Conectiva Local Security Checks : Conectiva Security Advisory CLA-2004:889

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.51381

Categoría: Conectiva Local Security Checks

Título: Conectiva Security Advisory CLA-2004:889

Resumen: NOSUMMARY

Descripción: Description:

The remote host is missing updates announced in
advisory CLA-2004:889.

SASL[1] is the Simple Authentication and Security Layer, a method for
adding authentication support to connection-based protocols.

A vulnerability[2] has been discovered in the Cyrus implementation of
the SASL library. The library honors the environment variable
SASL_PATH blindly, which allows a local attacker to link against a
malicious library to run arbitrary code with the privileges of a
setuid or setgid application.

Solution:
The apt tool can be used to perform RPM package upgrades
by running 'apt-get update' followed by 'apt-get upgrade'

http://asg.web.cmu.edu/sasl/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0884
http://www.securityspace.com/smysecure/catid.html?in=CLA-2004:889
http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=002004

Risk factor : High

CVSS Score:
7.2

Referencia Cruzada: BugTraq ID: 11347
Common Vulnerability Exposure (CVE) ID: CVE-2004-0884
http://lists.apple.com/archives/security-announce/2005/Mar/msg00000.html
http://www.securityfocus.com/bid/11347
Bugtraq: 20050128 [OpenPKG-SA-2005.004] OpenPKG Security Advisory (sasl) (Google Search)
http://marc.info/?l=bugtraq&m=110693126007214&w=2
Computer Incident Advisory Center Bulletin: P-003
http://www.ciac.org/ciac/bulletins/p-003.shtml
Debian Security Information: DSA-563 (Google Search)
http://www.debian.org/security/2004/dsa-563
Debian Security Information: DSA-568 (Google Search)
http://www.debian.org/security/2004/dsa-568
https://bugzilla.fedora.us/show_bug.cgi?id=2137
http://www.gentoo.org/security/en/glsa/glsa-200410-05.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2004:106
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11678
RedHat Security Advisories: RHSA-2004:546
http://rhn.redhat.com/errata/RHSA-2004-546.html
http://www.trustix.net/errata/2004/0053/
XForce ISS Database: cyrus-sasl-saslpath(17643)
https://exchange.xforce.ibmcloud.com/vulnerabilities/17643

Copyright Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.51381
Categoría:	Conectiva Local Security Checks
Título:	Conectiva Security Advisory CLA-2004:889
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory CLA-2004:889. SASL[1] is the Simple Authentication and Security Layer, a method for adding authentication support to connection-based protocols. A vulnerability[2] has been discovered in the Cyrus implementation of the SASL library. The library honors the environment variable SASL_PATH blindly, which allows a local attacker to link against a malicious library to run arbitrary code with the privileges of a setuid or setgid application. Solution: The apt tool can be used to perform RPM package upgrades by running 'apt-get update' followed by 'apt-get upgrade' http://asg.web.cmu.edu/sasl/ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0884 http://www.securityspace.com/smysecure/catid.html?in=CLA-2004:889 http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=002004 Risk factor : High CVSS Score: 7.2
Referencia Cruzada:	BugTraq ID: 11347 Common Vulnerability Exposure (CVE) ID: CVE-2004-0884 http://lists.apple.com/archives/security-announce/2005/Mar/msg00000.html http://www.securityfocus.com/bid/11347 Bugtraq: 20050128 [OpenPKG-SA-2005.004] OpenPKG Security Advisory (sasl) (Google Search) http://marc.info/?l=bugtraq&m=110693126007214&w=2 Computer Incident Advisory Center Bulletin: P-003 http://www.ciac.org/ciac/bulletins/p-003.shtml Debian Security Information: DSA-563 (Google Search) http://www.debian.org/security/2004/dsa-563 Debian Security Information: DSA-568 (Google Search) http://www.debian.org/security/2004/dsa-568 https://bugzilla.fedora.us/show_bug.cgi?id=2137 http://www.gentoo.org/security/en/glsa/glsa-200410-05.xml http://www.mandriva.com/security/advisories?name=MDKSA-2004:106 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11678 RedHat Security Advisories: RHSA-2004:546 http://rhn.redhat.com/errata/RHSA-2004-546.html http://www.trustix.net/errata/2004/0053/ XForce ISS Database: cyrus-sasl-saslpath(17643) https://exchange.xforce.ibmcloud.com/vulnerabilities/17643
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com