Slackware Local Security Checks : Slackware: Security Advisory (SSA:2003-141-06a)

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 145615 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.53894

Kategorie: Slackware Local Security Checks

Titel: Slackware: Security Advisory (SSA:2003-141-06a)

Zusammenfassung: The remote host is missing an update for the 'quotacheck' package(s) announced via the SSA:2003-141-06a advisory.

Beschreibung: Summary:
The remote host is missing an update for the 'quotacheck' package(s) announced via the SSA:2003-141-06a advisory.

Vulnerability Insight:
NOTE: The original advisory quotes a section of the Slackware ChangeLog
which had inadvertently reversed the options to quotacheck. The correct
option to use is 'm'. A corrected advisory follows:

An upgraded sysvinit package is available which fixes a problem with
the use of quotacheck in /etc/rc.d/rc.M. The original version of
rc.M calls quotacheck like this:

echo 'Checking filesystem quotas: /sbin/quotacheck -avugM'
/sbin/quotacheck -avugM

The 'M' option is wrong. This causes the filesystem to be remounted,
and in the process any mount flags such as nosuid, nodev, noexec,
and the like, will be reset. The correct option to use here is 'm',
which does not attempt to remount the partition:

echo 'Checking filesystem quotas: /sbin/quotacheck -avugm'
/sbin/quotacheck -avugm

We recommend sites using file system quotas upgrade to this new package,
or edit /etc/rc.d/rc.M accordingly.

Here are the details from the Slackware 9.0 ChangeLog:
+--------------------------+
Tue May 20 20:13:09 PDT 2003
patches/packages/sysvinit-2.84-i386-26.tgz: Use option m, not M, for quotacheck.
Otherwise, the partition might be remounted losing flags like nosuid,nodev,
noexec. Thanks to Jem Berkes for pointing this out.
(* Security fix *)
+--------------------------+

Affected Software/OS:
'quotacheck' package(s) on Slackware 9.0.

Solution:
Please install the updated package(s).

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:N

Copyright Copyright (C) 2012 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.53894
Kategorie:	Slackware Local Security Checks
Titel:	Slackware: Security Advisory (SSA:2003-141-06a)
Zusammenfassung:	The remote host is missing an update for the 'quotacheck' package(s) announced via the SSA:2003-141-06a advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'quotacheck' package(s) announced via the SSA:2003-141-06a advisory. Vulnerability Insight: NOTE: The original advisory quotes a section of the Slackware ChangeLog which had inadvertently reversed the options to quotacheck. The correct option to use is 'm'. A corrected advisory follows: An upgraded sysvinit package is available which fixes a problem with the use of quotacheck in /etc/rc.d/rc.M. The original version of rc.M calls quotacheck like this: echo 'Checking filesystem quotas: /sbin/quotacheck -avugM' /sbin/quotacheck -avugM The 'M' option is wrong. This causes the filesystem to be remounted, and in the process any mount flags such as nosuid, nodev, noexec, and the like, will be reset. The correct option to use here is 'm', which does not attempt to remount the partition: echo 'Checking filesystem quotas: /sbin/quotacheck -avugm' /sbin/quotacheck -avugm We recommend sites using file system quotas upgrade to this new package, or edit /etc/rc.d/rc.M accordingly. Here are the details from the Slackware 9.0 ChangeLog: +--------------------------+ Tue May 20 20:13:09 PDT 2003 patches/packages/sysvinit-2.84-i386-26.tgz: Use option m, not M, for quotacheck. Otherwise, the partition might be remounted losing flags like nosuid,nodev, noexec. Thanks to Jem Berkes for pointing this out. (* Security fix *) +--------------------------+ Affected Software/OS: 'quotacheck' package(s) on Slackware 9.0. Solution: Please install the updated package(s). CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Copyright	Copyright (C) 2012 Greenbone AG