ID de Prueba:	1.3.6.1.4.1.25623.1.0.66685
Categoría:	Mandrake Local Security Checks
Título:	Mandriva Security Advisory MDVSA-2009:345 (acl)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to acl announced via advisory MDVSA-2009:345. A vulnerability was discovered and corrected in acl: The (1) setfacl and (2) getfacl commands in XFS acl 2.2.47, when running in recursive (-R) mode, follow symbolic links even when the --physical (aka -P) or -L option is specified, which might allow local users to modify the ACL for arbitrary files or directories via a symlink attack (CVE-2009-4411). This update provides a fix for this vulnerability. Affected: 2009.0, 2009.1, 2010.0, Enterprise Server 5.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. http://www.securityspace.com/smysecure/catid.html?in=MDVSA-2009:345 Risk factor : Medium CVSS Score: 3.7
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2009-4411 BugTraq ID: 37455 http://www.securityfocus.com/bid/37455 http://www.mandriva.com/security/advisories?name=MDVSA-2009:345 http://www.openwall.com/lists/oss-security/2009/12/23/2 http://osvdb.org/61302 http://secunia.com/advisories/37907 http://secunia.com/advisories/38420 SuSE Security Announcement: SUSE-SR:2010:002 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00000.html XForce ISS Database: acl-setfacl-getfacl-symlink(55004) https://exchange.xforce.ibmcloud.com/vulnerabilities/55004
Copyright	Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.