ID de Prueba:	1.3.6.1.4.1.25623.1.0.56428
Categoría:	Red Hat Local Security Checks
Título:	RedHat Security Advisory RHSA-2006:0264
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory RHSA-2006:0264. Sendmail is a Mail Transport Agent (MTA) used to send mail between machines. A flaw in the handling of asynchronous signals was discovered in Sendmail. A remote attacker may be able to exploit a race condition to execute arbitrary code as root. The Common Vulnerabilities and Exposures project assigned the name CVE-2006-0058 to this issue. By default on Red Hat Enterprise Linux 3 and 4, Sendmail is configured to only accept connections from the local host. Therefore, only users who have configured Sendmail to listen to remote hosts would be able to be remotely exploited by this vulnerability. Users of Sendmail are advised to upgrade to these erratum packages, which contain a backported patch from the Sendmail team to correct this issue. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2006-0264.html http://www.kb.cert.org/vuls/id/834865 Risk factor : High CVSS Score: 7.6
Referencia Cruzada:	BugTraq ID: 17192 Common Vulnerability Exposure (CVE) ID: CVE-2006-0058 AIX APAR: IY82992 http://www-1.ibm.com/support/search.wss?rs=0&q=IY82992&apar=only AIX APAR: IY82993 http://www-1.ibm.com/support/search.wss?rs=0&q=IY82993&apar=only AIX APAR: IY82994 http://www-1.ibm.com/support/search.wss?rs=0&q=IY82994&apar=only http://www.securityfocus.com/bid/17192 Bugtraq: 20060322 sendmail vuln advisories (CVE-2006-0058) (Google Search) http://www.securityfocus.com/archive/1/428536/100/0/threaded Cert/CC Advisory: TA06-081A http://www.us-cert.gov/cas/techalerts/TA06-081A.html CERT/CC vulnerability note: VU#834865 http://www.kb.cert.org/vuls/id/834865 Computer Incident Advisory Center Bulletin: Q-151 http://www.ciac.org/ciac/bulletins/q-151.shtml Debian Security Information: DSA-1015 (Google Search) http://www.debian.org/security/2006/dsa-1015 http://www.redhat.com/archives/fedora-announce-list/2006-April/msg00018.html http://www.redhat.com/archives/fedora-announce-list/2006-April/msg00017.html http://www.securityfocus.com/archive/1/428656/100/0/threaded FreeBSD Security Advisory: FreeBSD-SA-06:13 ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:13.sendmail.asc http://www.gentoo.org/security/en/glsa/glsa-200603-21.xml HPdes Security Advisory: HPSBTU02116 http://itrc.hp.com/service/cki/docDisplay.do?docId=c00692635 HPdes Security Advisory: HPSBUX02108 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c00629555 HPdes Security Advisory: SSRT061133 HPdes Security Advisory: SSRT061135 ISS Security Advisory: 20060322 Sendmail Remote Signal Handling Vulnerability http://www.iss.net/threats/216.html http://www.mandriva.com/security/advisories?name=MDKSA-2006:058 NETBSD Security Advisory: NetBSD-SA2006-010 ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2006-010.txt.asc OpenBSD Security Advisory: [3.8] 006: SECURITY FIX: March 25, 2006 http://www.openbsd.org/errata38.html#sendmail http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.007-sendmail.html http://www.osvdb.org/24037 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11074 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1689 http://www.redhat.com/support/errata/RHSA-2006-0264.html http://www.redhat.com/support/errata/RHSA-2006-0265.html SCO Security Bulletin: SCOSA-2006.24 ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.24/SCOSA-2006.24.txt http://securitytracker.com/id?1015801 http://secunia.com/advisories/19342 http://secunia.com/advisories/19345 http://secunia.com/advisories/19346 http://secunia.com/advisories/19349 http://secunia.com/advisories/19356 http://secunia.com/advisories/19360 http://secunia.com/advisories/19361 http://secunia.com/advisories/19363 http://secunia.com/advisories/19367 http://secunia.com/advisories/19368 http://secunia.com/advisories/19394 http://secunia.com/advisories/19404 http://secunia.com/advisories/19407 http://secunia.com/advisories/19450 http://secunia.com/advisories/19466 http://secunia.com/advisories/19532 http://secunia.com/advisories/19533 http://secunia.com/advisories/19676 http://secunia.com/advisories/19774 http://secunia.com/advisories/20243 http://secunia.com/advisories/20723 SGI Security Advisory: 20060302-01-P ftp://patches.sgi.com/support/free/security/advisories/20060302-01-P SGI Security Advisory: 20060401-01-U ftp://patches.sgi.com/support/free/security/advisories/20060401-01-U http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.619600 http://securityreason.com/securityalert/612 http://securityreason.com/securityalert/743 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102262-1 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102324-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-200494-1 SuSE Security Announcement: SUSE-SA:2006:017 (Google Search) http://www.novell.com/linux/security/advisories/2006_17_sendmail.html http://www.vupen.com/english/advisories/2006/1049 http://www.vupen.com/english/advisories/2006/1051 http://www.vupen.com/english/advisories/2006/1068 http://www.vupen.com/english/advisories/2006/1072 http://www.vupen.com/english/advisories/2006/1139 http://www.vupen.com/english/advisories/2006/1157 http://www.vupen.com/english/advisories/2006/1529 http://www.vupen.com/english/advisories/2006/2189 http://www.vupen.com/english/advisories/2006/2490 XForce ISS Database: smtp-timeout-bo(24584) https://exchange.xforce.ibmcloud.com/vulnerabilities/24584
Copyright	Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.