ID de Prueba:	1.3.6.1.4.1.25623.1.0.51202
Categoría:	Red Hat Local Security Checks
Título:	RedHat Security Advisory RHSA-2003:021
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory RHSA-2003:021. Updated packages fix a vulnerability found in the Kerberos FTP client distributed with the Red Hat Linux Advanced Server krb5 packages. [Updated 06 Feb 2003] Added fixed packages for Advanced Workstation 2.1. For Advanced Workstation 2.1 these packages also fix CVE-2002-1235 as described in RHSA-2002:250 Kerberos is a network authentication system. A problem has been found in the Kerberos FTP client. When retrieving a file with a name beginning with a pipe character, the FTP client will pass the file name to the command shell in a system() call. This could allow a malicious FTP server to write to files outside of the current directory or execute commands as the user running the FTP client. The Kerberos FTP client runs as the default FTP client when the Kerberos package krb5-workstation is installed on a Red Hat Linux Advanced Server distribution. All users of Kerberos are advised to upgrade to these errata packages which contain a backported patch and are not vulnerable to this issue. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2003-021.html http://www.kb.cert.org/vuls/id/258721 http://marc.theaimsgroup.com/?l=bugtraq&m=87602746719482 http://marc.theaimsgroup.com/?l=bugtraq&m=87602746719527 Risk factor : Critical CVSS Score: 10.0
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2003-0041 http://www.mandriva.com/security/advisories?name=MDKSA-2003:021 http://www.redhat.com/support/errata/RHSA-2003-020.html http://secunia.com/advisories/7979 http://secunia.com/advisories/8114 http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0047.html Common Vulnerability Exposure (CVE) ID: CVE-2002-1235 BugTraq ID: 6024 http://www.securityfocus.com/bid/6024 Bugtraq: 20021023 MITKRB5-SA-2002-002: Buffer overflow in kadmind4 (Google Search) http://marc.info/?l=bugtraq&m=103539530729206&w=2 Bugtraq: 20021026 Updated: MITKRB5-SA-2002-002: Buffer overflow in kadmind4 (Google Search) http://marc.info/?l=bugtraq&m=103564944215101&w=2 Bugtraq: 20021027 KRB5-SORCERER2002-10-27 Security Update (Google Search) http://archives.neohapsis.com/archives/bugtraq/2002-10/0399.html Bugtraq: 20021027 Re: Buffer overflow in kadmind4 (Google Search) http://marc.info/?l=bugtraq&m=103582805330339&w=2 Bugtraq: 20021028 GLSA: krb5 (Google Search) http://marc.info/?l=bugtraq&m=103582517126392&w=2 http://www.cert.org/advisories/CA-2002-29.html CERT/CC vulnerability note: VU#875073 http://www.kb.cert.org/vuls/id/875073 Conectiva Linux advisory: CLA-2002:534 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000534 Debian Security Information: DSA-183 (Google Search) http://www.debian.org/security/2002/dsa-183 Debian Security Information: DSA-184 (Google Search) http://www.debian.org/security/2002/dsa-184 Debian Security Information: DSA-185 (Google Search) http://www.debian.org/security/2002/dsa-185 FreeBSD Security Advisory: FreeBSD-SA-02:40 http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-073.php NETBSD Security Advisory: NetBSD-SA2002-026 ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-026.txt.asc http://www.redhat.com/support/errata/RHSA-2002-242.html http://www.iss.net/security_center/static/10430.php
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.