ID de Prueba:	1.3.6.1.4.1.25623.1.0.57051
Categoría:	Ubuntu Local Security Checks
Título:	Ubuntu USN-301-1 (kdebase)
Resumen:	Ubuntu USN-301-1 (kdebase)
Descripción:	The remote host is missing an update to kdebase announced via advisory USN-301-1. A security issue affects the following Ubuntu releases: Ubuntu 5.04 Ubuntu 5.10 Ubuntu 6.06 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. Ludwig Nussel discovered that kdm managed the ~ /.dmrc file in an insecure way. By performing a symlink attack, a local user could exploit this to read arbitrary files on the system, like private files of other users, /etc/shadow, and similarly sensitive data. Solution: The problem can be corrected by upgrading your system to the following package versions: Ubuntu 5.04: kdm 4:3.4.0-0ubuntu18.3 Ubuntu 5.10: kdm 4:3.4.3-0ubuntu7 Ubuntu 6.06 LTS: kdm 4:3.5.2-0ubuntu27 In general, a standard system upgrade is sufficient to effect the necessary changes. http://www.securityspace.com/smysecure/catid.html?in=USN-301-1 Risk factor : Medium
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2006-2449 Bugtraq: 20060614 [KDE Security Advisory] KDM symlink attack vulnerability (Google Search) http://www.securityfocus.com/archive/1/archive/1/437133/100/0/threaded Bugtraq: 20060615 rPSA-2006-0106-1 kdebase (Google Search) http://www.securityfocus.com/archive/1/archive/1/437322/100/0/threaded Debian Security Information: DSA-1156 (Google Search) http://www.debian.org/security/2006/dsa-1156 http://www.gentoo.org/security/en/glsa/glsa-200606-23.xml http://www.mandriva.com/security/advisories?name=MDKSA-2006:105 http://www.mandriva.com/security/advisories?name=MDKSA-2006:106 http://www.redhat.com/support/errata/RHSA-2006-0548.html http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.444467 SuSE Security Announcement: SUSE-SA:2006:039 (Google Search) http://www.novell.com/linux/security/advisories/2006_39_kdm.html http://www.ubuntulinux.org/support/documentation/usn/usn-301-1 BugTraq ID: 18431 http://www.securityfocus.com/bid/18431 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9844 http://www.vupen.com/english/advisories/2006/2355 http://www.osvdb.org/26511 http://securitytracker.com/id?1016297 http://secunia.com/advisories/20602 http://secunia.com/advisories/20660 http://secunia.com/advisories/20674 http://secunia.com/advisories/20702 http://secunia.com/advisories/20785 http://secunia.com/advisories/20869 http://secunia.com/advisories/20890 http://secunia.com/advisories/21662 XForce ISS Database: kde-kdm-symlink(27181) http://xforce.iss.net/xforce/xfdb/27181
Copyright	Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 32582 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

Registro de Nuevo Usuario Email: Usuario: Contraseña: Envíeme por email sus boletines mensuales, informándome los últimos servicios, mejoras y encuestas. Por favor envíeme por email un anuncio de prueba de vulnerabilidades siempre que se agregue una nueva prueba.     Privacidad

Ingreso de Usuario Registrado   Usuario:     Contraseña:     ¿Olvidó su usuario o contraseña?? Email/ID de Usario: