Red Hat Local Security Checks : RedHat Security Advisory RHSA-2005:674

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.55527

Categoría: Red Hat Local Security Checks

Título: RedHat Security Advisory RHSA-2005:674

Resumen: NOSUMMARY

Descripción: Description:

The remote host is missing updates announced in
advisory RHSA-2005:674.

Perl is a high-level programming language commonly used for system
administration utilities and Web programming.

Paul Szabo discovered a bug in the way Perl's File::Path::rmtree module
removed directory trees. If a local user has write permissions to a
subdirectory within the tree being removed by File::Path::rmtree, it is
possible for them to create setuid binary files. The Common Vulnerabilities
and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0448
to this issue.

This update also addresses the following issues:

- -- Perl interpreter caused a segmentation fault when environment
changes occurred during runtime.

- -- Code in lib/FindBin contained a regression that caused problems with
MRTG software package.

- -- Perl incorrectly declared it provides an FCGI interface where it in fact
did not.

Users of Perl are advised to upgrade to these updated packages, which
contain backported patches to correct these issues.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2005-674.html

Risk factor : Low

CVSS Score:
1.2

Referencia Cruzada: BugTraq ID: 12767
Common Vulnerability Exposure (CVE) ID: CVE-2005-0448
http://www.securityfocus.com/bid/12767
Conectiva Linux advisory: CLSA-2006:1056
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=001056
Debian Security Information: DSA-696 (Google Search)
http://www.debian.org/security/2005/dsa-696
http://fedoranews.org/updates/FEDORA--.shtml
http://www.gentoo.org/security/en/glsa/glsa-200501-38.xml
HPdes Security Advisory: HPSBUX01208
http://www.securityfocus.com/advisories/8704
HPdes Security Advisory: SSRT5938
http://www.mandriva.com/security/advisories?name=MDKSA-2005:079
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10475
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A728
http://www.redhat.com/support/errata/RHSA-2005-674.html
http://www.redhat.com/support/errata/RHSA-2005-881.html
http://secunia.com/advisories/14531
http://secunia.com/advisories/17079
http://secunia.com/advisories/18075
http://secunia.com/advisories/18517
http://secunia.com/advisories/55314
SGI Security Advisory: 20060101-01-U
ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U
https://usn.ubuntu.com/94-1/

Copyright Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.55527
Categoría:	Red Hat Local Security Checks
Título:	RedHat Security Advisory RHSA-2005:674
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory RHSA-2005:674. Perl is a high-level programming language commonly used for system administration utilities and Web programming. Paul Szabo discovered a bug in the way Perl's File::Path::rmtree module removed directory trees. If a local user has write permissions to a subdirectory within the tree being removed by File::Path::rmtree, it is possible for them to create setuid binary files. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0448 to this issue. This update also addresses the following issues: - -- Perl interpreter caused a segmentation fault when environment changes occurred during runtime. - -- Code in lib/FindBin contained a regression that caused problems with MRTG software package. - -- Perl incorrectly declared it provides an FCGI interface where it in fact did not. Users of Perl are advised to upgrade to these updated packages, which contain backported patches to correct these issues. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2005-674.html Risk factor : Low CVSS Score: 1.2
Referencia Cruzada:	BugTraq ID: 12767 Common Vulnerability Exposure (CVE) ID: CVE-2005-0448 http://www.securityfocus.com/bid/12767 Conectiva Linux advisory: CLSA-2006:1056 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=001056 Debian Security Information: DSA-696 (Google Search) http://www.debian.org/security/2005/dsa-696 http://fedoranews.org/updates/FEDORA--.shtml http://www.gentoo.org/security/en/glsa/glsa-200501-38.xml HPdes Security Advisory: HPSBUX01208 http://www.securityfocus.com/advisories/8704 HPdes Security Advisory: SSRT5938 http://www.mandriva.com/security/advisories?name=MDKSA-2005:079 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10475 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A728 http://www.redhat.com/support/errata/RHSA-2005-674.html http://www.redhat.com/support/errata/RHSA-2005-881.html http://secunia.com/advisories/14531 http://secunia.com/advisories/17079 http://secunia.com/advisories/18075 http://secunia.com/advisories/18517 http://secunia.com/advisories/55314 SGI Security Advisory: 20060101-01-U ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U https://usn.ubuntu.com/94-1/
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com