ID de Prueba:	1.3.6.1.4.1.25623.1.0.51500
Categoría:	Conectiva Local Security Checks
Título:	Conectiva Security Advisory CLA-2002:463
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory CLA-2002:463. UUCP is a Unix to Unix transfer mechanism. It is used primarily for remote sites to download and upload email and news files to local machines. zen-parse found[1] a vulnerability in the command-line argument handling of uucp which could be exploited by a local user to obtain uucp uid/gid. This vulnerability was supposed to be fixed in the CLSA-2001:425 announcement[2], but zen-parse found[3] the used patch was not totally effective. Security precautions were not being enforced for all command line options variants, such as --confi for --config or -c which are synonymous due to the way getopt() works. The upstream uucp author, Ian Lance Taylor, provided a patch to solve this vulnerability. Solution: The apt tool can be used to perform RPM package upgrades by running 'apt-get update' followed by 'apt-get upgrade' http://www.securityfocus.com/archive/1/212892 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000425&idioma=en http://www.securityfocus.com/archive/1/251168 http://www.securityspace.com/smysecure/catid.html?in=CLA-2002:463 http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=002002 Risk factor : High
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.