ID de Prueba:	1.3.6.1.4.1.25623.1.0.67673
Categoría:	Mandrake Local Security Checks
Título:	Mandriva Security Advisory MDVSA-2010:129 (heimdal)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to heimdal announced via advisory MDVSA-2010:129. Multiple vulnerabilities has been found and corrected in heimdal: The (1) krshd and (2) v4rcp applications in (a) MIT Kerberos 5 (krb5) up to 1.5, and 1.4.x before 1.4.4, when running on Linux and AIX, and (b) Heimdal 0.7.2 and earlier, do not check return codes for setuid calls, which allows local users to gain privileges by causing setuid to fail to drop privileges using attacks such as resource exhaustion (CVE-2006-3083). The (1) ftpd and (2) ksu programs in (a) MIT Kerberos 5 (krb5) up to 1.5, and 1.4.x before 1.4.4, and (b) Heimdal 0.7.2 and earlier, do not check return codes for setuid calls, which might allow local users to gain privileges by causing setuid to fail to drop privileges. NOTE: as of 20060808, it is not known whether an exploitable attack scenario exists for these issues (CVE-2006-3084). Certain invalid GSS-API tokens can cause a GSS-API acceptor (server) to crash due to a null pointer dereference in the GSS-API library (CVE-2010-1321). The updated packages have been patched to correct these issues. Affected: Corporate 4.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. http://www.securityspace.com/smysecure/catid.html?in=MDVSA-2010:129 http://www.h5l.org/advisories.html?show=2006-08-08 http://www.h5l.org/advisories.html?show=2010-05-27 Risk factor : High CVSS Score: 7.2
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2006-3083 BugTraq ID: 19427 http://www.securityfocus.com/bid/19427 Bugtraq: 20060808 MITKRB-SA-2006-001: multiple local privilege escalation vulnerabilities (Google Search) http://www.securityfocus.com/archive/1/442599/100/0/threaded Bugtraq: 20060816 UPDATED: MITKRB5-SA-2006-001: multiple local privilege escalation vulnerabilities (Google Search) http://www.securityfocus.com/archive/1/443498/100/100/threaded CERT/CC vulnerability note: VU#580124 http://www.kb.cert.org/vuls/id/580124 Debian Security Information: DSA-1146 (Google Search) http://www.debian.org/security/2006/dsa-1146 http://www.gentoo.org/security/en/glsa/glsa-200608-15.xml http://security.gentoo.org/glsa/glsa-200608-21.xml http://www.mandriva.com/security/advisories?name=MDKSA-2006:139 http://www.osvdb.org/27869 http://www.osvdb.org/27870 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9515 http://www.redhat.com/support/errata/RHSA-2006-0612.html http://securitytracker.com/id?1016664 http://secunia.com/advisories/21402 http://secunia.com/advisories/21423 http://secunia.com/advisories/21436 http://secunia.com/advisories/21439 http://secunia.com/advisories/21441 http://secunia.com/advisories/21456 http://secunia.com/advisories/21461 http://secunia.com/advisories/21467 http://secunia.com/advisories/21527 http://secunia.com/advisories/21613 http://secunia.com/advisories/21847 http://secunia.com/advisories/22291 SuSE Security Announcement: SUSE-SR:2006:020 (Google Search) http://www.novell.com/linux/security/advisories/2006_20_sr.html SuSE Security Announcement: SUSE-SR:2006:022 (Google Search) http://www.novell.com/linux/security/advisories/2006_22_sr.html http://www.ubuntu.com/usn/usn-334-1 http://www.vupen.com/english/advisories/2006/3225 Common Vulnerability Exposure (CVE) ID: CVE-2006-3084 CERT/CC vulnerability note: VU#401660 http://www.kb.cert.org/vuls/id/401660 http://fedoranews.org/cms/node/2376 http://www.osvdb.org/27871 http://www.osvdb.org/27872 http://secunia.com/advisories/23707 Common Vulnerability Exposure (CVE) ID: CVE-2010-1321 BugTraq ID: 40235 http://www.securityfocus.com/bid/40235 Bugtraq: 20100518 MITKRB5-SA-2010-005 [CVE-2010-1321] GSS-API lib null pointer deref (Google Search) http://www.securityfocus.com/archive/1/511331/100/0/threaded Bugtraq: 20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX (Google Search) http://www.securityfocus.com/archive/1/516397/100/0/threaded Cert/CC Advisory: TA10-287A http://www.us-cert.gov/cas/techalerts/TA10-287A.html Cert/CC Advisory: TA11-201A http://www.us-cert.gov/cas/techalerts/TA11-201A.html Debian Security Information: DSA-2052 (Google Search) http://www.debian.org/security/2010/dsa-2052 http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041615.html http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041645.html http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041654.html HPdes Security Advisory: HPSBMU02799 http://marc.info/?l=bugtraq&m=134254866602253&w=2 HPdes Security Advisory: HPSBUX02544 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02257427 HPdes Security Advisory: SSRT100107 http://www.mandriva.com/security/advisories?name=MDVSA-2010:100 http://osvdb.org/64744 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11604 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7198 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7450 http://www.redhat.com/support/errata/RHSA-2010-0423.html http://www.redhat.com/support/errata/RHSA-2010-0770.html http://www.redhat.com/support/errata/RHSA-2010-0807.html http://www.redhat.com/support/errata/RHSA-2010-0873.html http://www.redhat.com/support/errata/RHSA-2010-0935.html http://www.redhat.com/support/errata/RHSA-2010-0987.html http://www.redhat.com/support/errata/RHSA-2011-0152.html http://www.redhat.com/support/errata/RHSA-2011-0880.html http://secunia.com/advisories/39762 http://secunia.com/advisories/39784 http://secunia.com/advisories/39799 http://secunia.com/advisories/39818 http://secunia.com/advisories/39849 http://secunia.com/advisories/40346 http://secunia.com/advisories/40685 http://secunia.com/advisories/41967 http://secunia.com/advisories/42432 http://secunia.com/advisories/42974 http://secunia.com/advisories/43335 http://secunia.com/advisories/44954 SuSE Security Announcement: SUSE-SR:2010:013 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html SuSE Security Announcement: SUSE-SR:2010:014 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html SuSE Security Announcement: SUSE-SR:2010:019 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html SuSE Security Announcement: SUSE-SU-2012:0010 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00002.html SuSE Security Announcement: SUSE-SU-2012:0042 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00010.html http://www.ubuntu.com/usn/USN-940-1 http://www.ubuntu.com/usn/USN-940-2 http://www.vupen.com/english/advisories/2010/1177 http://www.vupen.com/english/advisories/2010/1192 http://www.vupen.com/english/advisories/2010/1193 http://www.vupen.com/english/advisories/2010/1196 http://www.vupen.com/english/advisories/2010/1222 http://www.vupen.com/english/advisories/2010/1574 http://www.vupen.com/english/advisories/2010/1882 http://www.vupen.com/english/advisories/2010/3112 http://www.vupen.com/english/advisories/2011/0134
Copyright	Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.