ID de Prueba:	1.3.6.1.4.1.25623.1.0.64996
Categoría:	Mandrake Local Security Checks
Título:	Mandrake Security Advisory MDVSA-2009:253 (backuppc)
Resumen:	The remote host is missing an update to backuppc;announced via advisory MDVSA-2009:253.
Descripción:	Summary: The remote host is missing an update to backuppc announced via advisory MDVSA-2009:253. Vulnerability Insight: A vulnerability was discovered and corrected in backuppc: CgiUserConfigEdit in BackupPC 3.1.0, when SSH keys and Rsync are in use in a multi-user environment, does not restrict users from the ClientNameAlias function, which allows remote authenticated users to read and write sensitive files by modifying ClientNameAlias to match another system, then initiating a backup or restore (CVE-2009-3369). This update provides a fix for this vulnerability. Affected: Enterprise Server 5.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. CVSS Score: 8.5 CVSS Vector: AV:N/AC:M/Au:S/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2009-3369 https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00729.html https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00694.html http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=542218 http://osvdb.org/57236 http://secunia.com/advisories/36393 http://secunia.com/advisories/37161
Copyright	Copyright (C) 2009 E-Soft Inc.

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.