ID de Prueba:	1.3.6.1.4.1.25623.1.0.51093
Categoría:	Red Hat Local Security Checks
Título:	RedHat Security Advisory RHSA-2004:004
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory RHSA-2004:004. CVS is a version control system frequently used to manage source code repositories. A flaw was found in versions of CVS prior to 1.11.10 where a malformed module request could cause the CVS server to attempt to create files or directories at the root level of the file system. However, normal file system permissions would prevent the creation of these misplaced directories. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2003-0977 to this issue. Users of CVS are advised to upgrade to these erratum packages, which contain a patch correcting this issue. For Red Hat Enterprise Linux 2.1, these updates also fix an off-by-one overflow in the CVS PreservePermissions code. The PreservePermissions feature is not used by default (and can only be used for local CVS). The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2002-0844 to this issue. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2004-004.html http://ccvs.cvshome.org/servlets/NewsItemView?newsID=84 http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0081.html Risk factor : High CVSS Score: 7.5
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2002-0844 BugTraq ID: 4829 http://www.securityfocus.com/bid/4829 Bugtraq: 20020525 [DER ADV#8] - Local off by one in CVSD (Google Search) http://marc.info/?l=bugtraq&m=102233767925177&w=2 Caldera Security Advisory: CSSA-2002-035.0 ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-035.0.txt http://www.redhat.com/support/errata/RHSA-2004-004.html SGI Security Advisory: 20040103-01-U ftp://patches.sgi.com/support/free/security/advisories/20040103-01-U.asc http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0081.html XForce ISS Database: cvs-rcs-offbyone-bo(9175) https://exchange.xforce.ibmcloud.com/vulnerabilities/9175 Common Vulnerability Exposure (CVE) ID: CVE-2003-0977 Bugtraq: 20031217 [OpenPKG-SA-2003.052] OpenPKG Security Advisory (cvs) (Google Search) http://marc.info/?l=bugtraq&m=107168035515554&w=2 Bugtraq: 20040129 [FLSA-2004:1207] Updated cvs resolves security vulnerability (Google Search) http://marc.info/?l=bugtraq&m=107540163908129&w=2 Conectiva Linux advisory: CLA-2004:808 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000808 Debian Security Information: DSA-422 (Google Search) http://www.debian.org/security/2004/dsa-422 http://www.mandriva.com/security/advisories?name=MDKSA-2003:112 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11528 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A855 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A866 http://www.redhat.com/support/errata/RHSA-2004-003.html http://secunia.com/advisories/10601 SGI Security Advisory: 20040202-01-U ftp://patches.sgi.com/support/free/security/advisories/20040202-01-U.asc XForce ISS Database: cvs-module-file-manipulation(13929) https://exchange.xforce.ibmcloud.com/vulnerabilities/13929
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.