ID de Prueba:	1.3.6.1.4.1.25623.1.0.51024
Categoría:	Red Hat Local Security Checks
Título:	RedHat Security Advisory RHSA-2003:284
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory RHSA-2003:284. Sendmail is a widely used Mail Transport Agent (MTA) and is included in all Red Hat Enterprise Linux distributions. There is a bug in the prescan() function of Sendmail versions prior to and including 8.12.9. The sucessful exploitation of this bug can lead to heap and stack structure overflows. Although no exploit currently exists, this issue is locally exploitable and may also be remotely exploitable. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2003-0694 to this issue. All users are advised to update to these erratum packages containing a backported patch which corrects these vulnerabilities. Red Hat would like to thank Michal Zalewski for finding and reporting this issue. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2003-284.html Risk factor : Critical CVSS Score: 10.0
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2003-0694 Bugtraq: 20030917 GLSA: sendmail (200309-13) (Google Search) http://marc.info/?l=bugtraq&m=106383437615742&w=2 Bugtraq: 20030917 Sendmail 8.12.9 prescan bug (a new one) [CAN-2003-0694] (Google Search) http://marc.info/?l=bugtraq&m=106381604923204&w=2 Bugtraq: 20030917 [slackware-security] Sendmail vulnerabilities fixed (SSA:2003-260-02) (Google Search) http://marc.info/?l=bugtraq&m=106382859407683&w=2 Bugtraq: 20030919 [OpenPKG-SA-2003.041] OpenPKG Security Advisory (sendmail) (Google Search) http://marc.info/?l=bugtraq&m=106398718909274&w=2 http://www.cert.org/advisories/CA-2003-25.html CERT/CC vulnerability note: VU#784980 http://www.kb.cert.org/vuls/id/784980 Conectiva Linux advisory: CLA-2003:742 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000742 Debian Security Information: DSA-384 (Google Search) http://www.debian.org/security/2003/dsa-384 FreeBSD Security Advisory: FreeBSD-SA-03:13 http://archives.neohapsis.com/archives/fulldisclosure/2003-q3/4119.html HPdes Security Advisory: SSRT3631 Immunix Linux Advisory: IMNX-2003-7+-021-01 http://www.mandriva.com/security/advisories?name=MDKSA-2003:092 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2975 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A572 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A603 http://www.redhat.com/support/errata/RHSA-2003-283.html http://www.redhat.com/support/errata/RHSA-2003-284.html SCO Security Bulletin: CSSA-2003-036.0 SCO Security Bulletin: SCOSA-2004.11 ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.11/SCOSA-2004.11.txt http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0113.html
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.