Mandrake Local Security Checks : Mandriva Security Advisory MDVSA-2010:054 (pam

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.66976

Categoría: Mandrake Local Security Checks

Título: Mandriva Security Advisory MDVSA-2010:054 (pam_krb5)

Resumen: NOSUMMARY

Descripción: Description:
The remote host is missing an update to pam_krb5
announced via advisory MDVSA-2010:054.

Pam_krb5 2.2.14 through 2.3.4 generates different password prompts
depending on whether the user account exists, which allows remote
attackers to enumerate valid usernames (CVE-2009-1384).

This update provides the version 2.3.5 of pam_krb5, which is not
vulnerable to this issue.

Affected: 2009.0, 2009.1, Enterprise Server 5.0

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

http://www.securityspace.com/smysecure/catid.html?in=MDVSA-2010:054

Risk factor : Medium

CVSS Score:
5.0

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2009-1384
20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX
http://www.securityfocus.com/archive/1/516397/100/0/threaded
35112
http://www.securityfocus.com/bid/35112
35230
http://secunia.com/advisories/35230
43314
http://secunia.com/advisories/43314
54791
http://osvdb.org/54791
ADV-2009-1448
http://www.vupen.com/english/advisories/2009/1448
MDVSA-2010:054
http://www.mandriva.com/security/advisories?name=MDVSA-2010:054
[oss-security] 20090527 CVE assignment notification (pam_krb5 CVE-2009-1384)
http://www.openwall.com/lists/oss-security/2009/05/27/1
http://www.vmware.com/security/advisories/VMSA-2011-0003.html
https://bugzilla.redhat.com/show_bug.cgi?id=502602
oval:org.mitre.oval:def:7081
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7081
oval:org.mitre.oval:def:9652
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9652

Copyright Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.66976
Categoría:	Mandrake Local Security Checks
Título:	Mandriva Security Advisory MDVSA-2010:054 (pam_krb5)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to pam_krb5 announced via advisory MDVSA-2010:054. Pam_krb5 2.2.14 through 2.3.4 generates different password prompts depending on whether the user account exists, which allows remote attackers to enumerate valid usernames (CVE-2009-1384). This update provides the version 2.3.5 of pam_krb5, which is not vulnerable to this issue. Affected: 2009.0, 2009.1, Enterprise Server 5.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. http://www.securityspace.com/smysecure/catid.html?in=MDVSA-2010:054 Risk factor : Medium CVSS Score: 5.0
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2009-1384 20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX http://www.securityfocus.com/archive/1/516397/100/0/threaded 35112 http://www.securityfocus.com/bid/35112 35230 http://secunia.com/advisories/35230 43314 http://secunia.com/advisories/43314 54791 http://osvdb.org/54791 ADV-2009-1448 http://www.vupen.com/english/advisories/2009/1448 MDVSA-2010:054 http://www.mandriva.com/security/advisories?name=MDVSA-2010:054 [oss-security] 20090527 CVE assignment notification (pam_krb5 CVE-2009-1384) http://www.openwall.com/lists/oss-security/2009/05/27/1 http://www.vmware.com/security/advisories/VMSA-2011-0003.html https://bugzilla.redhat.com/show_bug.cgi?id=502602 oval:org.mitre.oval:def:7081 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7081 oval:org.mitre.oval:def:9652 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9652
Copyright	Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com