ID de Prueba:	1.3.6.1.4.1.25623.1.0.57242
Categoría:	Red Hat Local Security Checks
Título:	RedHat Security Advisory RHSA-2006:0612
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory RHSA-2006:0612. Kerberos is a network authentication system which allows clients and servers to authenticate to each other through use of symmetric encryption and a trusted third party, the KDC. A flaw was found where some bundled Kerberos-aware applications would fail to check the result of the setuid() call. On Linux 2.6 kernels, the setuid() call can fail if certain user limits are hit. A local attacker could manipulate their environment in such a way to get the applications to continue to run as root, potentially leading to an escalation of privileges. (CVE-2006-3083). Users are advised to update to these erratum packages which contain a backported fix to correct this issue. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2006-0612.html http://www.redhat.com/security/updates/classification/#important Risk factor : High CVSS Score: 7.2
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2006-3083 BugTraq ID: 19427 http://www.securityfocus.com/bid/19427 Bugtraq: 20060808 MITKRB-SA-2006-001: multiple local privilege escalation vulnerabilities (Google Search) http://www.securityfocus.com/archive/1/442599/100/0/threaded Bugtraq: 20060816 UPDATED: MITKRB5-SA-2006-001: multiple local privilege escalation vulnerabilities (Google Search) http://www.securityfocus.com/archive/1/443498/100/100/threaded CERT/CC vulnerability note: VU#580124 http://www.kb.cert.org/vuls/id/580124 Debian Security Information: DSA-1146 (Google Search) http://www.debian.org/security/2006/dsa-1146 http://www.gentoo.org/security/en/glsa/glsa-200608-15.xml http://security.gentoo.org/glsa/glsa-200608-21.xml http://www.mandriva.com/security/advisories?name=MDKSA-2006:139 http://www.osvdb.org/27869 http://www.osvdb.org/27870 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9515 http://www.redhat.com/support/errata/RHSA-2006-0612.html http://securitytracker.com/id?1016664 http://secunia.com/advisories/21402 http://secunia.com/advisories/21423 http://secunia.com/advisories/21436 http://secunia.com/advisories/21439 http://secunia.com/advisories/21441 http://secunia.com/advisories/21456 http://secunia.com/advisories/21461 http://secunia.com/advisories/21467 http://secunia.com/advisories/21527 http://secunia.com/advisories/21613 http://secunia.com/advisories/21847 http://secunia.com/advisories/22291 SuSE Security Announcement: SUSE-SR:2006:020 (Google Search) http://www.novell.com/linux/security/advisories/2006_20_sr.html SuSE Security Announcement: SUSE-SR:2006:022 (Google Search) http://www.novell.com/linux/security/advisories/2006_22_sr.html http://www.ubuntu.com/usn/usn-334-1 http://www.vupen.com/english/advisories/2006/3225
Copyright	Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.