 |
Startseite ▼ Bookkeeping
Online ▼ Sicherheits
Überprüfungs ▼
Verwaltetes
DNS ▼
Info
Bestellen/Erneuern
FAQ
AUP
Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password Netzwerk
Überwachung ▼
Enterprise
Erweiterte
Standard
Gratis Test
FAQ
Preis/Funktionszusammenfassung
Bestellen
Beispiele
Konfigurieren/Status Alarm Profile | ||
| Test Kennung: | 1.3.6.1.4.1.25623.1.0.57034 |
| Kategorie: | Slackware Local Security Checks |
| Titel: | Slackware: Security Advisory (SSA:2006-178-03) |
| Zusammenfassung: | The remote host is missing an update for the 'arts' package(s) announced via the SSA:2006-178-03 advisory. |
| Beschreibung: | Summary: The remote host is missing an update for the 'arts' package(s) announced via the SSA:2006-178-03 advisory. Vulnerability Insight: New aRts packages are available for Slackware 10.0, 10.1, 10.2, and -current to fix a possible security issue with artswrapper. The artswrapper program and the artsd daemon can be used to gain root privileges if artswrapper is setuid root and the system is running a 2.6.x kernel. Note that artswrapper is not setuid root on Slackware by default. Some people have recommended setting it that way online though, so it's at least worth warning about. It's far safer to just add users to the audio group. The official KDE security advisory may be found here: [link moved to references] More details about this issue may be found in the Common Vulnerabilities and Exposures (CVE) database: [link moved to references] Here are the details from the Slackware 10.2 ChangeLog: +--------------------------+ patches/packages/arts-1.4.2-i486-2_slack10.2.tgz: Patched to fix a possible exploit if artswrapper is setuid root (which, by default, it is not) and the system is running a 2.6 kernel. Systems running 2.4 kernels are not affected. The official KDE security advisory may be found here: [link moved to references] The CVE entry for this issue may be found here: [link moved to references] (* Security fix *) +--------------------------+ Affected Software/OS: 'arts' package(s) on Slackware 10.0, Slackware 10.1, Slackware 10.2, Slackware current. Solution: Please install the updated package(s). CVSS Score: 6.0 CVSS Vector: AV:L/AC:H/Au:S/C:C/I:C/A:C |
| Querverweis: |
Common Vulnerability Exposure (CVE) ID: CVE-2006-2916 BugTraq ID: 18429 http://www.securityfocus.com/bid/18429 BugTraq ID: 23697 http://www.securityfocus.com/bid/23697 Bugtraq: 20060615 rPSA-2006-0105-1 arts (Google Search) http://www.securityfocus.com/archive/1/437362/100/0/threaded http://www.gentoo.org/security/en/glsa/glsa-200606-22.xml http://security.gentoo.org/glsa/glsa-200704-22.xml http://www.mandriva.com/security/advisories?name=MDKSA-2006:107 http://mail.gnome.org/archives/beast/2006-December/msg00025.html http://www.osvdb.org/26506 http://securitytracker.com/id?1016298 http://secunia.com/advisories/20677 http://secunia.com/advisories/20786 http://secunia.com/advisories/20827 http://secunia.com/advisories/20868 http://secunia.com/advisories/20899 http://secunia.com/advisories/25032 http://secunia.com/advisories/25059 http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.468256 SuSE Security Announcement: SUSE-SR:2006:015 (Google Search) http://www.novell.com/linux/security/advisories/2006_38_security.html http://www.vupen.com/english/advisories/2006/2357 http://www.vupen.com/english/advisories/2007/0409 XForce ISS Database: arts-artwrapper-privilege-escalation(27221) https://exchange.xforce.ibmcloud.com/vulnerabilities/27221 |
| Copyright | Copyright (C) 2012 Greenbone AG |
| Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten. |