ID de Prueba:	1.3.6.1.4.1.25623.1.0.51029
Categoría:	Red Hat Local Security Checks
Título:	RedHat Security Advisory RHSA-2004:153
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory RHSA-2004:153. CVS is a version control system frequently used to manage source code repositories. Sebastian Krahmer discovered a flaw in CVS clients where rcs diff files can create files with absolute pathnames. An attacker could create a fake malicious CVS server that would cause arbitrary files to be created or overwritten when a victim connects to it. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0180 to this issue. Users of CVS are advised to upgrade to these erratum packages, which contain a patch correcting this issue. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2004-153.html Risk factor : Medium CVSS Score: 2.6
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2004-0180 Debian Security Information: DSA-486 (Google Search) http://www.debian.org/security/2004/dsa-486 http://marc.info/?l=bugtraq&m=108636445031613&w=2 FreeBSD Security Advisory: FreeBSD-SA-04:07 ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:07.cvs.asc http://security.gentoo.org/glsa/glsa-200404-13.xml http://www.mandriva.com/security/advisories?name=MDKSA-2004:028 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1042 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9462 http://www.redhat.com/support/errata/RHSA-2004-153.html http://www.redhat.com/support/errata/RHSA-2004-154.html http://secunia.com/advisories/11368 http://secunia.com/advisories/11371 http://secunia.com/advisories/11374 http://secunia.com/advisories/11375 http://secunia.com/advisories/11377 http://secunia.com/advisories/11380 http://secunia.com/advisories/11391 http://secunia.com/advisories/11400 http://secunia.com/advisories/11405 http://secunia.com/advisories/11548 SGI Security Advisory: 20040404-01-U ftp://patches.sgi.com/support/free/security/advisories/20040404-01-U.asc http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.400181 SuSE Security Announcement: SuSE-SA:2004:008 (Google Search) XForce ISS Database: cvs-rcs-create-files(15864) https://exchange.xforce.ibmcloud.com/vulnerabilities/15864
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.