 |
Inicial ▼ Bookkeeping
Online ▼ Auditorias ▼
DNS
Administrado ▼
Acerca de DNS
Ordenar/Renovar
Preguntas Frecuentes
AUP
Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password Monitoreo
de Redes ▼
Enterprise
Avanzado
Estándarr
Prueba
Preguntas Frecuentes
Resumen de Precio/Funciones
Ordenar
Muestras
Configure/Status Alert Profiles | ||
| ID de Prueba: | 1.3.6.1.4.1.25623.1.0.51808 |
| Categoría: | Red Hat Local Security Checks |
| Título: | RedHat Security Advisory RHSA-2005:217 |
| Resumen: | NOSUMMARY |
| Descripción: | Description: The remote host is missing updates announced in advisory RHSA-2005:217. Midnight Commander (mc) is a visual shell, much like a file manager. Several format string bugs were found in Midnight Commander. If a user is tricked by an attacker into opening a specially crafted path with mc, it may be possible to execute arbitrary code as the user running Midnight Commander. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-1004 to this issue. Several buffer overflow bugs were found in Midnight Commander. If a user is tricked by an attacker into opening a specially crafted file or path with mc, it may be possible to execute arbitrary code as the user running Midnight Commander. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-1005 to this issue. A buffer underflow bug was found in Midnight Commander. If a malicious local user is able to modify the extfs.ini file, it could be possible to execute arbitrary code as a user running Midnight Commander. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-1176 to this issue. Users of mc should upgrade to these updated packages, which contain a backported patch, and are not vulnerable to this issue. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2005-217.html http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=295261 Risk factor : High CVSS Score: 7.5 |
| Referencia Cruzada: |
Common Vulnerability Exposure (CVE) ID: CVE-2004-1004 Debian Security Information: DSA-639 (Google Search) http://www.debian.org/security/2005/dsa-639 http://www.gentoo.org/security/en/glsa/glsa-200502-24.xml http://www.redhat.com/support/errata/RHSA-2005-217.html http://secunia.com/advisories/13863/ XForce ISS Database: midnightcommander-format-string(18902) https://exchange.xforce.ibmcloud.com/vulnerabilities/18902 Common Vulnerability Exposure (CVE) ID: CVE-2004-1005 XForce ISS Database: midnight-commander-bo(18898) https://exchange.xforce.ibmcloud.com/vulnerabilities/18898 Common Vulnerability Exposure (CVE) ID: CVE-2004-1176 http://securitytracker.com/id?1012903 http://secunia.com/advisories/13863 XForce ISS Database: midnight-commander-extfs-dos(18911) https://exchange.xforce.ibmcloud.com/vulnerabilities/18911 Common Vulnerability Exposure (CVE) ID: CVE-2005-1176 AIX APAR: IY70032 http://www-1.ibm.com/support/search.wss?rs=0&q=IY70032&apar=only AIX APAR: IY70034 http://www-1.ibm.com/support/search.wss?rs=0&q=IY70034&apar=only XForce ISS Database: aix-jfs2-race-condition(20604) https://exchange.xforce.ibmcloud.com/vulnerabilities/20604 |
| Copyright | Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com |
| Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora. |