 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.0.51566 |
| Category: | Conectiva Local Security Checks |
| Title: | Conectiva Security Advisory CLA-2001:402 |
| Summary: | NOSUMMARY |
| Description: | Description: The remote host is missing updates announced in advisory CLA-2001:402. exim is a popular mail server (MTA) that is included in many GNU/Linux distributions. Megyer Laszlo reported a format bug vulnerability in the exim package that could lead to a compromise if exim is run as root. This software is not installed by default on Conectiva Linux 6.0 and, even if installed, the default configuration is not vulnerable because it does not include the headers_check_syntax option in the /etc/exim.conf configuration file which is needed to trigger the bug. If, however, that option is enabled, and exim is also used to process batched SMTP input (via the -bS command-line option), then the service becomes vulnerable and a remote attack becomes possible. Solution: The apt tool can be used to perform RPM package upgrades by running 'apt-get update' followed by 'apt-get upgrade' http://www.securityspace.com/smysecure/catid.html?in=CLA-2001:402 http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000402 Risk factor : High |
| Copyright | Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com |
| This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |