ID de Prueba:	1.3.6.1.4.1.25623.1.0.130115
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2015-0262)
Resumen:	The remote host is missing an update for the 'polkit' package(s) announced via the MGASA-2015-0262 advisory.
Descripción:	Summary: The remote host is missing an update for the 'polkit' package(s) announced via the MGASA-2015-0262 advisory. Vulnerability Insight: Local privilege escalation in polkit before 0.113 due to predictable authentication session cookie values (CVE-2015-4625). Various memory corruption vulnerabilities in polkit before 0.113 in the use of the JavaScript interpreter, possibly leading to local privilege escalation (CVE-2015-3256). Memory corruption vulnerability in polkit before 0.113 in handling duplicate action IDs, possibly leading to local privilege escalation (CVE-2015-3255). Denial of service issue in polkit before 0.113 which allowed any local user to crash polkitd (CVE-2015-3218). Affected Software/OS: 'polkit' package(s) on Mageia 4, Mageia 5. Solution: Please install the updated package(s). CVSS Score: 4.6 CVSS Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2015-3218 1035023 http://www.securitytracker.com/id/1035023 76086 http://www.securityfocus.com/bid/76086 FEDORA-2015-11058 http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161721.html FEDORA-2015-11743 http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162294.html USN-3717-1 https://usn.ubuntu.com/3717-1/ [polkit-devel] 20150529 Crash authentication_agent_new with invalid object path in RegisterAuthenticationAgent http://lists.freedesktop.org/archives/polkit-devel/2015-May/000420.html [polkit-devel] 20150630 Crash authentication_agent_new with invalid object path in RegisterAuthenticationAgent http://lists.freedesktop.org/archives/polkit-devel/2015-May/000421.html [polkit-devel] 20150702 polkit-0.113 released http://lists.freedesktop.org/archives/polkit-devel/2015-July/000432.html openSUSE-SU-2015:1734 http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00010.html openSUSE-SU-2015:1927 http://lists.opensuse.org/opensuse-updates/2015-11/msg00042.html Common Vulnerability Exposure (CVE) ID: CVE-2015-3255 GLSA-201611-07 https://security.gentoo.org/glsa/201611-07 USN-3717-2 https://usn.ubuntu.com/3717-2/ https://bugs.freedesktop.org/show_bug.cgi?id=83590 https://bugzilla.redhat.com/show_bug.cgi?id=1245673 Common Vulnerability Exposure (CVE) ID: CVE-2015-3256 77356 http://www.securityfocus.com/bid/77356 RHSA-2016:0189 http://rhn.redhat.com/errata/RHSA-2016-0189.html http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html https://bugzilla.redhat.com/show_bug.cgi?id=1245684 Common Vulnerability Exposure (CVE) ID: CVE-2015-4625 BugTraq ID: 75267 http://www.securityfocus.com/bid/75267 http://www.openwall.com/lists/oss-security/2015/06/08/3 http://www.openwall.com/lists/oss-security/2015/06/09/1 http://www.openwall.com/lists/oss-security/2015/06/16/21 http://lists.freedesktop.org/archives/polkit-devel/2015-May/000419.html http://lists.freedesktop.org/archives/polkit-devel/2015-June/000427.html SuSE Security Announcement: openSUSE-SU-2015:1734 (Google Search) SuSE Security Announcement: openSUSE-SU-2015:1927 (Google Search)
Copyright	Copyright (C) 2015 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.