=bugtraq&m=109277141223839&w=2 Debian Security Information: DSA-538 (Google Search) http://www.debian.org/security/2004/dsa-538 http://www.gentoo.org/security/en/glsa/glsa-200408-17.xml http://www.mandriva.com/security/advisories?name=MDKSA-2004:083 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10561 SuSE Security Announcement: SUSE-SA:2004:026 (Google Search) http://www.novell.com/linux/security/advisories/2004_26_rsync.html http://www.trustix.net/errata/2004/0042/
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.