 |
Inicial ▼ Bookkeeping
Online ▼ Auditorias ▼
DNS
Administrado ▼
Acerca de DNS
Ordenar/Renovar
Preguntas Frecuentes
AUP
Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password Monitoreo
de Redes ▼
Enterprise
Avanzado
Estándarr
Prueba
Preguntas Frecuentes
Resumen de Precio/Funciones
Ordenar
Muestras
Configure/Status Alert Profiles | ||
| ID de Prueba: | 1.3.6.1.4.1.25623.1.0.52649 |
| Categoría: | FreeBSD Local Security Checks |
| Título: | FreeBSD Security Advisory (FreeBSD-SA-04:07.cvs.asc) |
| Resumen: | The remote host is missing an update to the system; as announced in the referenced advisory FreeBSD-SA-04:07.cvs.asc |
| Descripción: | Summary: The remote host is missing an update to the system as announced in the referenced advisory FreeBSD-SA-04:07.cvs.asc Vulnerability Insight: The Concurrent Versions System (CVS) is a version control system. It may be used to access a repository locally, or to access a `remote repository' using a number of different methods. When accessing a remote repository, the target machine runs the CVS server to fulfill client requests. Two programming errors were discovered in which path names handled by CVS were not properly validated. In one case, CVE-2004-0180, the CVS client accepts absolute path names from the server when determining which files to update. In another case, CVE-2004-0405, the CVS server accepts relative path names from the client when determining which files to transmit, including those containing references to parent directories (`../'). Solution: Upgrade your system to the appropriate stable release or security branch dated after the correction date. CVSS Score: 2.6 CVSS Vector: AV:N/AC:H/Au:N/C:N/I:P/A:N |
| Referencia Cruzada: |
Common Vulnerability Exposure (CVE) ID: CVE-2004-0180 Debian Security Information: DSA-486 (Google Search) http://www.debian.org/security/2004/dsa-486 http://marc.info/?l=bugtraq&m=108636445031613&w=2 FreeBSD Security Advisory: FreeBSD-SA-04:07 ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:07.cvs.asc http://security.gentoo.org/glsa/glsa-200404-13.xml http://www.mandriva.com/security/advisories?name=MDKSA-2004:028 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1042 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9462 http://www.redhat.com/support/errata/RHSA-2004-153.html http://www.redhat.com/support/errata/RHSA-2004-154.html http://secunia.com/advisories/11368 http://secunia.com/advisories/11371 http://secunia.com/advisories/11374 http://secunia.com/advisories/11375 http://secunia.com/advisories/11377 http://secunia.com/advisories/11380 http://secunia.com/advisories/11391 http://secunia.com/advisories/11400 http://secunia.com/advisories/11405 http://secunia.com/advisories/11548 SGI Security Advisory: 20040404-01-U ftp://patches.sgi.com/support/free/security/advisories/20040404-01-U.asc http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.400181 SuSE Security Announcement: SuSE-SA:2004:008 (Google Search) XForce ISS Database: cvs-rcs-create-files(15864) https://exchange.xforce.ibmcloud.com/vulnerabilities/15864 |
| Copyright | Copyright (C) 2008 E-Soft Inc. |
| Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora. |