ID de Prueba:	1.3.6.1.4.1.25623.1.0.51136
Categoría:	Red Hat Local Security Checks
Título:	RedHat Security Advisory RHSA-2004:192
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory RHSA-2004:192. Rsync is a program for synchronizing files over a network. Rsync before 2.6.1 does not properly sanitize paths when running a read/write daemon without using chroot. This could allow a remote attacker to write files outside of the module's path, depending on the privileges assigned to the rsync daemon. Users not running an rsync daemon, running a read-only daemon, or running a chrooted daemon are not affected by this issue. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0426 to this issue. Users of Rsync are advised to upgrade to this updated package, which contains a backported patch and is not affected by this issue. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2004-192.html http://rsync.samba.org/#security_apr04 Risk factor : Medium CVSS Score: 5.0
Referencia Cruzada:	BugTraq ID: 10247 Common Vulnerability Exposure (CVE) ID: CVE-2004-0426 http://www.securityfocus.com/bid/10247 Bugtraq: 20040521 [OpenPKG-SA-2004.025] OpenPKG Security Advisory (rsync) (Google Search) http://marc.info/?l=bugtraq&m=108515912212018&w=2 Computer Incident Advisory Center Bulletin: O-134 http://www.ciac.org/ciac/bulletins/o-134.shtml Computer Incident Advisory Center Bulletin: O-212 http://www.ciac.org/ciac/bulletins/o-212.shtml Debian Security Information: DSA-499 (Google Search) http://www.debian.org/security/2004/dsa-499 http://www.gentoo.org/security/en/glsa/glsa-200407-10.xml http://www.mandriva.com/security/advisories?name=MDKSA-2004:042 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9495 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A967 http://www.redhat.com/support/errata/RHSA-2004-192.html http://secunia.com/advisories/11514 http://secunia.com/advisories/11515 http://secunia.com/advisories/11523 http://secunia.com/advisories/11537 http://secunia.com/advisories/11583 http://secunia.com/advisories/11669 http://secunia.com/advisories/11688 http://secunia.com/advisories/11993 http://secunia.com/advisories/12054 http://www.slackware.org/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.403462 http://www.trustix.net/errata/misc/2004/TSL-2004-0024-rsync.asc.txt XForce ISS Database: rsync-write-files(16014) https://exchange.xforce.ibmcloud.com/vulnerabilities/16014
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.