Red Hat Local Security Checks : RedHat Security Advisory RHSA-2005:256

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.52712

Categoría: Red Hat Local Security Checks

Título: RedHat Security Advisory RHSA-2005:256

Resumen: NOSUMMARY

Descripción: Description:

The remote host is missing updates announced in
advisory RHSA-2005:256.

The GNU libc packages (known as glibc) contain the standard C libraries
used by applications.

It was discovered that the use of LD_DEBUG, LD_SHOW_AUXV, and
LD_DYNAMIC_WEAK were not restricted for a setuid program. A local user
could utilize this flaw to gain information, such as the list of symbols
used by the program. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CVE-2004-1453 to this issue.

A number of bug fixes have also been made in the missing update.
For details of these, please visit the referenced security advisory.

All users of glibc should upgrade to these updated packages, which resolve
these issues.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2005-256.html

Risk factor : Medium

CVSS Score:
2.1

Referencia Cruzada: BugTraq ID: 10963
Common Vulnerability Exposure (CVE) ID: CVE-2004-1453
http://www.securityfocus.com/bid/10963
http://www.gentoo.org/security/en/glsa/glsa-200408-16.xml
http://bugs.gentoo.org/show_bug.cgi?id=59526
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10762
http://www.redhat.com/support/errata/RHSA-2005-256.html
http://www.redhat.com/support/errata/RHSA-2005-261.html
http://secunia.com/advisories/12306
XForce ISS Database: glibc-suid-info-disclosure(17006)
https://exchange.xforce.ibmcloud.com/vulnerabilities/17006

Copyright Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.52712
Categoría:	Red Hat Local Security Checks
Título:	RedHat Security Advisory RHSA-2005:256
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory RHSA-2005:256. The GNU libc packages (known as glibc) contain the standard C libraries used by applications. It was discovered that the use of LD_DEBUG, LD_SHOW_AUXV, and LD_DYNAMIC_WEAK were not restricted for a setuid program. A local user could utilize this flaw to gain information, such as the list of symbols used by the program. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-1453 to this issue. A number of bug fixes have also been made in the missing update. For details of these, please visit the referenced security advisory. All users of glibc should upgrade to these updated packages, which resolve these issues. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2005-256.html Risk factor : Medium CVSS Score: 2.1
Referencia Cruzada:	BugTraq ID: 10963 Common Vulnerability Exposure (CVE) ID: CVE-2004-1453 http://www.securityfocus.com/bid/10963 http://www.gentoo.org/security/en/glsa/glsa-200408-16.xml http://bugs.gentoo.org/show_bug.cgi?id=59526 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10762 http://www.redhat.com/support/errata/RHSA-2005-256.html http://www.redhat.com/support/errata/RHSA-2005-261.html http://secunia.com/advisories/12306 XForce ISS Database: glibc-suid-info-disclosure(17006) https://exchange.xforce.ibmcloud.com/vulnerabilities/17006
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com