 |
Inicial ▼ Bookkeeping
Online ▼ Auditorias ▼
DNS
Administrado ▼
Acerca de DNS
Ordenar/Renovar
Preguntas Frecuentes
AUP
Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password Monitoreo
de Redes ▼
Enterprise
Avanzado
Estándarr
Prueba
Preguntas Frecuentes
Resumen de Precio/Funciones
Ordenar
Muestras
Configure/Status Alert Profiles | ||
| ID de Prueba: | 1.3.6.1.4.1.25623.1.0.56063 |
| Categoría: | Red Hat Local Security Checks |
| Título: | RedHat Security Advisory RHSA-2006:0164 |
| Resumen: | NOSUMMARY |
| Descripción: | Description: The remote host is missing updates announced in advisory RHSA-2006:0164. The mod_auth_pgsql package is an httpd module that allows user authentication against information stored in a PostgreSQL database. Several format string flaws were found in the way mod_auth_pgsql logs information. It may be possible for a remote attacker to execute arbitrary code as the 'apache' user if mod_auth_pgsql is used for user authentication. The Common Vulnerabilities and Exposures project assigned the name CVE-2005-3656 to this issue. Please note that this issue only affects servers which have mod_auth_pgsql installed and configured to perform user authentication against a PostgreSQL database. All users of mod_auth_pgsql should upgrade to these updated packages, which contain a backported patch to resolve this issue. This issue does not affect the mod_auth_pgsql package supplied with Red Hat Enterprise Linux 2.1. Red Hat would like to thank iDefense for reporting this issue. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2006-0164.html Risk factor : Critical CVSS Score: 10.0 |
| Referencia Cruzada: |
BugTraq ID: 16153 Common Vulnerability Exposure (CVE) ID: CVE-2005-3656 http://www.securityfocus.com/bid/16153 Debian Security Information: DSA-935 (Google Search) http://www.debian.de/security/2006/dsa-935 http://www.gentoo.org/security/en/glsa/glsa-200601-05.xml http://www.idefense.com/intelligence/vulnerabilities/display.php?id=367 http://www.mandriva.com/security/advisories?name=MDKSA-2006:009 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10600 http://www.redhat.com/support/errata/RHSA-2006-0164.html http://securitytracker.com/id?1015446 http://secunia.com/advisories/18304 http://secunia.com/advisories/18321 http://secunia.com/advisories/18347 http://secunia.com/advisories/18348 http://secunia.com/advisories/18350 http://secunia.com/advisories/18397 http://secunia.com/advisories/18403 http://secunia.com/advisories/18463 http://secunia.com/advisories/18517 SGI Security Advisory: 20060101-01-U ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U http://www.trustix.org/errata/2006/0002/ https://usn.ubuntu.com/239-1/ http://www.vupen.com/english/advisories/2006/0070 |
| Copyright | Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com |
| Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora. |