Gentoo Local Security Checks : Gentoo Security Advisory GLSA 200702-10 (ufo2000)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.58057

Categoría: Gentoo Local Security Checks

Título: Gentoo Security Advisory GLSA 200702-10 (ufo2000)

Resumen: The remote host is missing updates announced in;advisory GLSA 200702-10.

Descripción: Summary:
The remote host is missing updates announced in
advisory GLSA 200702-10.

Vulnerability Insight:
Multiple vulnerabilities have been found in the network components of
UFO2000 that could result in the remote execution of arbitrary code.

Solution:
UFO2000 currently depends on the dumb-0.9.2 library, which has been removed
from portage due to security problems (GLSA 200608-14). Because of this,
UFO2000 has been masked, and we recommend unmerging the package until the
next beta release can remove the dependency on dumb.

# emerge --ask --verbose --unmerge ufo2000

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2006-3788
Bugtraq: 20060716 Multiple vulnerabilities in UFO2000 svn 1057 (Google Search)
http://www.securityfocus.com/archive/1/440293/100/0/threaded
http://www.gentoo.org/security/en/glsa/glsa-200702-10.xml
http://aluigi.altervista.org/adv/ufo2ko-adv.txt
http://securitytracker.com/id?1016503
http://secunia.com/advisories/21091
http://secunia.com/advisories/24297
http://securityreason.com/securityalert/1259
http://www.vupen.com/english/advisories/2006/2837
XForce ISS Database: ufo2000-recvaddunit-bo(27798)
https://exchange.xforce.ibmcloud.com/vulnerabilities/27798
Common Vulnerability Exposure (CVE) ID: CVE-2006-3789
BugTraq ID: 19035
http://www.securityfocus.com/bid/19035
XForce ISS Database: ufo2000-data-code-execution(27802)
https://exchange.xforce.ibmcloud.com/vulnerabilities/27802
Common Vulnerability Exposure (CVE) ID: CVE-2006-3790
XForce ISS Database: ufo2000-decodestringmap-dos(27800)
https://exchange.xforce.ibmcloud.com/vulnerabilities/27800
Common Vulnerability Exposure (CVE) ID: CVE-2006-3791
Common Vulnerability Exposure (CVE) ID: CVE-2006-3792
BugTraq ID: 19028
http://www.securityfocus.com/bid/19028
XForce ISS Database: ufo2000-serverprotocol-sql-injection(27816)
https://exchange.xforce.ibmcloud.com/vulnerabilities/27816

Copyright Copyright (C) 2008 E-Soft Inc.

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.58057
Categoría:	Gentoo Local Security Checks
Título:	Gentoo Security Advisory GLSA 200702-10 (ufo2000)
Resumen:	The remote host is missing updates announced in;advisory GLSA 200702-10.
Descripción:	Summary: The remote host is missing updates announced in advisory GLSA 200702-10. Vulnerability Insight: Multiple vulnerabilities have been found in the network components of UFO2000 that could result in the remote execution of arbitrary code. Solution: UFO2000 currently depends on the dumb-0.9.2 library, which has been removed from portage due to security problems (GLSA 200608-14). Because of this, UFO2000 has been masked, and we recommend unmerging the package until the next beta release can remove the dependency on dumb. # emerge --ask --verbose --unmerge ufo2000 CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2006-3788 Bugtraq: 20060716 Multiple vulnerabilities in UFO2000 svn 1057 (Google Search) http://www.securityfocus.com/archive/1/440293/100/0/threaded http://www.gentoo.org/security/en/glsa/glsa-200702-10.xml http://aluigi.altervista.org/adv/ufo2ko-adv.txt http://securitytracker.com/id?1016503 http://secunia.com/advisories/21091 http://secunia.com/advisories/24297 http://securityreason.com/securityalert/1259 http://www.vupen.com/english/advisories/2006/2837 XForce ISS Database: ufo2000-recvaddunit-bo(27798) https://exchange.xforce.ibmcloud.com/vulnerabilities/27798 Common Vulnerability Exposure (CVE) ID: CVE-2006-3789 BugTraq ID: 19035 http://www.securityfocus.com/bid/19035 XForce ISS Database: ufo2000-data-code-execution(27802) https://exchange.xforce.ibmcloud.com/vulnerabilities/27802 Common Vulnerability Exposure (CVE) ID: CVE-2006-3790 XForce ISS Database: ufo2000-decodestringmap-dos(27800) https://exchange.xforce.ibmcloud.com/vulnerabilities/27800 Common Vulnerability Exposure (CVE) ID: CVE-2006-3791 Common Vulnerability Exposure (CVE) ID: CVE-2006-3792 BugTraq ID: 19028 http://www.securityfocus.com/bid/19028 XForce ISS Database: ufo2000-serverprotocol-sql-injection(27816) https://exchange.xforce.ibmcloud.com/vulnerabilities/27816
Copyright	Copyright (C) 2008 E-Soft Inc.