 |
Inicial ▼ Bookkeeping
Online ▼ Auditorias ▼
DNS
Administrado ▼
Acerca de DNS
Ordenar/Renovar
Preguntas Frecuentes
AUP
Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password Monitoreo
de Redes ▼
Enterprise
Avanzado
Estándarr
Prueba
Preguntas Frecuentes
Resumen de Precio/Funciones
Ordenar
Muestras
Configure/Status Alert Profiles | ||
| ID de Prueba: | 1.3.6.1.4.1.25623.1.0.57875 |
| Categoría: | Gentoo Local Security Checks |
| Título: | Gentoo Security Advisory GLSA 200608-25 (xorg-x11, xorg-server, xtrans, xload, xinit, xterm, xf86dga, xdm, libX11) |
| Resumen: | The remote host is missing updates announced in;advisory GLSA 200608-25. |
| Descripción: | Summary: The remote host is missing updates announced in advisory GLSA 200608-25. Vulnerability Insight: X.org, libX11, xdm, xf86dga, xinit, xload, xtrans, and xterm are vulnerable to local privilege escalations because of unchecked setuid() calls. Solution: All X.Org xdm users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=x11-apps/xdm-1.0.4-r1' All X.Org xinit users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=x11-apps/xinit-1.0.2-r6' All X.Org xload users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=x11-apps/xload-1.0.1-r1' All X.Org xf86dga users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=x11-apps/xf86dga-1.0.1-r1' All X.Org users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=x11-base/xorg-x11-6.9.0-r2' All X.Org X servers users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=x11-base/xorg-server-1.1.0-r1' All X.Org X11 library users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=x11-libs/libx11-1.0.1-r1' All X.Org xtrans library users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=x11-libs/xtrans-1.0.1-r1' All xterm users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=x11-terms/xterm-215' All users of the X11R6 libraries for emulation of 32bit x86 on amd64 should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=app-emulation/emul-linux-x86-xlibs-7.0-r2' Please note that the fixed packages have been available for most architectures since June 30th but the GLSA release was held up waiting for the remaining architectures. CVSS Score: 7.2 CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C |
| Referencia Cruzada: |
Common Vulnerability Exposure (CVE) ID: CVE-2006-4447 BugTraq ID: 19742 http://www.securityfocus.com/bid/19742 BugTraq ID: 23697 http://www.securityfocus.com/bid/23697 CERT/CC vulnerability note: VU#300368 http://www.kb.cert.org/vuls/id/300368 Debian Security Information: DSA-1193 (Google Search) http://www.debian.org/security/2006/dsa-1193 http://security.gentoo.org/glsa/glsa-200608-25.xml http://security.gentoo.org/glsa/glsa-200704-22.xml http://www.mandriva.com/security/advisories?name=MDKSA-2006:160 http://mail.gnome.org/archives/beast/2006-December/msg00025.html http://lists.freedesktop.org/archives/xorg/2006-June/016146.html http://secunia.com/advisories/21650 http://secunia.com/advisories/21660 http://secunia.com/advisories/21693 http://secunia.com/advisories/22332 http://secunia.com/advisories/25032 http://secunia.com/advisories/25059 http://www.vupen.com/english/advisories/2006/3409 http://www.vupen.com/english/advisories/2007/0409 |
| Copyright | Copyright (C) 2008 E-Soft Inc. |
| Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora. |