ID de Prueba:	1.3.6.1.4.1.25623.1.0.58912
Categoría:	Red Hat Local Security Checks
Título:	RedHat Security Advisory RHSA-2007:0386
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory RHSA-2007:0386. Mutt is a text-mode mail user agent. A flaw was found in the way Mutt used temporary files on NFS file systems. Due to an implementation issue in the NFS protocol, Mutt was not able to exclusively open a new file. A local attacker could conduct a time-dependent attack and possibly gain access to e-mail attachments opened by a victim. (CVE-2006-5297) A flaw was found in the way Mutt processed certain APOP authentication requests. By sending certain responses when mutt attempted to authenticate against an APOP server, a remote attacker could potentially acquire certain portions of a user's authentication credentials. (CVE-2007-1558) A flaw was found in the way Mutt handled certain characters in gecos fields which could lead to a buffer overflow. The gecos field is an entry in the password database typically used to record general information about the user. A local attacker could give themselves a carefully crafted Real Name which could execute arbitrary code if a victim uses Mutt and expands the attackers alias. (CVE-2007-2683) All users of mutt should upgrade to this updated package, which contains a backported patches to correct these issues. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2007-0386.html http://www.redhat.com/security/updates/classification/#moderate Risk factor : Medium CVSS Score: 3.5
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2006-5297 BugTraq ID: 20733 http://www.securityfocus.com/bid/20733 http://www.mandriva.com/security/advisories?name=MDKSA-2006:190 http://marc.info/?l=mutt-dev&m=115999486426292&w=2 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10601 http://www.redhat.com/support/errata/RHSA-2007-0386.html http://secunia.com/advisories/22613 http://secunia.com/advisories/22640 http://secunia.com/advisories/22685 http://secunia.com/advisories/22686 http://secunia.com/advisories/25529 http://www.trustix.org/errata/2006/0061/ http://www.ubuntu.com/usn/usn-373-1 http://www.vupen.com/english/advisories/2006/4176 Common Vulnerability Exposure (CVE) ID: CVE-2007-1558 http://lists.apple.com/archives/security-announce/2007/May/msg00004.html BugTraq ID: 23257 http://www.securityfocus.com/bid/23257 Bugtraq: 20070402 APOP vulnerability (Google Search) http://www.securityfocus.com/archive/1/464477/30/0/threaded Bugtraq: 20070403 Re: APOP vulnerability (Google Search) http://www.securityfocus.com/archive/1/464569/100/0/threaded Bugtraq: 20070531 FLEA-2007-0023-1: firefox (Google Search) http://www.securityfocus.com/archive/1/470172/100/200/threaded Bugtraq: 20070615 rPSA-2007-0122-1 evolution-data-server (Google Search) http://www.securityfocus.com/archive/1/471455/100/0/threaded Bugtraq: 20070619 FLEA-2007-0026-1: evolution-data-server (Google Search) http://www.securityfocus.com/archive/1/471720/100/0/threaded Bugtraq: 20070620 FLEA-2007-0027-1: thunderbird (Google Search) http://www.securityfocus.com/archive/1/471842/100/0/threaded Cert/CC Advisory: TA07-151A http://www.us-cert.gov/cas/techalerts/TA07-151A.html Debian Security Information: DSA-1300 (Google Search) http://www.debian.org/security/2007/dsa-1300 Debian Security Information: DSA-1305 (Google Search) http://www.debian.org/security/2007/dsa-1305 http://security.gentoo.org/glsa/glsa-200706-06.xml HPdes Security Advisory: HPSBUX02153 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742 HPdes Security Advisory: HPSBUX02156 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00774579 HPdes Security Advisory: SSRT061181 HPdes Security Advisory: SSRT061236 http://www.mandriva.com/security/advisories?name=MDKSA-2007:105 http://www.mandriva.com/security/advisories?name=MDKSA-2007:107 http://www.mandriva.com/security/advisories?name=MDKSA-2007:113 http://www.mandriva.com/security/advisories?name=MDKSA-2007:119 http://www.mandriva.com/security/advisories?name=MDKSA-2007:131 http://mail.gnome.org/archives/balsa-list/2007-July/msg00000.html http://www.openwall.com/lists/oss-security/2009/08/15/1 http://www.openwall.com/lists/oss-security/2009/08/18/1 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9782 http://www.redhat.com/support/errata/RHSA-2007-0344.html http://www.redhat.com/support/errata/RHSA-2007-0353.html http://www.redhat.com/support/errata/RHSA-2007-0385.html http://www.redhat.com/support/errata/RHSA-2007-0401.html http://www.redhat.com/support/errata/RHSA-2007-0402.html http://www.redhat.com/support/errata/RHSA-2009-1140.html http://www.securitytracker.com/id?1018008 http://secunia.com/advisories/25353 http://secunia.com/advisories/25402 http://secunia.com/advisories/25476 http://secunia.com/advisories/25496 http://secunia.com/advisories/25534 http://secunia.com/advisories/25546 http://secunia.com/advisories/25559 http://secunia.com/advisories/25664 http://secunia.com/advisories/25750 http://secunia.com/advisories/25798 http://secunia.com/advisories/25858 http://secunia.com/advisories/25894 http://secunia.com/advisories/26083 http://secunia.com/advisories/26415 http://secunia.com/advisories/35699 SGI Security Advisory: 20070602-01-P ftp://patches.sgi.com/support/free/security/advisories/20070602-01-P.asc http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.571857 SuSE Security Announcement: SUSE-SA:2007:036 (Google Search) http://www.novell.com/linux/security/advisories/2007_36_mozilla.html SuSE Security Announcement: SUSE-SR:2007:014 (Google Search) http://www.novell.com/linux/security/advisories/2007_14_sr.html http://www.trustix.org/errata/2007/0019/ http://www.trustix.org/errata/2007/0024/ http://www.ubuntu.com/usn/usn-469-1 http://www.ubuntu.com/usn/usn-520-1 http://www.vupen.com/english/advisories/2007/1466 http://www.vupen.com/english/advisories/2007/1467 http://www.vupen.com/english/advisories/2007/1468 http://www.vupen.com/english/advisories/2007/1480 http://www.vupen.com/english/advisories/2007/1939 http://www.vupen.com/english/advisories/2007/1994 http://www.vupen.com/english/advisories/2007/2788 http://www.vupen.com/english/advisories/2008/0082 Common Vulnerability Exposure (CVE) ID: CVE-2007-2683 BugTraq ID: 24192 http://www.securityfocus.com/bid/24192 http://dev.mutt.org/trac/ticket/2885 http://osvdb.org/34973 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10543 http://www.securitytracker.com/id?1018066 http://secunia.com/advisories/25408 http://secunia.com/advisories/25515 XForce ISS Database: mutt-gecos-bo(34441) https://exchange.xforce.ibmcloud.com/vulnerabilities/34441
Copyright	Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.