ID de Prueba:	1.3.6.1.4.1.25623.1.0.131093
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2015-0400)
Resumen:	The remote host is missing an update for the 'roundcubemail' package(s) announced via the MGASA-2015-0400 advisory.
Descripción:	Summary: The remote host is missing an update for the 'roundcubemail' package(s) announced via the MGASA-2015-0400 advisory. Vulnerability Insight: Multiple security issues in the DBMail driver for the password plugin, including buffer overflows (CVE-2015-2181) and the ability for a remote attacker to execute arbitrary shell commands as root (CVE-2015-2180). An authenticated user can download arbitrary files from the web server that the web server process has read access to, by uploading a vCard with a specially crafted POST (CVE-2015-5382). The roundcubemail package has been updated to version 1.0.6, fixing these issues and several other bugs, however the installer is currently known to be broken. Affected Software/OS: 'roundcubemail' package(s) on Mageia 5. Solution: Please install the updated package(s). CVSS Score: 9.0 CVSS Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2015-2180 BugTraq ID: 96387 http://www.securityfocus.com/bid/96387 Common Vulnerability Exposure (CVE) ID: CVE-2015-2181 BugTraq ID: 96391 http://www.securityfocus.com/bid/96391 Common Vulnerability Exposure (CVE) ID: CVE-2015-5382 http://www.openwall.com/lists/oss-security/2015/07/07/2 http://www.openwall.com/lists/oss-security/2015/07/07/3
Copyright	Copyright (C) 2015 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.