Conectiva Local Security Checks : Conectiva Security Advisory CLA-2004:894

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.51384

Categoría: Conectiva Local Security Checks

Título: Conectiva Security Advisory CLA-2004:894

Resumen: NOSUMMARY

Descripción: Description:

The remote host is missing updates announced in
advisory CLA-2004:894.

shadow-utils[1] is a collection of utilities for managing shadow
password files and user/group accounts.

Martin Schulze reported a vulnerability[2] in the passwd_check()
function in libmisc/pwdcheck.c which is used by chfn and chsh and
thus may allow a local attacker to use them to change the standard
shell of other users or modify their GECOS information (full name,
phone number...).

Solution:
The apt tool can be used to perform RPM package upgrades
by running 'apt-get update' followed by 'apt-get upgrade'

http://shadow.pld.org.pl/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1001
http://www.securityspace.com/smysecure/catid.html?in=CLA-2004:894
http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=002004

Risk factor : Medium

CVSS Score:
4.6

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2004-1001
Conectiva Linux advisory: CLA-2004:894
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000894
Debian Security Information: DSA-585 (Google Search)
http://www.debian.org/security/2004/dsa-585
http://secunia.com/advisories/13028
XForce ISS Database: shadow-pwdcheck-modify-account(17902)
https://exchange.xforce.ibmcloud.com/vulnerabilities/17902

Copyright Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.51384
Categoría:	Conectiva Local Security Checks
Título:	Conectiva Security Advisory CLA-2004:894
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory CLA-2004:894. shadow-utils[1] is a collection of utilities for managing shadow password files and user/group accounts. Martin Schulze reported a vulnerability[2] in the passwd_check() function in libmisc/pwdcheck.c which is used by chfn and chsh and thus may allow a local attacker to use them to change the standard shell of other users or modify their GECOS information (full name, phone number...). Solution: The apt tool can be used to perform RPM package upgrades by running 'apt-get update' followed by 'apt-get upgrade' http://shadow.pld.org.pl/ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1001 http://www.securityspace.com/smysecure/catid.html?in=CLA-2004:894 http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=002004 Risk factor : Medium CVSS Score: 4.6
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2004-1001 Conectiva Linux advisory: CLA-2004:894 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000894 Debian Security Information: DSA-585 (Google Search) http://www.debian.org/security/2004/dsa-585 http://secunia.com/advisories/13028 XForce ISS Database: shadow-pwdcheck-modify-account(17902) https://exchange.xforce.ibmcloud.com/vulnerabilities/17902
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com