ID de Prueba:	1.3.6.1.4.1.25623.1.0.55568
Categoría:	Red Hat Local Security Checks
Título:	RedHat Security Advisory RHSA-2005:782
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory RHSA-2005:782. The util-linux package contains a large variety of low-level system utilities that are necessary for a Linux system to function. The mount package contains the mount, umount, swapon and swapoff programs. A bug was found in the way the umount command is executed by normal users. It may be possible for a user to gain elevated privileges if the user is able to execute the umount -r command on a mounted file system. The file system will be re-mounted only with the readonly flag set, clearing flags such as nosuid and noexec. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-2876 to this issue. This update also fixes a hardlink bug in the script command for Red Hat Enterprise Linux 2.1. If a local user places a hardlinked file named typescript in a directory they have write access to, the file will be overwritten if the user running script has write permissions to the destination file. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2001-1494 to this issue. All users of util-linux and mount should upgrade to these updated packages, which contain backported patches to correct these issues. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2005-782.html Risk factor : High CVSS Score: 7.2
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2005-2876 101960 http://sunsolve.sun.com/search/document.do?assetkey=1-26-101960-1 14816 http://www.securityfocus.com/bid/14816 16785 http://secunia.com/advisories/16785 16988 http://secunia.com/advisories/16988 17004 http://secunia.com/advisories/17004 17027 http://secunia.com/advisories/17027 17133 http://secunia.com/advisories/17133 17154 http://secunia.com/advisories/17154 18502 http://secunia.com/advisories/18502 19369 http://www.osvdb.org/19369 2005-0049 http://marc.info/?l=bugtraq&m=112690609622266&w=2 20050912 util-linux: unintentional grant of privileges by umount http://marc.info/?l=bugtraq&m=112656096125857&w=2 DSA-823 http://www.debian.org/security/2005/dsa-823 DSA-825 http://www.debian.org/security/2005/dsa-825 FLSA:168326 http://www.securityfocus.com/archive/1/419774/100/0/threaded SUSE-SR:2005:021 http://www.novell.com/linux/security/advisories/2005_21_sr.html USN-184 http://www.ubuntu.com/usn/usn-184-1 http://support.avaya.com/elmodocs2/security/ASA-2006-014.htm oval:org.mitre.oval:def:10921 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10921 utillinux-umount-gain-privileges(22241) https://exchange.xforce.ibmcloud.com/vulnerabilities/22241 Common Vulnerability Exposure (CVE) ID: CVE-2001-1494 BugTraq ID: 16280 http://www.securityfocus.com/bid/16280 Bugtraq: 20011212 Silly 'script' hardlink bug (Google Search) http://seclists.org/bugtraq/2001/Dec/0123.html Bugtraq: 20011213 Silly 'script' hardlink bug - fixed (Google Search) http://seclists.org/bugtraq/2001/Dec/0122.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10723 http://www.redhat.com/support/errata/RHSA-2005-782.html XForce ISS Database: util-linux-script-hardlink(7718) https://exchange.xforce.ibmcloud.com/vulnerabilities/7718
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.