ID de Prueba:	1.3.6.1.4.1.25623.1.0.60713
Categoría:	Red Hat Local Security Checks
Título:	RedHat Security Advisory RHSA-2008:0159
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory RHSA-2008:0159. D-Bus is a system for sending messages between applications. It is used both for the system-wide message bus service, and as a per-user-login-session messaging facility. Havoc Pennington discovered a flaw in the way the dbus-daemon applies its security policy. A user with the ability to connect to the dbus-daemon may be able to execute certain method calls they should normally not have permission to access. (CVE-2008-0595) Red Hat does not ship any applications in Red Hat Enterprise Linux 5 that would allow a user to leverage this flaw to elevate their privileges. This flaw does not affect the version of D-Bus shipped in Red Hat Enterprise Linux 4. All users are advised to upgrade to these updated dbus packages, which contain a backported patch and are not vulnerable to this issue. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2008-0159.html http://www.redhat.com/security/updates/classification/#moderate Risk factor : Medium CVSS Score: 4.6
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2008-0595 BugTraq ID: 28023 http://www.securityfocus.com/bid/28023 Bugtraq: 20080307 rPSA-2008-0099-1 dbus dbus-glib dbus-qt dbus-x11 (Google Search) http://www.securityfocus.com/archive/1/489280/100/0/threaded Debian Security Information: DSA-1599 (Google Search) http://www.debian.org/security/2008/dsa-1599 https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00893.html https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00911.html http://www.mandriva.com/security/advisories?name=MDVSA-2008:054 http://lists.freedesktop.org/archives/dbus/2008-February/009401.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9353 http://www.redhat.com/support/errata/RHSA-2008-0159.html http://securitytracker.com/id?1019512 http://secunia.com/advisories/29148 http://secunia.com/advisories/29160 http://secunia.com/advisories/29171 http://secunia.com/advisories/29173 http://secunia.com/advisories/29281 http://secunia.com/advisories/29323 http://secunia.com/advisories/30869 http://secunia.com/advisories/32281 SuSE Security Announcement: SUSE-SR:2008:006 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00004.html SuSE Security Announcement: openSUSE-SU-2012:1418 (Google Search) http://lists.opensuse.org/opensuse-updates/2012-10/msg00094.html http://www.ubuntu.com/usn/usn-653-1 http://www.vupen.com/english/advisories/2008/0694
Copyright	Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.