 |
Inicial ▼ Bookkeeping
Online ▼ Auditorias ▼
DNS
Administrado ▼
Acerca de DNS
Ordenar/Renovar
Preguntas Frecuentes
AUP
Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password Monitoreo
de Redes ▼
Enterprise
Avanzado
Estándarr
Prueba
Preguntas Frecuentes
Resumen de Precio/Funciones
Ordenar
Muestras
Configure/Status Alert Profiles | ||
| ID de Prueba: | 1.3.6.1.4.1.25623.1.0.57034 |
| Categoría: | Slackware Local Security Checks |
| Título: | Slackware: Security Advisory (SSA:2006-178-03) |
| Resumen: | The remote host is missing an update for the 'arts' package(s) announced via the SSA:2006-178-03 advisory. |
| Descripción: | Summary: The remote host is missing an update for the 'arts' package(s) announced via the SSA:2006-178-03 advisory. Vulnerability Insight: New aRts packages are available for Slackware 10.0, 10.1, 10.2, and -current to fix a possible security issue with artswrapper. The artswrapper program and the artsd daemon can be used to gain root privileges if artswrapper is setuid root and the system is running a 2.6.x kernel. Note that artswrapper is not setuid root on Slackware by default. Some people have recommended setting it that way online though, so it's at least worth warning about. It's far safer to just add users to the audio group. The official KDE security advisory may be found here: [link moved to references] More details about this issue may be found in the Common Vulnerabilities and Exposures (CVE) database: [link moved to references] Here are the details from the Slackware 10.2 ChangeLog: +--------------------------+ patches/packages/arts-1.4.2-i486-2_slack10.2.tgz: Patched to fix a possible exploit if artswrapper is setuid root (which, by default, it is not) and the system is running a 2.6 kernel. Systems running 2.4 kernels are not affected. The official KDE security advisory may be found here: [link moved to references] The CVE entry for this issue may be found here: [link moved to references] (* Security fix *) +--------------------------+ Affected Software/OS: 'arts' package(s) on Slackware 10.0, Slackware 10.1, Slackware 10.2, Slackware current. Solution: Please install the updated package(s). CVSS Score: 6.0 CVSS Vector: AV:L/AC:H/Au:S/C:C/I:C/A:C |
| Referencia Cruzada: |
Common Vulnerability Exposure (CVE) ID: CVE-2006-2916 BugTraq ID: 18429 http://www.securityfocus.com/bid/18429 BugTraq ID: 23697 http://www.securityfocus.com/bid/23697 Bugtraq: 20060615 rPSA-2006-0105-1 arts (Google Search) http://www.securityfocus.com/archive/1/437362/100/0/threaded http://www.gentoo.org/security/en/glsa/glsa-200606-22.xml http://security.gentoo.org/glsa/glsa-200704-22.xml http://www.mandriva.com/security/advisories?name=MDKSA-2006:107 http://mail.gnome.org/archives/beast/2006-December/msg00025.html http://www.osvdb.org/26506 http://securitytracker.com/id?1016298 http://secunia.com/advisories/20677 http://secunia.com/advisories/20786 http://secunia.com/advisories/20827 http://secunia.com/advisories/20868 http://secunia.com/advisories/20899 http://secunia.com/advisories/25032 http://secunia.com/advisories/25059 http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.468256 SuSE Security Announcement: SUSE-SR:2006:015 (Google Search) http://www.novell.com/linux/security/advisories/2006_38_security.html http://www.vupen.com/english/advisories/2006/2357 http://www.vupen.com/english/advisories/2007/0409 XForce ISS Database: arts-artwrapper-privilege-escalation(27221) https://exchange.xforce.ibmcloud.com/vulnerabilities/27221 |
| Copyright | Copyright (C) 2012 Greenbone AG |
| Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora. |