Conectiva Local Security Checks : Conectiva Security Advisory CLA-2003:734

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.51454

Categoría: Conectiva Local Security Checks

Título: Conectiva Security Advisory CLA-2003:734

Resumen: NOSUMMARY

Descripción: Description:

The remote host is missing updates announced in
advisory CLA-2003:734.

pam_smb is a PAM module that allows applications to authenticate
against a SMB server (such as Microsoft Windows(TM) or Samba).

A buffer overflow vulnerability has been discovered in the pam_smb
module. An attacker can execute arbitrary code in the context of the
program using the module by supplying a long password. Remote root
access can be gained if remote services such as SSH or FTP are using
the module (which is not enabled by default in any application
distributed with Conectiva Linux).

The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CVE-2003-0686 to this issue.

Solution:
The apt tool can be used to perform RPM package upgrades
by running 'apt-get update' followed by 'apt-get upgrade'

http://www.securityspace.com/smysecure/catid.html?in=CLA-2003:734
http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=002003

Risk factor : High

CVSS Score:
7.5

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2003-0686
Bugtraq: 20030901 GLSA: pam_smb (200309-01) (Google Search)
http://marc.info/?l=bugtraq&m=106252769930090&w=2
CERT/CC vulnerability note: VU#680260
http://www.kb.cert.org/vuls/id/680260
Conectiva Linux advisory: CLA-2003:734
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000734
Debian Security Information: DSA-374 (Google Search)
http://www.debian.org/security/2003/dsa-374
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A469
http://www.redhat.com/support/errata/RHSA-2003-261.html
http://www.redhat.com/support/errata/RHSA-2003-262.html
http://secunia.com/advisories/9611
SuSE Security Announcement: SuSE-SA:2003:036 (Google Search)
TurboLinux Advisory: TLSA-2003-50
http://www.turbolinux.com/security/TLSA-2003-50.txt

Copyright Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.51454
Categoría:	Conectiva Local Security Checks
Título:	Conectiva Security Advisory CLA-2003:734
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory CLA-2003:734. pam_smb is a PAM module that allows applications to authenticate against a SMB server (such as Microsoft Windows(TM) or Samba). A buffer overflow vulnerability has been discovered in the pam_smb module. An attacker can execute arbitrary code in the context of the program using the module by supplying a long password. Remote root access can be gained if remote services such as SSH or FTP are using the module (which is not enabled by default in any application distributed with Conectiva Linux). The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2003-0686 to this issue. Solution: The apt tool can be used to perform RPM package upgrades by running 'apt-get update' followed by 'apt-get upgrade' http://www.securityspace.com/smysecure/catid.html?in=CLA-2003:734 http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=002003 Risk factor : High CVSS Score: 7.5
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2003-0686 Bugtraq: 20030901 GLSA: pam_smb (200309-01) (Google Search) http://marc.info/?l=bugtraq&m=106252769930090&w=2 CERT/CC vulnerability note: VU#680260 http://www.kb.cert.org/vuls/id/680260 Conectiva Linux advisory: CLA-2003:734 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000734 Debian Security Information: DSA-374 (Google Search) http://www.debian.org/security/2003/dsa-374 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A469 http://www.redhat.com/support/errata/RHSA-2003-261.html http://www.redhat.com/support/errata/RHSA-2003-262.html http://secunia.com/advisories/9611 SuSE Security Announcement: SuSE-SA:2003:036 (Google Search) TurboLinux Advisory: TLSA-2003-50 http://www.turbolinux.com/security/TLSA-2003-50.txt
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com