Test ID:	1.3.6.1.4.1.25623.1.0.51500
Category:	Conectiva Local Security Checks
Title:	Conectiva Security Advisory CLA-2002:463
Summary:	NOSUMMARY
Description:	Description: The remote host is missing updates announced in advisory CLA-2002:463. UUCP is a Unix to Unix transfer mechanism. It is used primarily for remote sites to download and upload email and news files to local machines. zen-parse found[1] a vulnerability in the command-line argument handling of uucp which could be exploited by a local user to obtain uucp uid/gid. This vulnerability was supposed to be fixed in the CLSA-2001:425 announcement[2], but zen-parse found[3] the used patch was not totally effective. Security precautions were not being enforced for all command line options variants, such as --confi for --config or -c which are synonymous due to the way getopt() works. The upstream uucp author, Ian Lance Taylor, provided a patch to solve this vulnerability. Solution: The apt tool can be used to perform RPM package upgrades by running 'apt-get update' followed by 'apt-get upgrade' http://www.securityfocus.com/archive/1/212892 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000425&idioma=en http://www.securityfocus.com/archive/1/251168 http://www.securityspace.com/smysecure/catid.html?in=CLA-2002:463 http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=002002 Risk factor : High
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.