Test Kennung:	1.3.6.1.4.1.25623.1.0.53928
Kategorie:	Slackware Local Security Checks
Titel:	Slackware: Security Advisory (SSA:2004-140-01)
Zusammenfassung:	The remote host is missing an update for the 'cvs' package(s) announced via the SSA:2004-140-01 advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'cvs' package(s) announced via the SSA:2004-140-01 advisory. Vulnerability Insight: New cvs packages are available for Slackware 8.1, 9.0, 9.1, and -current to fix a buffer overflow vulnerability which could allow an attacker to run arbitrary programs on the CVS server. Sites running a CVS server should upgrade to the new CVS package right away. More details about this issue may be found in the Common Vulnerabilities and Exposures (CVE) database: [link moved to references] Here are the details from the Slackware 9.1 ChangeLog: +--------------------------+ Wed May 19 14:16:32 PDT 2004 patches/packages/cvs-1.11.16-i486-1.tgz: Upgraded to cvs-1.11.16. From the NEWS file: A potential buffer overflow vulnerability in the server has been fixed. Prior to this patch, a malicious client could potentially use carefully crafted server requests to run arbitrary programs on the CVS server machine. For more details, see: [link moved to references] (* Security fix *) +--------------------------+ Affected Software/OS: 'cvs' package(s) on Slackware 8.1, Slackware 9.0, Slackware 9.1, Slackware current. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2004-0396 BugTraq ID: 10384 http://www.securityfocus.com/bid/10384 Bugtraq: 20040519 Advisory 07/2004: CVS remote vulnerability (Google Search) http://cert.uni-stuttgart.de/archive/bugtraq/2004/05/msg00219.html http://marc.info/?l=bugtraq&m=108498454829020&w=2 Bugtraq: 20040519 [OpenPKG-SA-2004.022] OpenPKG Security Advisory (cvs) (Google Search) http://marc.info/?l=bugtraq&m=108500040719512&w=2 Cert/CC Advisory: TA04-147A http://www.us-cert.gov/cas/techalerts/TA04-147A.html CERT/CC vulnerability note: VU#192038 http://www.kb.cert.org/vuls/id/192038 Computer Incident Advisory Center Bulletin: O-147 http://www.ciac.org/ciac/bulletins/o-147.shtml Debian Security Information: DSA-505 (Google Search) http://www.debian.org/security/2004/dsa-505 http://marc.info/?l=bugtraq&m=108636445031613&w=2 FreeBSD Security Advisory: FreeBSD-SA-04:10 ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:10.cvs.asc http://archives.neohapsis.com/archives/fulldisclosure/2004-05/0980.html http://security.gentoo.org/glsa/glsa-200405-12.xml http://www.mandriva.com/security/advisories?name=MDKSA-2004:048 http://security.e-matters.de/advisories/072004.html NETBSD Security Advisory: NetBSD-SA2004-008 ftp://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2004-008.txt.asc OpenBSD Security Advisory: 20040520 cvs server buffer overflow vulnerability http://marc.info/?l=openbsd-security-announce&m=108508894405639&w=2 http://www.osvdb.org/6305 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9058 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A970 http://www.redhat.com/support/errata/RHSA-2004-190.html http://secunia.com/advisories/11641 http://secunia.com/advisories/11647 http://secunia.com/advisories/11651 http://secunia.com/advisories/11652 http://secunia.com/advisories/11674 http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.395865 SuSE Security Announcement: SuSE-SA:2004:013 (Google Search) http://lists.grok.org.uk/pipermail/full-disclosure/2004-May/021742.html XForce ISS Database: cvs-entry-line-bo(16193) https://exchange.xforce.ibmcloud.com/vulnerabilities/16193
Copyright	Copyright (C) 2012 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.