Red Hat Local Security Checks : RedHat Security Advisory RHSA-2005:755

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.55134

Categoría: Red Hat Local Security Checks

Título: RedHat Security Advisory RHSA-2005:755

Resumen: NOSUMMARY

Descripción: Description:

The remote host is missing updates announced in
advisory RHSA-2005:755.

Elm is a terminal mode email client.

A buffer overflow flaw in Elm was discovered that was triggered by viewing
a mailbox containing a message with a carefully crafted 'Expires' header.
An attacker could create a malicious message that would execute arbitrary
code with the privileges of the user who received it. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name
CVE-2005-2665 to this issue.

Users of Elm should update to this updated package, which contains a
backported patch that corrects this issue.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2005-755.html

Risk factor : High

CVSS Score:
7.5

Referencia Cruzada: BugTraq ID: 15117
BugTraq ID: 14613
Common Vulnerability Exposure (CVE) ID: CVE-2005-2665
1014745
http://securitytracker.com/id?1014745
14613
http://www.securityfocus.com/bid/14613
15117
http://www.securityfocus.com/bid/15117
16508
http://secunia.com/advisories/16508
16554
http://secunia.com/advisories/16554
17475
http://secunia.com/advisories/17475
20050820 [RETRO AUDITING] Elm remote buffer overflow in Expires header
http://archives.neohapsis.com/archives/fulldisclosure/2005-08/0688.html
20050822 ELM < 2.5.8 Remote Exploit POC
http://marc.info/?l=bugtraq&m=112472951529964&w=2
GLSA-200510-15
http://www.gentoo.org/security/en/glsa/glsa-200510-15.xml
MDKSA-2005:186
http://www.mandriva.com/security/advisories?name=MDKSA-2005:186
RHSA-2005:755
http://www.redhat.com/support/errata/RHSA-2005-755.html
SA-2005.47
http://www.securityfocus.com/advisories/9670
SSA:2005-310-03
http://www.slackware.org/security/viewer.php?l=slackware-security&y=2005&m=slackware-security.423056
SSA:2005-311
http://www.slackware.org/security/viewer.php?l=slackware-security&y=2005&m=slackware-security.419306

Copyright Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.55134
Categoría:	Red Hat Local Security Checks
Título:	RedHat Security Advisory RHSA-2005:755
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory RHSA-2005:755. Elm is a terminal mode email client. A buffer overflow flaw in Elm was discovered that was triggered by viewing a mailbox containing a message with a carefully crafted 'Expires' header. An attacker could create a malicious message that would execute arbitrary code with the privileges of the user who received it. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-2665 to this issue. Users of Elm should update to this updated package, which contains a backported patch that corrects this issue. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2005-755.html Risk factor : High CVSS Score: 7.5
Referencia Cruzada:	BugTraq ID: 15117 BugTraq ID: 14613 Common Vulnerability Exposure (CVE) ID: CVE-2005-2665 1014745 http://securitytracker.com/id?1014745 14613 http://www.securityfocus.com/bid/14613 15117 http://www.securityfocus.com/bid/15117 16508 http://secunia.com/advisories/16508 16554 http://secunia.com/advisories/16554 17475 http://secunia.com/advisories/17475 20050820 [RETRO AUDITING] Elm remote buffer overflow in Expires header http://archives.neohapsis.com/archives/fulldisclosure/2005-08/0688.html 20050822 ELM < 2.5.8 Remote Exploit POC http://marc.info/?l=bugtraq&m=112472951529964&w=2 GLSA-200510-15 http://www.gentoo.org/security/en/glsa/glsa-200510-15.xml MDKSA-2005:186 http://www.mandriva.com/security/advisories?name=MDKSA-2005:186 RHSA-2005:755 http://www.redhat.com/support/errata/RHSA-2005-755.html SA-2005.47 http://www.securityfocus.com/advisories/9670 SSA:2005-310-03 http://www.slackware.org/security/viewer.php?l=slackware-security&y=2005&m=slackware-security.423056 SSA:2005-311 http://www.slackware.org/security/viewer.php?l=slackware-security&y=2005&m=slackware-security.419306
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com