Test Kennung:	1.3.6.1.4.1.25623.1.1.10.2017.0263
Kategorie:	Mageia Linux Local Security Checks
Titel:	Mageia: Security Advisory (MGASA-2017-0263)
Zusammenfassung:	The remote host is missing an update for the 'supervisor' package(s) announced via the MGASA-2017-0263 advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'supervisor' package(s) announced via the MGASA-2017-0263 advisory. Vulnerability Insight: A vulnerability has been found where an authenticated client can send a malicious XML-RPC request to supervisord that will run arbitrary shell commands on the server. The commands will be run as the same user as supervisord. Depending on how supervisord has been configured, this may be root (CVE-2017-11610). Affected Software/OS: 'supervisor' package(s) on Mageia 5, Mageia 6. Solution: Please install the updated package(s). CVSS Score: 9.0 CVSS Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2017-11610 Debian Security Information: DSA-3942 (Google Search) http://www.debian.org/security/2017/dsa-3942 https://www.exploit-db.com/exploits/42779/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4GMSCGMM477N64Z3BM34RWYBGSLK466B/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JXGWOJNSWWK2TTWQJZJUP66FLFIWDMBQ/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DTPDZV4ZRICDYAYZVUHSYZAYDLRMG2IM/ https://security.gentoo.org/glsa/201709-06 RedHat Security Advisories: RHSA-2017:3005 https://access.redhat.com/errata/RHSA-2017:3005
Copyright	Copyright (C) 2022 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.