ID de Prueba:	1.3.6.1.4.1.25623.1.0.51337
Categoría:	Conectiva Local Security Checks
Título:	Conectiva Security Advisory CLA-2004:833
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory CLA-2004:833. Midnight Commander (MC) is a visual shell and a file manager for text consoles. This update fixes a buffer overflow vulnerability[1] in the code that handles symlinks in the virtual filesystem module. An attacker could create a specially crafted archive (like a .tar.gz or a cpio file) containing symlinks that when opened by an mc user would trigger the execution of arbitrary code with its privileges. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2003-1023 to this issue[2]. Solution: The apt tool can be used to perform RPM package upgrades by running 'apt-get update' followed by 'apt-get upgrade' http://www.securityfocus.com/bid/8658/ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-1023 http://www.securityspace.com/smysecure/catid.html?in=CLA-2004:833 http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=002004 Risk factor : High CVSS Score: 7.5
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2003-1023 BugTraq ID: 8658 http://www.securityfocus.com/bid/8658 Bugtraq: 20030919 uninitialized buffer in midnight commander (Google Search) http://archive.cert.uni-stuttgart.de/bugtraq/2003/09/msg00309.html Bugtraq: 20040405 [OpenPKG-SA-2004.009] OpenPKG Security Advisory (mc) (Google Search) http://marc.info/?l=bugtraq&m=108118433222764&w=2 Caldera Security Advisory: CSSA-2004-014.0 ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2004-014.0.txt Conectiva Linux advisory: CLA-2004:833 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000833 Debian Security Information: DSA-424 (Google Search) http://www.debian.org/security/2004/dsa-424 http://fedoranews.org/updates/FEDORA-2004-058.shtml http://www.redhat.com/archives/fedora-legacy-announce/2004-May/msg00002.html http://security.gentoo.org/glsa/glsa-200403-09.xml http://www.mandriva.com/security/advisories?name=MDKSA-2004:007 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A822 RedHat Security Advisories: RHSA-2004:034 http://rhn.redhat.com/errata/RHSA-2004-034.html RedHat Security Advisories: RHSA-2004:035 http://rhn.redhat.com/errata/RHSA-2004-035.html http://secunia.com/advisories/10645 http://secunia.com/advisories/10685 http://secunia.com/advisories/10716 http://secunia.com/advisories/10772 http://secunia.com/advisories/10823 http://secunia.com/advisories/11219 http://secunia.com/advisories/11262 http://secunia.com/advisories/11268 http://secunia.com/advisories/11296 http://secunia.com/advisories/9833 SGI Security Advisory: 20040201-01-U ftp://patches.sgi.com/support/free/security/advisories/20040201-01-U.asc SGI Security Advisory: 20040202-01-U ftp://patches.sgi.com/support/free/security/advisories/20040202-01-U.asc XForce ISS Database: midnight-commander-vfssresolvesymlink-bo(13247) https://exchange.xforce.ibmcloud.com/vulnerabilities/13247
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.