Red Hat Local Security Checks : RedHat Security Advisory RHSA-2006:0179

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.56083

Categoría: Red Hat Local Security Checks

Título: RedHat Security Advisory RHSA-2006:0179

Resumen: NOSUMMARY

Descripción: Description:

The remote host is missing updates announced in
advisory RHSA-2006:0179.

The auth_ldap package is an httpd module that allows user authentication
against information stored in an LDAP database.

A format string flaw was found in the way auth_ldap logs information. It
may be possible for a remote attacker to execute arbitrary code as the
'apache' user if auth_ldap is used for user authentication. The Common
Vulnerabilities and Exposures project assigned the name CVE-2006-0150
to this issue.

Note that this issue only affects servers that have auth_ldap installed and
configured to perform user authentication against an LDAP database.

All users of auth_ldap should upgrade to this updated package, which
contains a backported patch to resolve this issue.

This issue does not affect the Red Hat Enterprise Linux 3 or 4
distributions as they do not include the auth_ldap package.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2006-0179.html

Risk factor : High

CVSS Score:
7.5

Referencia Cruzada: BugTraq ID: 16177
Common Vulnerability Exposure (CVE) ID: CVE-2006-0150
http://www.securityfocus.com/bid/16177
Bugtraq: 20060109 Digital Armaments Security Advisory 01.09.2006: Apache auth_ldap module Multiple Format Strings Vulnerability (Google Search)
http://www.securityfocus.com/archive/1/421286/100/0/threaded
Debian Security Information: DSA-952 (Google Search)
http://www.debian.org/security/2006/dsa-952
http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:017
http://www.digitalarmaments.com/2006090173928420.html
http://www.redhat.com/support/errata/RHSA-2006-0179.html
http://securitytracker.com/id?1015456
http://secunia.com/advisories/18382
http://secunia.com/advisories/18405
http://secunia.com/advisories/18412
http://secunia.com/advisories/18568
http://www.vupen.com/english/advisories/2006/0117
XForce ISS Database: apache-authldap-format-string(24030)
https://exchange.xforce.ibmcloud.com/vulnerabilities/24030

Copyright Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.56083
Categoría:	Red Hat Local Security Checks
Título:	RedHat Security Advisory RHSA-2006:0179
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory RHSA-2006:0179. The auth_ldap package is an httpd module that allows user authentication against information stored in an LDAP database. A format string flaw was found in the way auth_ldap logs information. It may be possible for a remote attacker to execute arbitrary code as the 'apache' user if auth_ldap is used for user authentication. The Common Vulnerabilities and Exposures project assigned the name CVE-2006-0150 to this issue. Note that this issue only affects servers that have auth_ldap installed and configured to perform user authentication against an LDAP database. All users of auth_ldap should upgrade to this updated package, which contains a backported patch to resolve this issue. This issue does not affect the Red Hat Enterprise Linux 3 or 4 distributions as they do not include the auth_ldap package. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2006-0179.html Risk factor : High CVSS Score: 7.5
Referencia Cruzada:	BugTraq ID: 16177 Common Vulnerability Exposure (CVE) ID: CVE-2006-0150 http://www.securityfocus.com/bid/16177 Bugtraq: 20060109 Digital Armaments Security Advisory 01.09.2006: Apache auth_ldap module Multiple Format Strings Vulnerability (Google Search) http://www.securityfocus.com/archive/1/421286/100/0/threaded Debian Security Information: DSA-952 (Google Search) http://www.debian.org/security/2006/dsa-952 http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:017 http://www.digitalarmaments.com/2006090173928420.html http://www.redhat.com/support/errata/RHSA-2006-0179.html http://securitytracker.com/id?1015456 http://secunia.com/advisories/18382 http://secunia.com/advisories/18405 http://secunia.com/advisories/18412 http://secunia.com/advisories/18568 http://www.vupen.com/english/advisories/2006/0117 XForce ISS Database: apache-authldap-format-string(24030) https://exchange.xforce.ibmcloud.com/vulnerabilities/24030
Copyright	Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com