FreeBSD Local Security Checks : FreeBSD Ports: gld

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.52130

Categoría: FreeBSD Local Security Checks

Título: FreeBSD Ports: gld

Resumen: The remote host is missing an update to the system; as announced in the referenced advisory.

Descripción: Summary:
The remote host is missing an update to the system
as announced in the referenced advisory.

Vulnerability Insight:
The following package is affected: gld

CVE-2005-1099
Multiple buffer overflows in the HandleChild function in server.c in
Greylisting daemon (GLD) 1.3 and 1.4, when GLD is listening on a
network interface, allow remote attackers to execute arbitrary code.

CVE-2005-1100
Format string vulnerability in the ErrorLog function in cnf.c in
Greylisting daemon (GLD) 1.3 and 1.4 allows remote attackers to
execute arbitrary code via format string specifiers in data that is
passed directly to syslog.

Solution:
Update your system with the appropriate patches or
software upgrades.

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2005-1099
Bugtraq: 20050412 GLD (Greylisting daemon for Postfix) multiple vulnerabilities. (Google Search)
http://marc.info/?l=bugtraq&m=111339935903880&w=2
Bugtraq: 20050413 Gld 1.5 released (security fix) (Google Search)
http://marc.info/?l=bugtraq&m=111342432325670&w=2
http://security.gentoo.org/glsa/glsa-200504-10.xml
http://www.osvdb.org/15492
http://securitytracker.com/alerts/2005/Apr/1013678.html
http://secunia.com/advisories/14941
XForce ISS Database: gld-serverc-bo(20066)
https://exchange.xforce.ibmcloud.com/vulnerabilities/20066
Common Vulnerability Exposure (CVE) ID: CVE-2005-1100
http://www.osvdb.org/15493
XForce ISS Database: gld-cnfc-format-string(20067)
https://exchange.xforce.ibmcloud.com/vulnerabilities/20067

Copyright Copyright (C) 2008 E-Soft Inc.

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.52130
Categoría:	FreeBSD Local Security Checks
Título:	FreeBSD Ports: gld
Resumen:	The remote host is missing an update to the system; as announced in the referenced advisory.
Descripción:	Summary: The remote host is missing an update to the system as announced in the referenced advisory. Vulnerability Insight: The following package is affected: gld CVE-2005-1099 Multiple buffer overflows in the HandleChild function in server.c in Greylisting daemon (GLD) 1.3 and 1.4, when GLD is listening on a network interface, allow remote attackers to execute arbitrary code. CVE-2005-1100 Format string vulnerability in the ErrorLog function in cnf.c in Greylisting daemon (GLD) 1.3 and 1.4 allows remote attackers to execute arbitrary code via format string specifiers in data that is passed directly to syslog. Solution: Update your system with the appropriate patches or software upgrades. CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2005-1099 Bugtraq: 20050412 GLD (Greylisting daemon for Postfix) multiple vulnerabilities. (Google Search) http://marc.info/?l=bugtraq&m=111339935903880&w=2 Bugtraq: 20050413 Gld 1.5 released (security fix) (Google Search) http://marc.info/?l=bugtraq&m=111342432325670&w=2 http://security.gentoo.org/glsa/glsa-200504-10.xml http://www.osvdb.org/15492 http://securitytracker.com/alerts/2005/Apr/1013678.html http://secunia.com/advisories/14941 XForce ISS Database: gld-serverc-bo(20066) https://exchange.xforce.ibmcloud.com/vulnerabilities/20066 Common Vulnerability Exposure (CVE) ID: CVE-2005-1100 http://www.osvdb.org/15493 XForce ISS Database: gld-cnfc-format-string(20067) https://exchange.xforce.ibmcloud.com/vulnerabilities/20067
Copyright	Copyright (C) 2008 E-Soft Inc.