ID de Prueba:	1.3.6.1.4.1.25623.1.0.70740
Categoría:	FreeBSD Local Security Checks
Título:	FreeBSD Ports: FreeBSD
Resumen:	The remote host is missing an update to the system; as announced in the referenced advisory.
Descripción:	Summary: The remote host is missing an update to the system as announced in the referenced advisory. Vulnerability Insight: The following package is affected: FreeBSD CVE-2011-4122 Directory traversal vulnerability in openpam_configure.c in OpenPAM before r478 on FreeBSD 8.1 allows local users to load arbitrary DSOs and gain privileges via a .. (dot dot) in the service_name argument to the pam_start function, as demonstrated by a .. in the -c option to kcheckpass. Solution: Update your system with the appropriate patches or software upgrades. CVSS Score: 6.9 CVSS Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2011-4122 http://c-skills.blogspot.com/2011/11/openpam-trickery.html http://stealth.openwall.net/xSports/pamslam http://openwall.com/lists/oss-security/2011/12/07/3 http://openwall.com/lists/oss-security/2011/12/08/9 http://osvdb.org/76945 http://secunia.com/advisories/46756 http://secunia.com/advisories/46804 XForce ISS Database: openpam-Pamstart-privilege-escalation(71205) https://exchange.xforce.ibmcloud.com/vulnerabilities/71205
Copyright	Copyright (C) 2012 E-Soft Inc.

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.