ID de Prueba:	1.3.6.1.4.1.25623.1.0.58241
Categoría:	Red Hat Local Security Checks
Título:	RedHat Security Advisory RHSA-2007:0276
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory RHSA-2007:0276. The shadow-utils package includes the necessary programs for converting UNIX password files to the shadow password format, as well as programs for managing user and group accounts. A flaw was found in the useradd tool in shadow-utils. A new user's mailbox, when created, could have random permissions for a short period. This could allow a local attacker to read or modify the mailbox. (CVE-2006-1174) This update also fixes the following bugs: * shadow-utils debuginfo package was empty. * faillog was unusable on 64-bit systems. It checked every UID from 0 to the max UID, which was an excessively large number on 64-bit systems. * typo bug in login.defs file All users of shadow-utils are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2007-0276.html http://www.redhat.com/security/updates/classification/#low Risk factor : Medium CVSS Score: 3.7
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2006-1174 BugTraq ID: 18111 http://www.securityfocus.com/bid/18111 Bugtraq: 20070511 rPSA-2007-0096-1 shadow (Google Search) http://www.securityfocus.com/archive/1/468336/100/0/threaded CERT/CC vulnerability note: VU#312692 http://www.kb.cert.org/vuls/id/312692 http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.html http://www.gentoo.org/security/en/glsa/glsa-200606-02.xml http://www.mandriva.com/security/advisories?name=MDKSA-2006:090 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10807 http://www.redhat.com/support/errata/RHSA-2007-0276.html http://www.redhat.com/support/errata/RHSA-2007-0431.html http://www.securitytracker.com/id?1018221 http://secunia.com/advisories/20370 http://secunia.com/advisories/20506 http://secunia.com/advisories/25098 http://secunia.com/advisories/25267 http://secunia.com/advisories/25629 http://secunia.com/advisories/25894 http://secunia.com/advisories/25896 http://secunia.com/advisories/26909 http://secunia.com/advisories/27706 SGI Security Advisory: 20070602-01-P ftp://patches.sgi.com/support/free/security/advisories/20070602-01-P.asc http://www.vupen.com/english/advisories/2006/2006 http://www.vupen.com/english/advisories/2007/3229 XForce ISS Database: shadow-utils-useradd-file-permission(26958) https://exchange.xforce.ibmcloud.com/vulnerabilities/26958
Copyright	Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.