Trustix Local Security Checks : Trustix Security Advisory TSLSA-2005-0013 (cvs)

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 145615 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.54311

Kategorie: Trustix Local Security Checks

Titel: Trustix Security Advisory TSLSA-2005-0013 (cvs)

Zusammenfassung: NOSUMMARY

Beschreibung: Description:

The remote host is missing updates announced in
advisory TSLSA-2005-0013.

From the NEWS file:
- Thanks to a report from Alen Zukich , several
minor security issues have been addressed. One was a buffer overflow
that is potentially serious but which may not be exploitable, assigned
CVE-2005-0753 by the Common Vulnerabilities and Exposures Project
<http://www.cve.mitre.org>. Other fixes resulting from Alen's report
include repair of an arbitrary free with no known exploit and several
plugged memory leaks and potentially freed NULL pointers which may have
been exploitable for a denial of service attack.

- Thanks to a report from Craig Monson , minor
potential vulnerabilities in the contributed Perl scripts have been
fixed. The confirmed vulnerability could allow the execution of
arbitrary code on the CVS server, but only if a user already had
commit access and if one of the contrib scripts was installed
improperly, a condition which should have been quickly visible to
any administrator. The complete description of the problem is here:
. If you were
making use of any of the contributed trigger scripts on a CVS server,
you should probably still replace them with the new versions, to be
on the safe side.

Solution:
Update your system with the packages as indicated in
the referenced security advisory.

http://www.securityspace.com/smysecure/catid.html?in=TSLSA-2005-0013

Risk factor : High

CVSS Score:
7.5

Querverweis: BugTraq ID: 13217
Common Vulnerability Exposure (CVE) ID: CVE-2005-0753
14976
http://secunia.com/advisories/14976/
DSA-742
http://www.debian.org/security/2005/dsa-742
GLSA-200504-16
http://www.gentoo.org/security/en/glsa/glsa-200504-16.xml
RHSA-2005:387
http://www.redhat.com/support/errata/RHSA-2005-387.html
SUSE-SA:2005:024
http://www.novell.com/linux/security/advisories/2005_24_cvs.html
cvs-bo(20148)
https://exchange.xforce.ibmcloud.com/vulnerabilities/20148
http://bugs.gentoo.org/attachment.cgi?id=54352&action=view
oval:org.mitre.oval:def:9688
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9688

Copyright Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.54311
Kategorie:	Trustix Local Security Checks
Titel:	Trustix Security Advisory TSLSA-2005-0013 (cvs)
Zusammenfassung:	NOSUMMARY
Beschreibung:	Description: The remote host is missing updates announced in advisory TSLSA-2005-0013. From the NEWS file: - Thanks to a report from Alen Zukich , several minor security issues have been addressed. One was a buffer overflow that is potentially serious but which may not be exploitable, assigned CVE-2005-0753 by the Common Vulnerabilities and Exposures Project <http://www.cve.mitre.org>. Other fixes resulting from Alen's report include repair of an arbitrary free with no known exploit and several plugged memory leaks and potentially freed NULL pointers which may have been exploitable for a denial of service attack. - Thanks to a report from Craig Monson , minor potential vulnerabilities in the contributed Perl scripts have been fixed. The confirmed vulnerability could allow the execution of arbitrary code on the CVS server, but only if a user already had commit access and if one of the contrib scripts was installed improperly, a condition which should have been quickly visible to any administrator. The complete description of the problem is here: . If you were making use of any of the contributed trigger scripts on a CVS server, you should probably still replace them with the new versions, to be on the safe side. Solution: Update your system with the packages as indicated in the referenced security advisory. http://www.securityspace.com/smysecure/catid.html?in=TSLSA-2005-0013 Risk factor : High CVSS Score: 7.5
Querverweis:	BugTraq ID: 13217 Common Vulnerability Exposure (CVE) ID: CVE-2005-0753 14976 http://secunia.com/advisories/14976/ DSA-742 http://www.debian.org/security/2005/dsa-742 GLSA-200504-16 http://www.gentoo.org/security/en/glsa/glsa-200504-16.xml RHSA-2005:387 http://www.redhat.com/support/errata/RHSA-2005-387.html SUSE-SA:2005:024 http://www.novell.com/linux/security/advisories/2005_24_cvs.html cvs-bo(20148) https://exchange.xforce.ibmcloud.com/vulnerabilities/20148 http://bugs.gentoo.org/attachment.cgi?id=54352&action=view oval:org.mitre.oval:def:9688 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9688
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com