Mandrake Local Security Checks : Mandrake Security Advisory MDVSA-2008:084 (rsync)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.60842

Categoría: Mandrake Local Security Checks

Título: Mandrake Security Advisory MDVSA-2008:084 (rsync)

Resumen: NOSUMMARY

Descripción: Description:

The remote host is missing an update to rsync
announced via advisory MDVSA-2008:084.

Sebastian Krahmer of SUSE discovered that rsync could overflow when
handling ACLs. An attakcer could construct a malicious set of files
that, when processed, could lead to arbitrary code execution or a crash
(CVE-2008-1720).

The updated packages have been patched to correct this issue.

Affected: 2007.0, 2007.1, 2008.0, 2008.1, Corporate 3.0, Corporate 4.0

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

http://www.securityspace.com/smysecure/catid.html?in=MDVSA-2008:084

Risk factor : High

CVSS Score:
7.5

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2008-1720
1019835
http://www.securitytracker.com/id?1019835
28726
http://www.securityfocus.com/bid/28726
29668
http://secunia.com/advisories/29668
29770
http://secunia.com/advisories/29770
29777
http://secunia.com/advisories/29777
29781
http://secunia.com/advisories/29781
29788
http://secunia.com/advisories/29788
29856
http://secunia.com/advisories/29856
29861
http://secunia.com/advisories/29861
44368
http://www.osvdb.org/44368
44369
http://www.osvdb.org/44369
ADV-2008-1191
http://www.vupen.com/english/advisories/2008/1191/references
ADV-2008-1215
http://www.vupen.com/english/advisories/2008/1215/references
DSA-1545
http://www.debian.org/security/2008/dsa-1545
FEDORA-2008-3047
https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00237.html
FEDORA-2008-3060
https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00247.html
GLSA-200804-16
http://security.gentoo.org/glsa/glsa-200804-16.xml
HPSBMA02447
http://marc.info/?l=bugtraq&m=125017764422557&w=2
MDVSA-2008:084
http://www.mandriva.com/security/advisories?name=MDVSA-2008:084
SSRT090062
SUSE-SR:2008:011
http://lists.opensuse.org/opensuse-security-announce/2008-05/msg00000.html
USN-600-1
https://usn.ubuntu.com/600-1/
[rsync-announce] 20080408 Rsync 3.0.2 released w/xattr security fix (attn: 2.6.9 onward)
http://www.mail-archive.com/rsync-announce%40lists.samba.org/msg00057.html
http://rsync.samba.org/ftp/rsync/security/rsync-3.0.1-xattr-alloc.diff
http://samba.anu.edu.au/rsync/security.html#s3_0_2
http://sourceforge.net/project/shownotes.php?release_id=591462&group_id=69227
rsync-xattr-bo(41766)
https://exchange.xforce.ibmcloud.com/vulnerabilities/41766

Copyright Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.60842
Categoría:	Mandrake Local Security Checks
Título:	Mandrake Security Advisory MDVSA-2008:084 (rsync)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to rsync announced via advisory MDVSA-2008:084. Sebastian Krahmer of SUSE discovered that rsync could overflow when handling ACLs. An attakcer could construct a malicious set of files that, when processed, could lead to arbitrary code execution or a crash (CVE-2008-1720). The updated packages have been patched to correct this issue. Affected: 2007.0, 2007.1, 2008.0, 2008.1, Corporate 3.0, Corporate 4.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. http://www.securityspace.com/smysecure/catid.html?in=MDVSA-2008:084 Risk factor : High CVSS Score: 7.5
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2008-1720 1019835 http://www.securitytracker.com/id?1019835 28726 http://www.securityfocus.com/bid/28726 29668 http://secunia.com/advisories/29668 29770 http://secunia.com/advisories/29770 29777 http://secunia.com/advisories/29777 29781 http://secunia.com/advisories/29781 29788 http://secunia.com/advisories/29788 29856 http://secunia.com/advisories/29856 29861 http://secunia.com/advisories/29861 44368 http://www.osvdb.org/44368 44369 http://www.osvdb.org/44369 ADV-2008-1191 http://www.vupen.com/english/advisories/2008/1191/references ADV-2008-1215 http://www.vupen.com/english/advisories/2008/1215/references DSA-1545 http://www.debian.org/security/2008/dsa-1545 FEDORA-2008-3047 https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00237.html FEDORA-2008-3060 https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00247.html GLSA-200804-16 http://security.gentoo.org/glsa/glsa-200804-16.xml HPSBMA02447 http://marc.info/?l=bugtraq&m=125017764422557&w=2 MDVSA-2008:084 http://www.mandriva.com/security/advisories?name=MDVSA-2008:084 SSRT090062 SUSE-SR:2008:011 http://lists.opensuse.org/opensuse-security-announce/2008-05/msg00000.html USN-600-1 https://usn.ubuntu.com/600-1/ [rsync-announce] 20080408 Rsync 3.0.2 released w/xattr security fix (attn: 2.6.9 onward) http://www.mail-archive.com/rsync-announce%40lists.samba.org/msg00057.html http://rsync.samba.org/ftp/rsync/security/rsync-3.0.1-xattr-alloc.diff http://samba.anu.edu.au/rsync/security.html#s3_0_2 http://sourceforge.net/project/shownotes.php?release_id=591462&group_id=69227 rsync-xattr-bo(41766) https://exchange.xforce.ibmcloud.com/vulnerabilities/41766
Copyright	Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com