ID de Prueba:	1.3.6.1.4.1.25623.1.0.51345
Categoría:	Conectiva Local Security Checks
Título:	Conectiva Security Advisory CLA-2004:842
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory CLA-2004:842. Mailman[1] is a mailing list manager. This update fixes the following vulnerabilities for Conectiva Linux 9: 1) Cross site scripting vulnerability in the admin CGI script (CVE-2003-0965)[2] 2) Cross site scripting vulnerability in the create CGI script (CVE-2003-0992)[3] 3) Remote password retrieval vulnerability (CVE-2004-0412)[4] As mentioned in the 2.1.5 release announcement[5], previous mailman versions are vulnerable to a password retrieval attack which would give the attacker the password an user choose when he/she subscribed to a mailing list. For Conectiva Linux 8, the following vulnerability has been fixed: - CVE-2003-0991[6]: denial of service vulnerability caused by specific mail messages which would crash mailman. Solution: The apt tool can be used to perform RPM package upgrades by running 'apt-get update' followed by 'apt-get upgrade' http://www.list.org/ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0965 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0992 http://cve.mitre.org/cgi-bin/cvename.cgi?name=can-2004-0412 http://mail.python.org/pipermail/mailman-announce/2004-May/000072.html http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0991 http://www.securityspace.com/smysecure/catid.html?in=CLA-2004:842 http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=002004 Risk factor : High CVSS Score: 6.8
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2003-0965 BugTraq ID: 9336 http://www.securityfocus.com/bid/9336 Conectiva Linux advisory: CLA-2004:842 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000842 Debian Security Information: DSA-436 (Google Search) http://www.debian.org/security/2004/dsa-436 http://www.mandriva.com/security/advisories?name=MDKSA-2004:013 http://mail.python.org/pipermail/mailman-announce/2003-December/000066.html http://www.osvdb.org/3305 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A813 http://www.redhat.com/support/errata/RHSA-2004-020.html http://secunia.com/advisories/10519 XForce ISS Database: mailman-admin-xss(14121) https://exchange.xforce.ibmcloud.com/vulnerabilities/14121 Common Vulnerability Exposure (CVE) ID: CVE-2003-0992 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A815 Common Vulnerability Exposure (CVE) ID: CVE-2004-0412 BugTraq ID: 10412 http://www.securityfocus.com/bid/10412 http://marc.info/?l=bugtraq&m=109034869927955&w=2 http://security.gentoo.org/glsa/glsa-200406-04.xml http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:051 http://mail.python.org/pipermail/mailman-announce/2004-May/000072.html http://secunia.com/advisories/11701 XForce ISS Database: mailman-obtain-password(16256) https://exchange.xforce.ibmcloud.com/vulnerabilities/16256 Common Vulnerability Exposure (CVE) ID: CVE-2003-0991 BugTraq ID: 9620 http://www.securityfocus.com/bid/9620 http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:013 http://mail.python.org/pipermail/mailman-announce/2004-February/000067.html http://www.redhat.com/support/errata/RHSA-2004-019.html SGI Security Advisory: 20040201-01-U ftp://patches.sgi.com/support/free/security/advisories/20040201-01-U.asc XForce ISS Database: mailman-command-handler-dos(15106) https://exchange.xforce.ibmcloud.com/vulnerabilities/15106
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.