Red Hat Local Security Checks : RedHat Security Advisory RHSA-2005:805

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.55735

Categoría: Red Hat Local Security Checks

Título: RedHat Security Advisory RHSA-2005:805

Resumen: NOSUMMARY

Descripción: Description:

The remote host is missing updates announced in
advisory RHSA-2005:805.

PAM (Pluggable Authentication Modules) is a system security tool that
allows system administrators to set an authentication policy without
having to recompile programs that handle authentication.

A bug was found in the way PAM's unix_chkpwd helper program validates user
passwords when SELinux is enabled. Under normal circumstances, it is not
possible for a local non-root user to verify the password of another local
user with the unix_chkpwd command. A patch applied that adds SELinux
functionality makes it possible for a local user to use brute force
password guessing techniques against other local user accounts. The Common
Vulnerabilities and Exposures project has assigned the name CVE-2005-2977 to
this issue.

All users of pam should upgrade to this updated package, which contains
backported patches to correct these issues.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2005-805.html

Risk factor : Medium

CVSS Score:
2.1

Referencia Cruzada: BugTraq ID: 15217
Common Vulnerability Exposure (CVE) ID: CVE-2005-2977
1015111
http://securitytracker.com/id?1015111
15217
http://www.securityfocus.com/bid/15217
17346
http://secunia.com/advisories/17346
17350
http://secunia.com/advisories/17350
17352
http://secunia.com/advisories/17352
17365
http://secunia.com/advisories/17365
ADV-2005-2227
http://www.vupen.com/english/advisories/2005/2227
GLSA-200510-22
http://www.gentoo.org/security/en/glsa/glsa-200510-22.xml
RHSA-2005:805
http://www.redhat.com/support/errata/RHSA-2005-805.html
http://cvs.sourceforge.net/viewcvs.py/pam/Linux-PAM/NEWS?rev=1.6&view=markup
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=168181
oval:org.mitre.oval:def:10193
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10193

Copyright Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.55735
Categoría:	Red Hat Local Security Checks
Título:	RedHat Security Advisory RHSA-2005:805
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory RHSA-2005:805. PAM (Pluggable Authentication Modules) is a system security tool that allows system administrators to set an authentication policy without having to recompile programs that handle authentication. A bug was found in the way PAM's unix_chkpwd helper program validates user passwords when SELinux is enabled. Under normal circumstances, it is not possible for a local non-root user to verify the password of another local user with the unix_chkpwd command. A patch applied that adds SELinux functionality makes it possible for a local user to use brute force password guessing techniques against other local user accounts. The Common Vulnerabilities and Exposures project has assigned the name CVE-2005-2977 to this issue. All users of pam should upgrade to this updated package, which contains backported patches to correct these issues. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2005-805.html Risk factor : Medium CVSS Score: 2.1
Referencia Cruzada:	BugTraq ID: 15217 Common Vulnerability Exposure (CVE) ID: CVE-2005-2977 1015111 http://securitytracker.com/id?1015111 15217 http://www.securityfocus.com/bid/15217 17346 http://secunia.com/advisories/17346 17350 http://secunia.com/advisories/17350 17352 http://secunia.com/advisories/17352 17365 http://secunia.com/advisories/17365 ADV-2005-2227 http://www.vupen.com/english/advisories/2005/2227 GLSA-200510-22 http://www.gentoo.org/security/en/glsa/glsa-200510-22.xml RHSA-2005:805 http://www.redhat.com/support/errata/RHSA-2005-805.html http://cvs.sourceforge.net/viewcvs.py/pam/Linux-PAM/NEWS?rev=1.6&view=markup https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=168181 oval:org.mitre.oval:def:10193 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10193
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com