 |
Inicial ▼ Bookkeeping
Online ▼ Auditorias ▼
DNS
Administrado ▼
Acerca de DNS
Ordenar/Renovar
Preguntas Frecuentes
AUP
Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password Monitoreo
de Redes ▼
Enterprise
Avanzado
Estándarr
Prueba
Preguntas Frecuentes
Resumen de Precio/Funciones
Ordenar
Muestras
Configure/Status Alert Profiles | ||
| ID de Prueba: | 1.3.6.1.4.1.25623.1.0.51635 |
| Categoría: | Red Hat Local Security Checks |
| Título: | RedHat Security Advisory RHSA-2005:025 |
| Resumen: | NOSUMMARY |
| Descripción: | Description: The remote host is missing updates announced in advisory RHSA-2005:025. Exim is a mail transport agent (MTA) developed at the University of Cambridge for use on Unix systems connected to the Internet. A buffer overflow was discovered in the spa_base64_to_bits function in Exim, as originally obtained from Samba code. If SPA authentication is enabled, a remote attacker may be able to exploit this vulnerability to execute arbitrary code as the 'exim' user. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0022 to this issue. Please note that SPA authentication is not enabled by default in Red Hat Enterprise Linux 4. Buffer overflow flaws were discovered in the host_aton and dns_build_reverse functions in Exim. A local user can trigger these flaws by executing exim with carefully crafted command line arguments and may be able to gain the privileges of the 'exim' account. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0021 to this issue. Users of Exim are advised to update to these erratum packages which contain backported patches to correct these issues. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2005-025.html http://www.exim.org/mail-archives/exim-users/Week-of-Mon-20050103/msg00028.html http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0021 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0022 Risk factor : High CVSS Score: 7.2 |
| Referencia Cruzada: |
Common Vulnerability Exposure (CVE) ID: CVE-2005-0021 CERT/CC vulnerability note: VU#132992 http://www.kb.cert.org/vuls/id/132992 Debian Security Information: DSA-635 (Google Search) http://www.debian.org/security/2005/dsa-635 Debian Security Information: DSA-637 (Google Search) http://www.debian.org/security/2005/dsa-637 http://security.gentoo.org/glsa/glsa-200501-23.xml http://www.idefense.com/application/poi/display?id=179&type=vulnerabilities http://www.idefense.com/application/poi/display?id=183&type=vulnerabilities http://www.exim.org/mail-archives/exim-users/Week-of-Mon-20050103/msg00028.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10347 http://www.redhat.com/support/errata/RHSA-2005-025.html Common Vulnerability Exposure (CVE) ID: CVE-2005-0022 BugTraq ID: 12188 http://www.securityfocus.com/bid/12188 Bugtraq: 20050212 exim auth_spa_server() PoC exploit (Google Search) http://marc.info/?l=bugtraq&m=110824870908614&w=2 http://www.idefense.com/application/poi/display?id=178&type=vulnerabilities https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11293 |
| Copyright | Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com |
| Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora. |