Conectiva Local Security Checks : Conectiva Security Advisory CLA-2004:800

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.51327

Categoría: Conectiva Local Security Checks

Título: Conectiva Security Advisory CLA-2004:800

Resumen: NOSUMMARY

Descripción: Description:

The remote host is missing updates announced in
advisory CLA-2004:800.

lftp[1] is a command-line file transfer program which supports many
protocols.

Ulf Härnhammar reported[2] two buffer overflow vulnerabilities[3] in
the lftp program. An attacker could prepare a directory on a server
which, if accessed with a vulnerable lftp with the ls or rels
command, could cause arbitrary code to be executed on the client.

Solution:
The apt tool can be used to perform RPM package upgrades
by running 'apt-get update' followed by 'apt-get upgrade'

http://www.securityspace.com/smysecure/catid.html?in=CLA-2004:800
http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=002004

Risk factor : High

CVSS Score:
7.5

Referencia Cruzada: BugTraq ID: 9212
Common Vulnerability Exposure (CVE) ID: CVE-2003-0963
Bugtraq: 20031212 [slackware-security] lftp security update (SSA:2003-346-01) (Google Search)
http://marc.info/?l=bugtraq&m=107126386226196&w=2
Bugtraq: 20031213 lftp buffer overflows (Google Search)
http://marc.info/?l=bugtraq&m=107152267121513&w=2
Bugtraq: 20031217 [OpenPKG-SA-2003.053] OpenPKG Security Advisory (lftp) (Google Search)
http://marc.info/?l=bugtraq&m=107167974714484&w=2
Bugtraq: 20031218 GLSA: lftp (200312-07) (Google Search)
http://marc.info/?l=bugtraq&m=107177409418121&w=2
Conectiva Linux advisory: CLA-2004:800
http://marc.info/?l=bugtraq&m=107340499504411&w=2
Debian Security Information: DSA-406 (Google Search)
http://www.debian.org/security/2004/dsa-406
http://www.mandriva.com/security/advisories?name=MDKSA-2003:116
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11180
http://www.redhat.com/support/errata/RHSA-2003-403.html
http://www.redhat.com/support/errata/RHSA-2003-404.html
http://secunia.com/advisories/10525
http://secunia.com/advisories/10548
SGI Security Advisory: 20040101-01-U
ftp://patches.sgi.com/support/free/security/advisories/20040101-01-U
SGI Security Advisory: 20040202-01-U
ftp://patches.sgi.com/support/free/security/advisories/20040202-01-U.asc
SuSE Security Announcement: SuSE-SA:2003:051 (Google Search)
http://www.novell.com/linux/security/advisories/2003_051_lftp.html

Copyright Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.51327
Categoría:	Conectiva Local Security Checks
Título:	Conectiva Security Advisory CLA-2004:800
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory CLA-2004:800. lftp[1] is a command-line file transfer program which supports many protocols. Ulf Härnhammar reported[2] two buffer overflow vulnerabilities[3] in the lftp program. An attacker could prepare a directory on a server which, if accessed with a vulnerable lftp with the ls or rels command, could cause arbitrary code to be executed on the client. Solution: The apt tool can be used to perform RPM package upgrades by running 'apt-get update' followed by 'apt-get upgrade' http://www.securityspace.com/smysecure/catid.html?in=CLA-2004:800 http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=002004 Risk factor : High CVSS Score: 7.5
Referencia Cruzada:	BugTraq ID: 9212 Common Vulnerability Exposure (CVE) ID: CVE-2003-0963 Bugtraq: 20031212 [slackware-security] lftp security update (SSA:2003-346-01) (Google Search) http://marc.info/?l=bugtraq&m=107126386226196&w=2 Bugtraq: 20031213 lftp buffer overflows (Google Search) http://marc.info/?l=bugtraq&m=107152267121513&w=2 Bugtraq: 20031217 [OpenPKG-SA-2003.053] OpenPKG Security Advisory (lftp) (Google Search) http://marc.info/?l=bugtraq&m=107167974714484&w=2 Bugtraq: 20031218 GLSA: lftp (200312-07) (Google Search) http://marc.info/?l=bugtraq&m=107177409418121&w=2 Conectiva Linux advisory: CLA-2004:800 http://marc.info/?l=bugtraq&m=107340499504411&w=2 Debian Security Information: DSA-406 (Google Search) http://www.debian.org/security/2004/dsa-406 http://www.mandriva.com/security/advisories?name=MDKSA-2003:116 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11180 http://www.redhat.com/support/errata/RHSA-2003-403.html http://www.redhat.com/support/errata/RHSA-2003-404.html http://secunia.com/advisories/10525 http://secunia.com/advisories/10548 SGI Security Advisory: 20040101-01-U ftp://patches.sgi.com/support/free/security/advisories/20040101-01-U SGI Security Advisory: 20040202-01-U ftp://patches.sgi.com/support/free/security/advisories/20040202-01-U.asc SuSE Security Announcement: SuSE-SA:2003:051 (Google Search) http://www.novell.com/linux/security/advisories/2003_051_lftp.html
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com