Gentoo Local Security Checks : Gentoo Security Advisory GLSA 200604-02 (horde)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.56556

Categoría: Gentoo Local Security Checks

Título: Gentoo Security Advisory GLSA 200604-02 (horde)

Resumen: The remote host is missing updates announced in;advisory GLSA 200604-02.

Descripción: Summary:
The remote host is missing updates announced in
advisory GLSA 200604-02.

Vulnerability Insight:
The help viewer of the Horde Framework allows attackers to execute
arbitrary remote code.

Solution:
All Horde Application Framework users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose '>=www-apps/horde-3.1.1'

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2006-1260
BugTraq ID: 17117
http://www.securityfocus.com/bid/17117
Bugtraq: 20060315 CodeScan Advisory: Unauthenticated Arbitrary File Read in Horde v3.09 and prior (Google Search)
http://www.securityfocus.com/archive/1/427710/100/0/threaded
Debian Security Information: DSA-1033 (Google Search)
http://www.debian.org/security/2006/dsa-1033
Debian Security Information: DSA-1034 (Google Search)
http://www.debian.org/security/2006/dsa-1034
http://lists.grok.org.uk/pipermail/full-disclosure/2006-March/043657.html
http://www.gentoo.org/security/en/glsa/glsa-200604-02.xml
http://www.osvdb.org/23918
http://securitytracker.com/id?1015771
http://secunia.com/advisories/19246
http://secunia.com/advisories/19528
http://secunia.com/advisories/19619
http://secunia.com/advisories/19692
http://secunia.com/advisories/19897
http://securityreason.com/securityalert/590
SuSE Security Announcement: SUSE-SR:2006:009 (Google Search)
http://www.novell.com/linux/security/advisories/2006_04_28.html
http://www.vupen.com/english/advisories/2006/0959
XForce ISS Database: horde-servicesgo-information-disclosure(25239)
https://exchange.xforce.ibmcloud.com/vulnerabilities/25239
Common Vulnerability Exposure (CVE) ID: CVE-2006-1491
BugTraq ID: 17292
http://www.securityfocus.com/bid/17292
http://securitytracker.com/id?1015841
http://secunia.com/advisories/19485
http://secunia.com/advisories/19504
SuSE Security Announcement: SUSE-SR:2006:007 (Google Search)
http://www.novell.com/linux/security/advisories/2006_07_sr.html
http://www.attrition.org/pipermail/vim/2006-March/000671.html
http://www.vupen.com/english/advisories/2006/1154
XForce ISS Database: horde-help-viewer-command-execution(25516)
https://exchange.xforce.ibmcloud.com/vulnerabilities/25516

Copyright Copyright (C) 2008 E-Soft Inc.

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.56556
Categoría:	Gentoo Local Security Checks
Título:	Gentoo Security Advisory GLSA 200604-02 (horde)
Resumen:	The remote host is missing updates announced in;advisory GLSA 200604-02.
Descripción:	Summary: The remote host is missing updates announced in advisory GLSA 200604-02. Vulnerability Insight: The help viewer of the Horde Framework allows attackers to execute arbitrary remote code. Solution: All Horde Application Framework users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=www-apps/horde-3.1.1' CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2006-1260 BugTraq ID: 17117 http://www.securityfocus.com/bid/17117 Bugtraq: 20060315 CodeScan Advisory: Unauthenticated Arbitrary File Read in Horde v3.09 and prior (Google Search) http://www.securityfocus.com/archive/1/427710/100/0/threaded Debian Security Information: DSA-1033 (Google Search) http://www.debian.org/security/2006/dsa-1033 Debian Security Information: DSA-1034 (Google Search) http://www.debian.org/security/2006/dsa-1034 http://lists.grok.org.uk/pipermail/full-disclosure/2006-March/043657.html http://www.gentoo.org/security/en/glsa/glsa-200604-02.xml http://www.osvdb.org/23918 http://securitytracker.com/id?1015771 http://secunia.com/advisories/19246 http://secunia.com/advisories/19528 http://secunia.com/advisories/19619 http://secunia.com/advisories/19692 http://secunia.com/advisories/19897 http://securityreason.com/securityalert/590 SuSE Security Announcement: SUSE-SR:2006:009 (Google Search) http://www.novell.com/linux/security/advisories/2006_04_28.html http://www.vupen.com/english/advisories/2006/0959 XForce ISS Database: horde-servicesgo-information-disclosure(25239) https://exchange.xforce.ibmcloud.com/vulnerabilities/25239 Common Vulnerability Exposure (CVE) ID: CVE-2006-1491 BugTraq ID: 17292 http://www.securityfocus.com/bid/17292 http://securitytracker.com/id?1015841 http://secunia.com/advisories/19485 http://secunia.com/advisories/19504 SuSE Security Announcement: SUSE-SR:2006:007 (Google Search) http://www.novell.com/linux/security/advisories/2006_07_sr.html http://www.attrition.org/pipermail/vim/2006-March/000671.html http://www.vupen.com/english/advisories/2006/1154 XForce ISS Database: horde-help-viewer-command-execution(25516) https://exchange.xforce.ibmcloud.com/vulnerabilities/25516
Copyright	Copyright (C) 2008 E-Soft Inc.