 |
Inicial ▼ Bookkeeping
Online ▼ Auditorias ▼
DNS
Administrado ▼
Acerca de DNS
Ordenar/Renovar
Preguntas Frecuentes
AUP
Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password Monitoreo
de Redes ▼
Enterprise
Avanzado
Estándarr
Prueba
Preguntas Frecuentes
Resumen de Precio/Funciones
Ordenar
Muestras
Configure/Status Alert Profiles | ||
| ID de Prueba: | 1.3.6.1.4.1.25623.1.0.51204 |
| Categoría: | Red Hat Local Security Checks |
| Título: | RedHat Security Advisory RHSA-2003:013 |
| Resumen: | NOSUMMARY |
| Descripción: | Description: The remote host is missing updates announced in advisory RHSA-2003:013. Updated CVS packages are now available for Red Hat Linux Advanced Server. These updates fix a vulnerability which would permit arbitrary command execution on servers configured to allow anonymous read-only access. [Updated 06 Feb 2003] Added fixed packages for Advanced Workstation 2.1 CVS is a version control system frequently used to manage source code repositories. During an audit of the CVS sources, Stefan Esser discovered an exploitable double-free bug in the CVS server. On servers which are configured to allow anonymous read-only access, this bug could be used by anonymous users to gain write privileges. Users with CVS write privileges can then use the Update-prog and Checkin-prog features to execute arbitrary commands on the server. All users of CVS are advised to upgrade to these packages which contain patches to correct the double-free bug. Our thanks go to Stefan Esser of e-matters for reporting this issue to us. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2003-013.html http://security.e-matters.de/advisories/012003.html Risk factor : High CVSS Score: 7.5 |
| Referencia Cruzada: |
BugTraq ID: 6650 Common Vulnerability Exposure (CVE) ID: CVE-2003-0015 http://www.securityfocus.com/bid/6650 Bugtraq: 20030122 [security@slackware.com: [slackware-security] New CVS packages available] (Google Search) http://marc.info/?l=bugtraq&m=104333092200589&w=2 Bugtraq: 20030124 Test program for CVS double-free. (Google Search) http://marc.info/?l=bugtraq&m=104342550612736&w=2 Bugtraq: 20030202 Exploit for CVS double free() for Linux pserver (Google Search) http://marc.info/?l=bugtraq&m=104428571204468&w=2 Caldera Security Advisory: CSSA-2003-006 http://www.cert.org/advisories/CA-2003-02.html CERT/CC vulnerability note: VU#650937 http://www.kb.cert.org/vuls/id/650937 Computer Incident Advisory Center Bulletin: N-032 http://www.ciac.org/ciac/bulletins/n-032.shtml Debian Security Information: DSA-233 (Google Search) http://www.debian.org/security/2003/dsa-233 FreeBSD Security Advisory: FreeBSD-SA-03:01 http://marc.info/?l=bugtraq&m=104438807203491&w=2 http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:009 http://security.e-matters.de/advisories/012003.html http://www.redhat.com/support/errata/RHSA-2003-012.html RedHat Security Advisories: RHSA-2003:013 http://rhn.redhat.com/errata/RHSA-2003-013.html SuSE Security Announcement: SuSE-SA:2003:0007 (Google Search) http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0028.html XForce ISS Database: cvs-doublefree-memory-corruption(11108) https://exchange.xforce.ibmcloud.com/vulnerabilities/11108 |
| Copyright | Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com |
| Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora. |