Test Kennung:	1.3.6.1.4.1.25623.1.0.57713
Kategorie:	Trustix Local Security Checks
Titel:	Trustix Security Advisory TSLSA-2006-0070 (gnupg, proftpd)
Zusammenfassung:	NOSUMMARY
Beschreibung:	Description: The remote host is missing updates announced in advisory TSLSA-2006-0070. gnupg < TSL 3.0 > < TSL 2.2 > < TSEL 2 > - New Upstream. - SECURITY Fix: Tavis Ormandy has reported a vulnerability in GnuPG, caused due to an error within the decryption of malformed OpenPGP messages. This can be exploited to corrupt memory when decrypting a specially crafted OpenPGP message. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2006-6235 to this issue. proftpd < TSL 3.0 > < TSL 2.2 > < TSEL 2 > - New upstream. - SECURITY Fix: Stack-based buffer overflow in the sreplace function allows remote attackers to cause a denial of service, as demonstrated by vd_proftpd.pm, a ProFTPD remote exploit. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2006-5815 to this issue. - NOTE: In November 2006, the role of CommandBufferSize was originally associated with CVE-2006-5815, but this was an error stemming from an initial vague disclosure. Correct CVE: CVE-2006-6171. Solution: Update your system with the packages as indicated in the referenced security advisory. http://www.securityspace.com/smysecure/catid.html?in=TSLSA-2006-0070 Risk factor : Critical CVSS Score: 10.0
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2006-6235 BugTraq ID: 21462 http://www.securityfocus.com/bid/21462 Bugtraq: 20061206 GnuPG: remotely controllable function pointer [CVE-2006-6235] (Google Search) http://www.securityfocus.com/archive/1/453664/100/0/threaded Bugtraq: 20061206 rPSA-2006-0227-1 gnupg (Google Search) http://www.securityfocus.com/archive/1/453723/100/0/threaded CERT/CC vulnerability note: VU#427009 http://www.kb.cert.org/vuls/id/427009 Debian Security Information: DSA-1231 (Google Search) http://www.debian.org/security/2006/dsa-1231 http://security.gentoo.org/glsa/glsa-200612-03.xml http://www.mandriva.com/security/advisories?name=MDKSA-2006:228 http://lists.gnupg.org/pipermail/gnupg-announce/2006q4/000491.html http://www.openpkg.com/security/advisories/OpenPKG-SA-2006.037.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11245 http://www.redhat.com/support/errata/RHSA-2006-0754.html http://securitytracker.com/id?1017349 http://secunia.com/advisories/23245 http://secunia.com/advisories/23250 http://secunia.com/advisories/23255 http://secunia.com/advisories/23259 http://secunia.com/advisories/23269 http://secunia.com/advisories/23284 http://secunia.com/advisories/23290 http://secunia.com/advisories/23299 http://secunia.com/advisories/23303 http://secunia.com/advisories/23329 http://secunia.com/advisories/23335 http://secunia.com/advisories/23513 http://secunia.com/advisories/24047 SGI Security Advisory: 20061201-01-P ftp://patches.sgi.com/support/free/security/advisories/20061201-01-P.asc SuSE Security Announcement: SUSE-SA:2006:075 (Google Search) http://lists.suse.com/archive/suse-security-announce/2006-Dec/0004.html SuSE Security Announcement: SUSE-SR:2006:028 (Google Search) http://www.novell.com/linux/security/advisories/2006_28_sr.html http://www.trustix.org/errata/2006/0070 http://www.ubuntu.com/usn/usn-393-1 http://www.ubuntu.com/usn/usn-393-2 http://www.vupen.com/english/advisories/2006/4881 XForce ISS Database: gnupg-openpgp-code-execution(30711) https://exchange.xforce.ibmcloud.com/vulnerabilities/30711 Common Vulnerability Exposure (CVE) ID: CVE-2006-5815 BugTraq ID: 20992 http://www.securityfocus.com/bid/20992 Bugtraq: 20061127 CVE-2006-5815: remote code execution in ProFTPD (Google Search) http://www.securityfocus.com/archive/1/452760/100/200/threaded Debian Security Information: DSA-1222 (Google Search) http://www.debian.org/security/2006/dsa-1222 http://www.gentoo.org/security/en/glsa/glsa-200611-26.xml http://www.mandriva.com/security/advisories?name=MDKSA-2006:217 http://www.mandriva.com/security/advisories?name=MDKSA-2006:217-1 http://gleg.net/vulndisco_meta.shtml http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.035-proftpd.html http://securitytracker.com/id?1017167 http://secunia.com/advisories/22803 http://secunia.com/advisories/22821 http://secunia.com/advisories/23000 http://secunia.com/advisories/23069 http://secunia.com/advisories/23125 http://secunia.com/advisories/23174 http://secunia.com/advisories/23179 http://secunia.com/advisories/23184 http://secunia.com/advisories/23207 http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.502491 http://www.trustix.org/errata/2006/0066/ http://www.vupen.com/english/advisories/2006/4451 XForce ISS Database: proftpd-code-execution(30147) https://exchange.xforce.ibmcloud.com/vulnerabilities/30147 Common Vulnerability Exposure (CVE) ID: CVE-2006-6171 Debian Security Information: DSA-1218 (Google Search) http://www.debian.org/security/2006/dsa-1218 http://proftp.cvs.sourceforge.net/proftp/proftpd/src/main.c?r1=1.292&r2=1.293&sortby=date http://www.openpkg.com/security/advisories/OpenPKG-SA-2006.035.html
Copyright	Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.