Test Kennung:	1.3.6.1.4.1.25623.1.0.57729
Kategorie:	FreeBSD Local Security Checks
Titel:	FreeBSD Ports: sql-ledger
Zusammenfassung:	The remote host is missing an update to the system; as announced in the referenced advisory.
Beschreibung:	Summary: The remote host is missing an update to the system as announced in the referenced advisory. Vulnerability Insight: The following package is affected: sql-ledger CVE-2006-4244 SQL-Ledger 2.4.4 through 2.6.17 authenticates users by verifying that the value of the sql-ledger-[username] cookie matches the value of the sessionid parameter, which allows remote attackers to gain access as any logged-in user by setting the cookie and the parameter to the same value. CVE-2006-4731 Multiple directory traversal vulnerabilities in (1) login.pl and (2) admin.pl in (a) SQL-Ledger before 2.6.19 and (b) LedgerSMB before 1.0.0p1 allow remote attackers to execute arbitrary Perl code via an unspecified terminal parameter value containing ../ (dot dot slash). Solution: Update your system with the appropriate patches or software upgrades. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2006-4244 BugTraq ID: 19758 http://www.securityfocus.com/bid/19758 Bugtraq: 20060830 SQL-Ledger serious security vulnerability and workaround (Google Search) http://www.securityfocus.com/archive/1/444741/100/0/threaded Bugtraq: 20060907 Full Disclosure for SQL-Ledger vulnerability CVE-2006-4244 (Google Search) http://www.securityfocus.com/archive/1/445512 http://secunia.com/advisories/21689 http://securityreason.com/securityalert/1472 XForce ISS Database: sql-ledger-session-unauth-access(28671) https://exchange.xforce.ibmcloud.com/vulnerabilities/28671 Common Vulnerability Exposure (CVE) ID: CVE-2006-4731 BugTraq ID: 19960 http://www.securityfocus.com/bid/19960 Bugtraq: 20060912 LedgerSMB 1.0.0 and SQL-Ledger 2.6.18 and earler arbitrary code execution (Google Search) http://www.securityfocus.com/archive/1/445817/100/0/threaded http://svn.sourceforge.net/viewvc/ledger-smb/trunk/login.pl?r1=53&r2=69 http://secunia.com/advisories/21824 http://secunia.com/advisories/21886 http://securityreason.com/securityalert/1553 http://www.vupen.com/english/advisories/2006/3554 http://www.vupen.com/english/advisories/2006/3555 XForce ISS Database: sqlledger-ledgersmb-terminal-file-include(28885) https://exchange.xforce.ibmcloud.com/vulnerabilities/28885 Common Vulnerability Exposure (CVE) ID: CVE-2006-5872 BugTraq ID: 21634 http://www.securityfocus.com/bid/21634 Bugtraq: 20070127 Full Disclosure: Arbitrary Code Execution in LedgerSMB CVE-2006-5872 (Google Search) http://www.securityfocus.com/archive/1/458300/100/0/threaded Debian Security Information: DSA-1239 (Google Search) http://www.debian.org/security/2006/dsa-1239 http://securitytracker.com/id?1017391 http://secunia.com/advisories/23375 http://secunia.com/advisories/23419 http://www.vupen.com/english/advisories/2006/5043 http://www.vupen.com/english/advisories/2007/0407
Copyright	Copyright (C) 2008 E-Soft Inc.

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.