ID de Prueba:	1.3.6.1.4.1.25623.1.0.50956
Categoría:	Red Hat Local Security Checks
Título:	RedHat Security Advisory RHSA-2003:399
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory RHSA-2003:399. rsync is a program for sychronizing files over the network. A heap overflow bug exists in rsync versions prior to 2.5.7. On machines where the rsync server has been enabled, a remote attacker could use this flaw to execute arbitrary code as an unprivileged user. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2003-0962 to this issue. All users should upgrade to these erratum packages containing version 2.5.7 of rsync, which is not vulnerable to this issue. NOTE: The rsync server is disabled (off) by default in Red Hat Enterprise Linux. To check if the rsync server has been enabled (on), run the following command: /sbin/chkconfig --list rsync If the rsync server has been enabled but is not required, it can be disabled by running the following command as root: /sbin/chkconfig rsync off Red Hat would like to thank the rsync team for their rapid response and quick fix for this issue. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2003-399.html http://rsync.samba.org/ Risk factor : High CVSS Score: 7.5
Referencia Cruzada:	BugTraq ID: 9153 Common Vulnerability Exposure (CVE) ID: CVE-2003-0962 http://www.securityfocus.com/bid/9153 Bugtraq: 20031204 GLSA: exploitable heap overflow in rsync (200312-03) (Google Search) http://marc.info/?l=bugtraq&m=107056923528423&w=2 Bugtraq: 20031204 [OpenPKG-SA-2003.051] OpenPKG Security Advisory (rsync) (Google Search) http://marc.info/?l=bugtraq&m=107055702911867&w=2 Bugtraq: 20031204 rsync security advisory (fwd) (Google Search) http://marc.info/?l=bugtraq&m=107055681311602&w=2 CERT/CC vulnerability note: VU#325603 http://www.kb.cert.org/vuls/id/325603 Conectiva Linux advisory: CLA-2003:794 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000794 Debian Security Information: DSA-404 (Google Search) En Garde Linux Advisory: ESA-20031204-032 Immunix Linux Advisory: IMNX-2003-73-001-01 http://www.mandriva.com/security/advisories?name=MDKSA-2003:111 http://www.osvdb.org/2898 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9415 http://www.redhat.com/support/errata/RHSA-2003-398.html http://secunia.com/advisories/10353 http://secunia.com/advisories/10354 http://secunia.com/advisories/10355 http://secunia.com/advisories/10356 http://secunia.com/advisories/10357 http://secunia.com/advisories/10358 http://secunia.com/advisories/10359 http://secunia.com/advisories/10360 http://secunia.com/advisories/10361 http://secunia.com/advisories/10362 http://secunia.com/advisories/10363 http://secunia.com/advisories/10364 http://secunia.com/advisories/10378 http://secunia.com/advisories/10474 SGI Security Advisory: 20031202-01-U ftp://patches.sgi.com/support/free/security/advisories/20031202-01-U SuSE Security Announcement: SuSE-SA:2003:050 (Google Search) http://marc.info/?l=bugtraq&m=107055684711629&w=2 XForce ISS Database: linux-rsync-heap-overflow(13899) https://exchange.xforce.ibmcloud.com/vulnerabilities/13899
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.