ID de Prueba:	1.3.6.1.4.1.25623.1.0.63997
Categoría:	Slackware Local Security Checks
Título:	Slackware: Security Advisory (SSA:2009-134-01)
Resumen:	The remote host is missing an update for the 'cyrus-sasl' package(s) announced via the SSA:2009-134-01 advisory.
Descripción:	Summary: The remote host is missing an update for the 'cyrus-sasl' package(s) announced via the SSA:2009-134-01 advisory. Vulnerability Insight: New cyrus-sasl packages are available for Slackware 10.2, 11.0, 12.0, 12.1, 12.2, and -current to fix a security issue. A buffer overflow in the sasl_encode64() function could lead to a denial of service or possible execution of arbitrary code. More details about this issue may be found in the Common Vulnerabilities and Exposures (CVE) database: [link moved to references] Here are the details from the Slackware 12.2 ChangeLog: +--------------------------+ patches/packages/cyrus-sasl-2.1.23-i486-1_slack12.2.tgz: Upgraded to cyrus-sasl-2.1.23. This fixes a buffer overflow in the sasl_encode64() function that could lead to crashes or the execution of arbitrary code. For more information, see: [link moved to references] (* Security fix *) +--------------------------+ Affected Software/OS: 'cyrus-sasl' package(s) on Slackware 10.2, Slackware 11.0, Slackware 12.0, Slackware 12.1, Slackware 12.2, Slackware current. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2009-0688 http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html BugTraq ID: 34961 http://www.securityfocus.com/bid/34961 Cert/CC Advisory: TA10-103B http://www.us-cert.gov/cas/techalerts/TA10-103B.html CERT/CC vulnerability note: VU#238019 http://www.kb.cert.org/vuls/id/238019 Debian Security Information: DSA-1807 (Google Search) http://www.debian.org/security/2009/dsa-1807 http://security.gentoo.org/glsa/glsa-200907-09.xml http://www.mandriva.com/security/advisories?name=MDVSA-2009:113 http://osvdb.org/54514 http://osvdb.org/54515 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10687 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6136 http://www.redhat.com/support/errata/RHSA-2009-1116.html http://www.securitytracker.com/id?1022231 http://secunia.com/advisories/35094 http://secunia.com/advisories/35097 http://secunia.com/advisories/35102 http://secunia.com/advisories/35206 http://secunia.com/advisories/35239 http://secunia.com/advisories/35321 http://secunia.com/advisories/35416 http://secunia.com/advisories/35497 http://secunia.com/advisories/35746 http://secunia.com/advisories/39428 http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.448834 http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020755.1-1 http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021699.1-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-259148-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-264248-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-273910-1 SuSE Security Announcement: SUSE-SR:2009:011 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html http://www.ubuntu.com/usn/usn-790-1 http://www.vupen.com/english/advisories/2009/1313 http://www.vupen.com/english/advisories/2009/2012 XForce ISS Database: solaris-sasl-saslencode64-bo(50554) https://exchange.xforce.ibmcloud.com/vulnerabilities/50554
Copyright	Copyright (C) 2012 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.