 |
Inicial ▼ Bookkeeping
Online ▼ Auditorias ▼
DNS
Administrado ▼
Acerca de DNS
Ordenar/Renovar
Preguntas Frecuentes
AUP
Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password Monitoreo
de Redes ▼
Enterprise
Avanzado
Estándarr
Prueba
Preguntas Frecuentes
Resumen de Precio/Funciones
Ordenar
Muestras
Configure/Status Alert Profiles | ||
| ID de Prueba: | 1.3.6.1.4.1.25623.1.0.870663 |
| Categoría: | Red Hat Local Security Checks |
| Título: | RedHat Update for policycoreutils RHSA-2011:0414-01 |
| Resumen: | The remote host is missing an update for the 'policycoreutils'; package(s) announced via the referenced advisory. |
| Descripción: | Summary: The remote host is missing an update for the 'policycoreutils' package(s) announced via the referenced advisory. Vulnerability Insight: The policycoreutils packages contain the core utilities that are required for the basic operation of a Security-Enhanced Linux (SELinux) system and its policies. It was discovered that the seunshare utility did not enforce proper file permissions on the directory used as an alternate temporary directory mounted as /tmp/. A local user could use this flaw to overwrite files or, possibly, execute arbitrary code with the privileges of a setuid or setgid application that relies on proper /tmp/ permissions, by running that application via seunshare. (CVE-2011-1011) Red Hat would like to thank Tavis Ormandy for reporting this issue. This update also introduces the following changes: * The seunshare utility was moved from the main policycoreutils subpackage to the policycoreutils-sandbox subpackage. This utility is only required by the sandbox feature and does not need to be installed by default. * Updated selinux-policy packages that add the SELinux policy changes required by the seunshare fixes. All policycoreutils users should upgrade to these updated packages, which correct this issue. Affected Software/OS: policycoreutils on Red Hat Enterprise Linux Desktop (v. 6), Red Hat Enterprise Linux Server (v. 6), Red Hat Enterprise Linux Workstation (v. 6) Solution: Please Install the Updated Packages. CVSS Score: 6.9 CVSS Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C |
| Referencia Cruzada: |
Common Vulnerability Exposure (CVE) ID: CVE-2011-1011 1025291 http://www.securitytracker.com/id?1025291 20110222 Developers should not rely on the stickiness of /tmp on Red Hat Linux http://archives.neohapsis.com/archives/fulldisclosure/2011-02/0585.html 43415 http://secunia.com/advisories/43415 43844 http://secunia.com/advisories/43844 44034 http://secunia.com/advisories/44034 46510 http://www.securityfocus.com/bid/46510 ADV-2011-0701 http://www.vupen.com/english/advisories/2011/0701 ADV-2011-0864 http://www.vupen.com/english/advisories/2011/0864 FEDORA-2011-3043 http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056227.html RHSA-2011:0414 http://www.redhat.com/support/errata/RHSA-2011-0414.html [oss-security] 20110222 CVE Request http://openwall.com/lists/oss-security/2011/02/23/1 [oss-security] 20110223 Re: CVE Request http://openwall.com/lists/oss-security/2011/02/23/2 http://pkgs.fedoraproject.org/gitweb/?p=policycoreutils.git%3Ba=blob%3Bf=policycoreutils-rhat.patch%3Bh=d4db5bc06027de23d12a4b3f18fa6f9b1517df27%3Bhb=HEAD#l2197 https://bugzilla.redhat.com/show_bug.cgi?id=633544 policycoreutils-seunshare-symlink(65641) https://exchange.xforce.ibmcloud.com/vulnerabilities/65641 |
| Copyright | Copyright (C) 2012 Greenbone AG |
| Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora. |