Test Kennung:	1.3.6.1.4.1.25623.1.0.51432
Kategorie:	Conectiva Local Security Checks
Titel:	Conectiva Security Advisory CLA-2003:675
Zusammenfassung:	NOSUMMARY
Beschreibung:	Description: The remote host is missing updates announced in advisory CLA-2003:675. ml85p[1] is a printer driver for the Samsung ML-85G and QL85G printer models. iDEFENSE published[2] the following vulnerabilities in some printer related packages, including ml85p: - mtink: this package is not distributed with Conectiva Linux - escputil: the escputil program has a buffer overflow vulnerability in the way it deals with a printer name. Long enough names can be used to execute arbitrary code or crash the program. In Conectiva Linux, escputil is NOT a SGID program, so it is not possible to obtain higher privileges by exploiting this problem, but we are nevertheless including a fix with this update. - ml85p: this is a SUID root program and it creates temporary files in an insecure way, which makes it vulnerable to a race condition exploit. A local attacker could easily guess the name of this file and create a symbolic link to anywhere on the system. If the target exists, it will be overwritten otherwise, it will be created with 0666 permissions (world writable). There is, however, a condition for this to work: the attacker must be able to execute ml85p. By default, it is only executable by root or members of the sys group. Solution: The apt tool can be used to perform RPM package upgrades by running 'apt-get update' followed by 'apt-get upgrade' http://www.securityspace.com/smysecure/catid.html?in=CLA-2003:675 http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=002003 Risk factor : High
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.