 |
Startseite ▼ Bookkeeping
Online ▼ Sicherheits
Überprüfungs ▼
Verwaltetes
DNS ▼
Info
Bestellen/Erneuern
FAQ
AUP
Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password Netzwerk
Überwachung ▼
Enterprise
Erweiterte
Standard
Gratis Test
FAQ
Preis/Funktionszusammenfassung
Bestellen
Beispiele
Konfigurieren/Status Alarm Profile | ||
| Test Kennung: | 1.3.6.1.4.1.25623.1.0.902477 |
| Kategorie: | RPC |
| Titel: | CDE ToolTalk RPC Database Server Multiple Vulnerabilities |
| Zusammenfassung: | the CDE ToolTalk Database Server is prone to multiple vulnerabilities. |
| Beschreibung: | Summary: the CDE ToolTalk Database Server is prone to multiple vulnerabilities. Vulnerability Insight: Multiple flaws are due to: - an error in the handling symbolic link. The server does not check to ensure that it is not a symbolic link. If an attacker creates a symbolic link on the filesystem with the path/filename of the logfile, transaction data will be written to the destination file as root. - no available checks to restrict the range of the index value. Consequently, malicious file descriptor values supplied by remote clients may cause writes to occur far beyond the table in memory. The only value written is a NULL word, limiting the consequences. Vulnerability Impact: Successful exploitation could allow attackers to remotely deleting arbitrary files and creating arbitrary directory entries. Further, attackers might be able to crash the ToolTalk RPC database server, denying service to legitimate users. Affected Software/OS: CDE ToolTalk RPC database server. Solution: Apply the patch from the referenced advisory. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P |
| Querverweis: |
Common Vulnerability Exposure (CVE) ID: CVE-2002-0677 Bugtraq: 20020710 [CORE-20020528] Multiple vulnerabilities in ToolTalk Database server (Google Search) http://marc.info/?l=bugtraq&m=102635906423617&w=2 Caldera Security Advisory: CSSA-2002-SCO.28 ftp://ftp.caldera.com/pub/updates/OpenUNIX/CSSA-2002-SCO.28/CSSA-2002-SCO.28.txt http://www.cert.org/advisories/CA-2002-20.html CERT/CC vulnerability note: VU#975403 http://www.kb.cert.org/vuls/id/975403 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1099 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A91 SGI Security Advisory: 20021102-02-P ftp://patches.sgi.com/support/free/security/advisories/20021102-02-P Common Vulnerability Exposure (CVE) ID: CVE-2002-0678 AIX APAR: IY32368 http://archives.neohapsis.com/archives/aix/2002-q3/0002.html AIX APAR: IY32370 BugTraq ID: 5083 http://www.securityfocus.com/bid/5083 CERT/CC vulnerability note: VU#299816 http://www.kb.cert.org/vuls/id/299816 HPdes Security Advisory: HPSBUX0207-199 http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX0207-199 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A175 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2770 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A80 SGI Security Advisory: 20021101-01-P ftp://patches.sgi.com/support/free/security/advisories/20021101-01-P http://www.iss.net/security_center/static/9527.php |
| Copyright | Copyright (C) 2011 Greenbone AG |
| Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten. |