ID de Prueba:	1.3.6.1.4.1.25623.1.0.53928
Categoría:	Slackware Local Security Checks
Título:	Slackware: Security Advisory (SSA:2004-140-01)
Resumen:	The remote host is missing an update for the 'cvs' package(s) announced via the SSA:2004-140-01 advisory.
Descripción:	Summary: The remote host is missing an update for the 'cvs' package(s) announced via the SSA:2004-140-01 advisory. Vulnerability Insight: New cvs packages are available for Slackware 8.1, 9.0, 9.1, and -current to fix a buffer overflow vulnerability which could allow an attacker to run arbitrary programs on the CVS server. Sites running a CVS server should upgrade to the new CVS package right away. More details about this issue may be found in the Common Vulnerabilities and Exposures (CVE) database: [link moved to references] Here are the details from the Slackware 9.1 ChangeLog: +--------------------------+ Wed May 19 14:16:32 PDT 2004 patches/packages/cvs-1.11.16-i486-1.tgz: Upgraded to cvs-1.11.16. From the NEWS file: A potential buffer overflow vulnerability in the server has been fixed. Prior to this patch, a malicious client could potentially use carefully crafted server requests to run arbitrary programs on the CVS server machine. For more details, see: [link moved to references] (* Security fix *) +--------------------------+ Affected Software/OS: 'cvs' package(s) on Slackware 8.1, Slackware 9.0, Slackware 9.1, Slackware current. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2004-0396 BugTraq ID: 10384 http://www.securityfocus.com/bid/10384 Bugtraq: 20040519 Advisory 07/2004: CVS remote vulnerability (Google Search) http://cert.uni-stuttgart.de/archive/bugtraq/2004/05/msg00219.html http://marc.info/?l=bugtraq&m=108498454829020&w=2 Bugtraq: 20040519 [OpenPKG-SA-2004.022] OpenPKG Security Advisory (cvs) (Google Search) http://marc.info/?l=bugtraq&m=108500040719512&w=2 Cert/CC Advisory: TA04-147A http://www.us-cert.gov/cas/techalerts/TA04-147A.html CERT/CC vulnerability note: VU#192038 http://www.kb.cert.org/vuls/id/192038 Computer Incident Advisory Center Bulletin: O-147 http://www.ciac.org/ciac/bulletins/o-147.shtml Debian Security Information: DSA-505 (Google Search) http://www.debian.org/security/2004/dsa-505 http://marc.info/?l=bugtraq&m=108636445031613&w=2 FreeBSD Security Advisory: FreeBSD-SA-04:10 ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:10.cvs.asc http://archives.neohapsis.com/archives/fulldisclosure/2004-05/0980.html http://security.gentoo.org/glsa/glsa-200405-12.xml http://www.mandriva.com/security/advisories?name=MDKSA-2004:048 http://security.e-matters.de/advisories/072004.html NETBSD Security Advisory: NetBSD-SA2004-008 ftp://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2004-008.txt.asc OpenBSD Security Advisory: 20040520 cvs server buffer overflow vulnerability http://marc.info/?l=openbsd-security-announce&m=108508894405639&w=2 http://www.osvdb.org/6305 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9058 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A970 http://www.redhat.com/support/errata/RHSA-2004-190.html http://secunia.com/advisories/11641 http://secunia.com/advisories/11647 http://secunia.com/advisories/11651 http://secunia.com/advisories/11652 http://secunia.com/advisories/11674 http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.395865 SuSE Security Announcement: SuSE-SA:2004:013 (Google Search) http://lists.grok.org.uk/pipermail/full-disclosure/2004-May/021742.html XForce ISS Database: cvs-entry-line-bo(16193) https://exchange.xforce.ibmcloud.com/vulnerabilities/16193
Copyright	Copyright (C) 2012 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.