 |
Inicial ▼ Bookkeeping
Online ▼ Auditorias ▼
DNS
Administrado ▼
Acerca de DNS
Ordenar/Renovar
Preguntas Frecuentes
AUP
Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password Monitoreo
de Redes ▼
Enterprise
Avanzado
Estándarr
Prueba
Preguntas Frecuentes
Resumen de Precio/Funciones
Ordenar
Muestras
Configure/Status Alert Profiles | ||
| ID de Prueba: | 1.3.6.1.4.1.25623.1.0.53057 |
| Categoría: | Red Hat Local Security Checks |
| Título: | RedHat Security Advisory RHSA-2005:512 |
| Resumen: | NOSUMMARY |
| Descripción: | Description: The remote host is missing updates announced in advisory RHSA-2005:512. Midnight Commander is a visual shell much like a file manager. Several denial of service bugs were found in Midnight Commander. These bugs could cause Midnight Commander to hang or crash if a victim opens a carefully crafted file. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2004-1009, CVE-2004-1090, CVE-2004-1091, CVE-2004-1093 and CVE-2004-1174 to these issues. A filename quoting bug was found in Midnight Commander's FISH protocol handler. If a victim connects via embedded SSH support to a host containing a carefully crafted filename, arbitrary code may be executed as the user running Midnight Commander. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-1175 to this issue. A buffer overflow bug was found in the way Midnight Commander handles directory completion. If a victim uses completion on a maliciously crafted directory path, it is possible for arbitrary code to be executed as the user running Midnight Commander. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0763 to this issue. Users of mc are advised to upgrade to these packages, which contain backported security patches to correct these issues. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2005-512.html Risk factor : High CVSS Score: 7.5 |
| Referencia Cruzada: |
Common Vulnerability Exposure (CVE) ID: CVE-2004-1009 Debian Security Information: DSA-639 (Google Search) http://www.debian.org/security/2005/dsa-639 http://www.redhat.com/support/errata/RHSA-2005-512.html http://secunia.com/advisories/13863/ XForce ISS Database: midnight-commander-dos(18903) https://exchange.xforce.ibmcloud.com/vulnerabilities/18903 Common Vulnerability Exposure (CVE) ID: CVE-2004-1090 XForce ISS Database: midnight-commander-section-dos(18907) https://exchange.xforce.ibmcloud.com/vulnerabilities/18907 Common Vulnerability Exposure (CVE) ID: CVE-2004-1091 http://secunia.com/advisories/13863 XForce ISS Database: midnight-commander-find-dos(18908) https://exchange.xforce.ibmcloud.com/vulnerabilities/18908 Common Vulnerability Exposure (CVE) ID: CVE-2004-1093 XForce ISS Database: midnight-commander-key-dos(18905) https://exchange.xforce.ibmcloud.com/vulnerabilities/18905 Common Vulnerability Exposure (CVE) ID: CVE-2004-1174 http://securitytracker.com/id?1012903 XForce ISS Database: midnight-commander-direntry-dos(18909) https://exchange.xforce.ibmcloud.com/vulnerabilities/18909 Common Vulnerability Exposure (CVE) ID: CVE-2004-1175 XForce ISS Database: midnight-commander-command-execution(18906) https://exchange.xforce.ibmcloud.com/vulnerabilities/18906 Common Vulnerability Exposure (CVE) ID: CVE-2005-0763 Debian Security Information: DSA-698 (Google Search) http://www.debian.org/security/2005/dsa-698 |
| Copyright | Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com |
| Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora. |