 |
Startseite ▼ Bookkeeping
Online ▼ Sicherheits
Überprüfungs ▼
Verwaltetes
DNS ▼
Info
Bestellen/Erneuern
FAQ
AUP
Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password Netzwerk
Überwachung ▼
Enterprise
Erweiterte
Standard
Gratis Test
FAQ
Preis/Funktionszusammenfassung
Bestellen
Beispiele
Konfigurieren/Status Alarm Profile | ||
| Test Kennung: | 1.3.6.1.4.1.25623.1.0.52893 |
| Kategorie: | Turbolinux Local Security Tests |
| Titel: | Turbolinux TLSA-2004-20 (rsync) |
| Zusammenfassung: | NOSUMMARY |
| Beschreibung: | Description: The remote host is missing an update to rsync announced via advisory TLSA-2004-20. rsync uses the rsync algorithm which provides a very fast method for bringing remote files into sync. It does this by sending just the differences in files across a link, without requiring that both sets of files be present at one of the ends of the beforehand. A vulnerability has been discovered in rsync in the sanitize_path function in file util.c which allows attackers to read and/or write certain files when chroot is disabled. The remote attackers may be able to read and write the file which cannot be read and write. Solution: Please use the turbopkg (zabom) tool to apply the update. http://www.securityspace.com/smysecure/catid.html?in=TLSA-2004-20 Risk factor : High CVSS Score: 6.4 |
| Querverweis: |
Common Vulnerability Exposure (CVE) ID: CVE-2004-0792 Bugtraq: 20040816 TSSA-2004-020-ES - rsync (Google Search) http://marc.info/?l=bugtraq&m=109268147522290&w=2 Bugtraq: 20040817 LNSA-#2004-0017: rsync (Aug, 17 2004) (Google Search) http://marc.info/?l=bugtraq&m=109277141223839&w=2 Debian Security Information: DSA-538 (Google Search) http://www.debian.org/security/2004/dsa-538 http://www.gentoo.org/security/en/glsa/glsa-200408-17.xml http://www.mandriva.com/security/advisories?name=MDKSA-2004:083 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10561 SuSE Security Announcement: SUSE-SA:2004:026 (Google Search) http://www.novell.com/linux/security/advisories/2004_26_rsync.html http://www.trustix.net/errata/2004/0042/ |
| Copyright | Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com |
| Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten. |