English | Deutsch | Español | Português
 Benutzerkennung:
 Passwort:
Registrieren
 About:   Dediziert  | Erweitert  | Standard  | Wiederkehrend  | Risikolos  | Desktop  | Basis  | Einmalig  | Sicherheits Siegel  | FAQ
  Preis/Funktionszusammenfassung  | Bestellen  | Neue Anfälligkeiten  | Vertraulichkeit  | Anfälligkeiten Suche
 Anfälligkeitssuche        Suche in 74154 CVE Beschreibungen
und 39337 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.0.54299
Kategorie:Trustix Local Security Checks
Titel:Trustix Security Advisory TSLSA-2004-0054 (Multiple packages)
Zusammenfassung:Trustix Security Advisory TSLSA-2004-0054 (Multiple packages)
Beschreibung:
The remote host is missing updates announced in
advisory TSLSA-2004-0054.


libtiff:
Chris Evans and Dmitry V. Levin
discovered some security holes in libtiff.

CVE-2004-0803
Chris Evans discovered several problems in the RLE (run length
encoding) decoders that could lead to arbitrary code execution.

CVE-2004-0886
Dmitry V. Levin discovered several integer overflows that caused
malloc issues which can result to either plain crash or memory
corruption.


mysql:
Martin Schulze pointed to several issues that
had been fixed in the upstream mysql source.

CVE-2004-0835
Oleksandr Byelkin noticed that ALTER TABLE ... RENAME checks
CREATE/INSERT rights of the old table instead of the new one.

CVE-2004-0836
Lukasz Wojtow noticed a buffer overrun in the mysql_real_connect
function.

CVE-2004-0837
Dean Ellis noticed that multiple threads ALTERing the same (or
different) MERGE tables to change the UNION can cause the server
to crash or stall.

Issues with no CVE number:

Crash with MATCH..AGAINST (denial of service)
http://bugs.mysql.com/bug.php?id=3870

Privilege Escalation on GRANT ALL ON `Foo\_Bar`
Changelog:
Fixed bug in privilege checking where, under some conditions, one
was able to grant privileges on the database, he has no privileges on.

http://bugs.mysql.com/bug.php?id=3933
http://mysql.bkbits.net:8080/mysql-4.0/patch@1.1844.5.1


squid:
iDefense reported that remote exploitation of a design error in the
SNMP module of Squid Web Proxy Cache may lead to a denial of service.
For a thorough description, see iDEFENSE Security Advisory 10.11.04:
http://www.idefense.com/application/poi/display?id=152&type=vulnerabilities


cyrus-sasl:
A packaging bug in our cyrus-sasl package failed to properly mark
/etc/sysconfig/saslauthd as a config file. This caused the file to be
replaced on package upgrades.

People upgrading this package should backup this file before upgrading.
# cp /etc/sysconfig/saslauthd /etc/sysconfig/saslauthd.bak
# swup --upgrade
# mv /etc/sysconfig/saslauthd.bak /etc/sysconfig/saslauthd



Solution:
Update your system with the packages as indicated in
the referenced security advisory.

http://www.securityspace.com/smysecure/catid.html?in=TSLSA-2004-0054

Risk factor : Critical
Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2004-0803
Bugtraq: 20041013 CESA-2004-006: libtiff (Google Search)
http://marc.theaimsgroup.com/?l=bugtraq&m=109778785107450&w=2
http://scary.beasts.org/security/CESA-2004-006.txt
Conectiva Linux advisory: CLA-2004:888
http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000888
Debian Security Information: DSA-567 (Google Search)
http://www.debian.org/security/2004/dsa-567
http://www.gentoo.org/security/en/glsa/glsa-200410-11.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2004:109
http://www.mandriva.com/security/advisories?name=MDKSA-2005:052
http://www.redhat.com/support/errata/RHSA-2004-577.html
http://www.redhat.com/support/errata/RHSA-2005-354.html
http://www.redhat.com/support/errata/RHSA-2005-021.html
http://sunsolve.sun.com/search/document.do?assetkey=1-26-101677-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-201072-1
SuSE Security Announcement: SUSE-SA:2004:038 (Google Search)
http://www.novell.com/linux/security/advisories/2004_38_libtiff.html
CERT/CC vulnerability note: VU#948752
http://www.kb.cert.org/vuls/id/948752
BugTraq ID: 11406
http://www.securityfocus.com/bid/11406
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:100114
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:8896
http://secunia.com/advisories/12818
XForce ISS Database: libtiff-library-decoding-bo(17703)
http://xforce.iss.net/xforce/xfdb/17703
Common Vulnerability Exposure (CVE) ID: CVE-2004-0886
http://www.trustix.org/errata/2004/0054/
http://marc.theaimsgroup.com/?l=bugtraq&m=109779465621929&w=2
CERT/CC vulnerability note: VU#687568
http://www.kb.cert.org/vuls/id/687568
Computer Incident Advisory Center Bulletin: P-015
http://www.ciac.org/ciac/bulletins/p-015.shtml
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:100116
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9907
http://securitytracker.com/id?1011674
XForce ISS Database: libtiff-bo(17715)
http://xforce.iss.net/xforce/xfdb/17715
Common Vulnerability Exposure (CVE) ID: CVE-2004-0835
Conectiva Linux advisory: CLA-2004:892
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000892
Debian Security Information: DSA-562 (Google Search)
http://www.debian.org/security/2004/dsa-562
http://www.gentoo.org/security/en/glsa/glsa-200410-22.xml
http://www.redhat.com/support/errata/RHSA-2004-597.html
http://www.redhat.com/support/errata/RHSA-2004-611.html
http://sunsolve.sun.com/search/document.do?assetkey=1-26-101864-1
http://bugs.mysql.com/bug.php?id=3270
http://lists.mysql.com/internals/13073
Computer Incident Advisory Center Bulletin: P-018
http://www.ciac.org/ciac/bulletins/p-018.shtml
http://secunia.com/advisories/12783/
http://securitytracker.com/id?1011606
BugTraq ID: 11357
http://www.securityfocus.com/bid/11357
XForce ISS Database: mysql-alter-restriction-bypass(17666)
http://xforce.iss.net/xforce/xfdb/17666
Common Vulnerability Exposure (CVE) ID: CVE-2004-0836
http://bugs.mysql.com/bug.php?id=4017
http://lists.mysql.com/internals/14726
Bugtraq: 20041125 [USN-32-1] mysql vulnerabilities (Google Search)
http://marc.theaimsgroup.com/?l=bugtraq&m=110140517515735&w=2
BugTraq ID: 10981
http://www.securityfocus.com/bid/10981
http://secunia.com/advisories/12305/
XForce ISS Database: mysql-realconnect-bo(17047)
http://xforce.iss.net/xforce/xfdb/17047
Common Vulnerability Exposure (CVE) ID: CVE-2004-0837
http://bugs.mysql.com/2408
http://lists.mysql.com/internals/16168
http://lists.mysql.com/internals/16173
http://lists.mysql.com/internals/16174
http://mysql.bkbits.net:8080/mysql-3.23/diffs/myisammrg/myrg_open.c@1.15
XForce ISS Database: mysql-union-dos(17667)
http://xforce.iss.net/xforce/xfdb/17667
CopyrightCopyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Dies ist nur einer von 39337 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Registrierung eines neuen Benutzers
Email:
Benutzerkennung:
Passwort:
Bitte schicken Sie mir den monatlichen Newsletter, der mich über die neuesten Services, Verbesserungen und Umfragen informiert.
Bitte schicken Sie mir eine Anfälligkeitstest Benachrichtigung, wenn ein neuer Test hinzugefügt wird.
   Datenschutz
Anmeldung für registrierte Benutzer
 
Benutzerkennung:   
Passwort:  

 Benutzerkennung oder Passwort vergessen?
Email/Benutzerkennung:




Startseite | Über uns | Kontakt | Partnerprogramme | Datenschutz | Mailinglisten | Missbrauch
Sicherheits Überprüfungen | Verwaltete DNS | Netzwerk Überwachung | Webseiten Analysator | Internet Recherche Berichte
Web Sonde | Whois

© 1998-2014 E-Soft Inc. Alle Rechte vorbehalten.