Test Kennung:	1.3.6.1.4.1.25623.1.0.51572
Kategorie:	Conectiva Local Security Checks
Titel:	Conectiva Security Advisory CLA-2001:409
Zusammenfassung:	NOSUMMARY
Beschreibung:	Description: The remote host is missing updates announced in advisory CLA-2001:409. zen-parse reported [1][2] that the tcl and expect programs were looking for dynamic libraries in unsafe directories. expect searches for dynamic libraries under the world writable /var/tmp directory. An attacker could place fake libraries in that directory and thus have expect (and progams using it, as mkpasswd) execute arbitrary code. A similar problem exists with tcl. This program searches for dynamic libraries in directories under the current directory, which is also an unsafe behaviour. Conectiva Linux 6.0 is vulnerable to both problems, while the 7.0 version is only affected by the last one. Solution: The apt tool can be used to perform RPM package upgrades by running 'apt-get update' followed by 'apt-get upgrade' http://www.securityspace.com/smysecure/catid.html?in=CLA-2001:409 http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000408 Risk factor : High
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.