Conectiva Local Security Checks : Conectiva Security Advisory CLA-2003:762

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 145615 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.51470

Kategorie: Conectiva Local Security Checks

Titel: Conectiva Security Advisory CLA-2003:762

Zusammenfassung: NOSUMMARY

Beschreibung: Description:

The remote host is missing updates announced in
advisory CLA-2003:762.

The GNU C Library (glibc)[1] is the standard library used by almost
any program in a common GNU/Linux system.

This glibc update includes the fix for a local vulnerability and new
timezone maps adjusted for the brazilian daylight saving time
2003/2004 schedule:

- Local vulnerability in the getgrouplist() function.
There is a buffer overflow in the getgrouplist() which can be
triggered when an user belongs to a number of groups larger than the
one expected by the application. The consequences of the exploitation
of this vulnerability vary accordingly to the application being
exploited and the scenario where it is running. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned
the name CVE-2003-0689 to this issue[2].

- Brazilian daylight saving time (summer time) update.
On September 24th, 2003 the dates when daylight saving time will
begin and end have finally been published[3] (less than 30 days of
advance notice). These dates have been inserted in the zoneinfo data
of glibc. Historically the dates on which the daylight saving time
starts and ends have always been chosen from year to year and are
seldom the same.

The packages for Conectiva Linux 9 include the latest stable version
of glibc (2.3.2), which includes several bugfixes and enhancements
when compared to the originally distributed version (2.3.1). The
details of these changes can be obtained in the project page[4].

Conectiva Linux 7.0 is not subject to the getgroupslist()
vulnerability and will have a separate update for the daylight saving
time issue available in our updates page[5].

Solution:
The apt tool can be used to perform RPM package upgrades
by running 'apt-get update' followed by 'apt-get upgrade'

http://www.gnu.org/software/libc/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0689
http://www.gnu.org/software/libc/#CurrentStatus
http://distro.conectiva.com.br/atualizacoes/index.php?id=d&distro=000014
http://www.securityspace.com/smysecure/catid.html?in=CLA-2003:762
http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=002003

Risk factor : High

CVSS Score:
7.5

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2003-0689
http://www.redhat.com/support/errata/RHSA-2003-249.html
http://www.redhat.com/support/errata/RHSA-2003-325.html

Copyright Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.51470
Kategorie:	Conectiva Local Security Checks
Titel:	Conectiva Security Advisory CLA-2003:762
Zusammenfassung:	NOSUMMARY
Beschreibung:	Description: The remote host is missing updates announced in advisory CLA-2003:762. The GNU C Library (glibc)[1] is the standard library used by almost any program in a common GNU/Linux system. This glibc update includes the fix for a local vulnerability and new timezone maps adjusted for the brazilian daylight saving time 2003/2004 schedule: - Local vulnerability in the getgrouplist() function. There is a buffer overflow in the getgrouplist() which can be triggered when an user belongs to a number of groups larger than the one expected by the application. The consequences of the exploitation of this vulnerability vary accordingly to the application being exploited and the scenario where it is running. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2003-0689 to this issue[2]. - Brazilian daylight saving time (summer time) update. On September 24th, 2003 the dates when daylight saving time will begin and end have finally been published[3] (less than 30 days of advance notice). These dates have been inserted in the zoneinfo data of glibc. Historically the dates on which the daylight saving time starts and ends have always been chosen from year to year and are seldom the same. The packages for Conectiva Linux 9 include the latest stable version of glibc (2.3.2), which includes several bugfixes and enhancements when compared to the originally distributed version (2.3.1). The details of these changes can be obtained in the project page[4]. Conectiva Linux 7.0 is not subject to the getgroupslist() vulnerability and will have a separate update for the daylight saving time issue available in our updates page[5]. Solution: The apt tool can be used to perform RPM package upgrades by running 'apt-get update' followed by 'apt-get upgrade' http://www.gnu.org/software/libc/ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0689 http://www.gnu.org/software/libc/#CurrentStatus http://distro.conectiva.com.br/atualizacoes/index.php?id=d&distro=000014 http://www.securityspace.com/smysecure/catid.html?in=CLA-2003:762 http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=002003 Risk factor : High CVSS Score: 7.5
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2003-0689 http://www.redhat.com/support/errata/RHSA-2003-249.html http://www.redhat.com/support/errata/RHSA-2003-325.html
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com