Mageia Linux Local Security Checks : Mageia: Security Advisory (MGASA-2014-0380)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.1.10.2014.0380

Categoría: Mageia Linux Local Security Checks

Título: Mageia: Security Advisory (MGASA-2014-0380)

Resumen: The remote host is missing an update for the 'zarafa' package(s) announced via the MGASA-2014-0380 advisory.

Descripción: Summary:
The remote host is missing an update for the 'zarafa' package(s) announced via the MGASA-2014-0380 advisory.

Vulnerability Insight:
Updated zarafa packages fix security vulnerabilities:

Robert Scheck reported that Zarafa's WebAccess stored session information,
including login credentials, on-disk in PHP session files. This session file
would contain a user's username and password to the Zarafa IMAP server
(CVE-2014-0103).

Robert Scheck discovered that the Zarafa Collaboration Platform has multiple
incorrect default permissions (CVE-2014-5447, CVE-2014-5448, CVE-2014-5449,
CVE-2014-5450).

Affected Software/OS:
'zarafa' package(s) on Mageia 3, Mageia 4.

Solution:
Please install the updated package(s).

CVSS Score:
2.1

CVSS Vector:
AV:L/AC:L/Au:N/C:P/I:N/A:N

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2014-0103
68247
http://www.securityfocus.com/bid/68247
FEDORA-2014-7889
http://lists.fedoraproject.org/pipermail/package-announce/2014-July/136044.html
FEDORA-2014-7896
http://lists.fedoraproject.org/pipermail/package-announce/2014-July/136033.html
MDVSA-2014:182
http://www.mandriva.com/security/advisories?name=MDVSA-2014:182
http://advisories.mageia.org/MGASA-2014-0380.html
https://bugzilla.redhat.com/show_bug.cgi?id=1073618
Common Vulnerability Exposure (CVE) ID: CVE-2014-5447
BugTraq ID: 69362
http://www.securityfocus.com/bid/69362
http://seclists.org/oss-sec/2014/q3/444
http://seclists.org/oss-sec/2014/q3/445
Common Vulnerability Exposure (CVE) ID: CVE-2014-5448
BugTraq ID: 69365
http://www.securityfocus.com/bid/69365
XForce ISS Database: zarafa-logzarafa-info-disc(95452)
https://exchange.xforce.ibmcloud.com/vulnerabilities/95452
Common Vulnerability Exposure (CVE) ID: CVE-2014-5449
BugTraq ID: 69369
http://www.securityfocus.com/bid/69369
XForce ISS Database: webaccess-webapp-information-disc(95453)
https://exchange.xforce.ibmcloud.com/vulnerabilities/95453
Common Vulnerability Exposure (CVE) ID: CVE-2014-5450
BugTraq ID: 69370
http://www.securityfocus.com/bid/69370
http://lists.fedoraproject.org/pipermail/package-announce/2014-August/137158.html
http://lists.fedoraproject.org/pipermail/package-announce/2014-September/137232.html
http://www.openwall.com/lists/oss-security/2014/08/25/1
XForce ISS Database: zarafa-license-info-disc(95454)
https://exchange.xforce.ibmcloud.com/vulnerabilities/95454

Copyright Copyright (C) 2022 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.1.10.2014.0380
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2014-0380)
Resumen:	The remote host is missing an update for the 'zarafa' package(s) announced via the MGASA-2014-0380 advisory.
Descripción:	Summary: The remote host is missing an update for the 'zarafa' package(s) announced via the MGASA-2014-0380 advisory. Vulnerability Insight: Updated zarafa packages fix security vulnerabilities: Robert Scheck reported that Zarafa's WebAccess stored session information, including login credentials, on-disk in PHP session files. This session file would contain a user's username and password to the Zarafa IMAP server (CVE-2014-0103). Robert Scheck discovered that the Zarafa Collaboration Platform has multiple incorrect default permissions (CVE-2014-5447, CVE-2014-5448, CVE-2014-5449, CVE-2014-5450). Affected Software/OS: 'zarafa' package(s) on Mageia 3, Mageia 4. Solution: Please install the updated package(s). CVSS Score: 2.1 CVSS Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2014-0103 68247 http://www.securityfocus.com/bid/68247 FEDORA-2014-7889 http://lists.fedoraproject.org/pipermail/package-announce/2014-July/136044.html FEDORA-2014-7896 http://lists.fedoraproject.org/pipermail/package-announce/2014-July/136033.html MDVSA-2014:182 http://www.mandriva.com/security/advisories?name=MDVSA-2014:182 http://advisories.mageia.org/MGASA-2014-0380.html https://bugzilla.redhat.com/show_bug.cgi?id=1073618 Common Vulnerability Exposure (CVE) ID: CVE-2014-5447 BugTraq ID: 69362 http://www.securityfocus.com/bid/69362 http://seclists.org/oss-sec/2014/q3/444 http://seclists.org/oss-sec/2014/q3/445 Common Vulnerability Exposure (CVE) ID: CVE-2014-5448 BugTraq ID: 69365 http://www.securityfocus.com/bid/69365 XForce ISS Database: zarafa-logzarafa-info-disc(95452) https://exchange.xforce.ibmcloud.com/vulnerabilities/95452 Common Vulnerability Exposure (CVE) ID: CVE-2014-5449 BugTraq ID: 69369 http://www.securityfocus.com/bid/69369 XForce ISS Database: webaccess-webapp-information-disc(95453) https://exchange.xforce.ibmcloud.com/vulnerabilities/95453 Common Vulnerability Exposure (CVE) ID: CVE-2014-5450 BugTraq ID: 69370 http://www.securityfocus.com/bid/69370 http://lists.fedoraproject.org/pipermail/package-announce/2014-August/137158.html http://lists.fedoraproject.org/pipermail/package-announce/2014-September/137232.html http://www.openwall.com/lists/oss-security/2014/08/25/1 XForce ISS Database: zarafa-license-info-disc(95454) https://exchange.xforce.ibmcloud.com/vulnerabilities/95454
Copyright	Copyright (C) 2022 Greenbone AG