ID de Prueba:	1.3.6.1.4.1.25623.1.0.880826
Categoría:	CentOS Local Security Checks
Título:	CentOS Update for cyrus-imapd CESA-2009:1116 centos5 i386
Resumen:	The remote host is missing an update for the 'cyrus-imapd'; package(s) announced via the referenced advisory.
Descripción:	Summary: The remote host is missing an update for the 'cyrus-imapd' package(s) announced via the referenced advisory. Vulnerability Insight: The cyrus-imapd packages contain a high-performance mail server with IMAP, POP3, NNTP, and SIEVE support. It was discovered that the Cyrus SASL library (cyrus-sasl) does not always reliably terminate output from the sasl_encode64() function used by programs using this library. The Cyrus IMAP server (cyrus-imapd) relied on this function's output being properly terminated. Under certain conditions, improperly terminated output from sasl_encode64() could, potentially, cause cyrus-imapd to crash, disclose portions of its memory, or lead to SASL authentication failures. (CVE-2009-0688) Users of cyrus-imapd are advised to upgrade to these updated packages, which resolve this issue. After installing the update, cyrus-imapd will be restarted automatically. Affected Software/OS: cyrus-imapd on CentOS 5 Solution: Please install the updated packages. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2009-0688 http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html BugTraq ID: 34961 http://www.securityfocus.com/bid/34961 Cert/CC Advisory: TA10-103B http://www.us-cert.gov/cas/techalerts/TA10-103B.html CERT/CC vulnerability note: VU#238019 http://www.kb.cert.org/vuls/id/238019 Debian Security Information: DSA-1807 (Google Search) http://www.debian.org/security/2009/dsa-1807 http://security.gentoo.org/glsa/glsa-200907-09.xml http://www.mandriva.com/security/advisories?name=MDVSA-2009:113 http://osvdb.org/54514 http://osvdb.org/54515 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10687 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6136 http://www.redhat.com/support/errata/RHSA-2009-1116.html http://www.securitytracker.com/id?1022231 http://secunia.com/advisories/35094 http://secunia.com/advisories/35097 http://secunia.com/advisories/35102 http://secunia.com/advisories/35206 http://secunia.com/advisories/35239 http://secunia.com/advisories/35321 http://secunia.com/advisories/35416 http://secunia.com/advisories/35497 http://secunia.com/advisories/35746 http://secunia.com/advisories/39428 http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.448834 http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020755.1-1 http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021699.1-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-259148-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-264248-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-273910-1 SuSE Security Announcement: SUSE-SR:2009:011 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html http://www.ubuntu.com/usn/usn-790-1 http://www.vupen.com/english/advisories/2009/1313 http://www.vupen.com/english/advisories/2009/2012 XForce ISS Database: solaris-sasl-saslencode64-bo(50554) https://exchange.xforce.ibmcloud.com/vulnerabilities/50554
Copyright	Copyright (C) 2011 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.