FreeBSD Local Security Checks : FreeBSD Security Advisory (FreeBSD-SA-09:16.rtld.asc)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.66354

Categoría: FreeBSD Local Security Checks

Título: FreeBSD Security Advisory (FreeBSD-SA-09:16.rtld.asc)

Resumen: The remote host is missing an update to the system; as announced in the referenced advisory FreeBSD-SA-09:16.rtld.asc

Descripción: Summary:
The remote host is missing an update to the system
as announced in the referenced advisory FreeBSD-SA-09:16.rtld.asc

Vulnerability Insight:
The run-time link-editor, rtld, links dynamic executable with their
needed libraries at run-time. It also allows users to explicitly
load libraries via various LD_ environmental variables.

When running setuid programs rtld will normally remove potentially
dangerous environment variables. Due to recent changes in FreeBSD
environment variable handling code, a corrupt environment may
result in attempts to unset environment variables failing.

Solution:
Upgrade your system to the appropriate stable release
or security branch dated after the correction date.

CVSS Score:
7.2

CVSS Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2009-4146
BugTraq ID: 37154
http://www.securityfocus.com/bid/37154
Bugtraq: 20091130 ** FreeBSD local r00t zeroday (Google Search)
http://www.securityfocus.com/archive/1/508142/100/0/threaded
Bugtraq: 20091201 Re: ** FreeBSD local r00t zeroday (Google Search)
http://www.securityfocus.com/archive/1/508168/100/0/threaded
Bugtraq: 20091201 Upcoming FreeBSD Security Advisory (Google Search)
http://www.securityfocus.com/archive/1/508146/100/0/threaded
http://packetstormsecurity.com/files/152997/FreeBSD-rtld-execl-Privilege-Escalation.html
http://www.securitytracker.com/id?1023250
http://secunia.com/advisories/37517

Copyright Copyright (C) 2009 E-Soft Inc.

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.66354
Categoría:	FreeBSD Local Security Checks
Título:	FreeBSD Security Advisory (FreeBSD-SA-09:16.rtld.asc)
Resumen:	The remote host is missing an update to the system; as announced in the referenced advisory FreeBSD-SA-09:16.rtld.asc
Descripción:	Summary: The remote host is missing an update to the system as announced in the referenced advisory FreeBSD-SA-09:16.rtld.asc Vulnerability Insight: The run-time link-editor, rtld, links dynamic executable with their needed libraries at run-time. It also allows users to explicitly load libraries via various LD_ environmental variables. When running setuid programs rtld will normally remove potentially dangerous environment variables. Due to recent changes in FreeBSD environment variable handling code, a corrupt environment may result in attempts to unset environment variables failing. Solution: Upgrade your system to the appropriate stable release or security branch dated after the correction date. CVSS Score: 7.2 CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2009-4146 BugTraq ID: 37154 http://www.securityfocus.com/bid/37154 Bugtraq: 20091130 FreeBSD local r00t zeroday (Google Search) http://www.securityfocus.com/archive/1/508142/100/0/threaded Bugtraq: 20091201 Re: FreeBSD local r00t zeroday (Google Search) http://www.securityfocus.com/archive/1/508168/100/0/threaded Bugtraq: 20091201 Upcoming FreeBSD Security Advisory (Google Search) http://www.securityfocus.com/archive/1/508146/100/0/threaded http://packetstormsecurity.com/files/152997/FreeBSD-rtld-execl-Privilege-Escalation.html http://www.securitytracker.com/id?1023250 http://secunia.com/advisories/37517
Copyright	Copyright (C) 2009 E-Soft Inc.