Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.52966
Category:Turbolinux Local Security Tests
Title:Turbolinux TLSA-2003-59 (kdebase)
Summary:NOSUMMARY
Description:Description:

The remote host is missing an update to kdebase
announced via advisory TLSA-2003-59.

Privilege escalation with specific PAM modules.
Session cookies generated by KDM are potentially insecure.

The local users may be able to gain root privileges.
The weak cookie generation may allow non-authorized users to guess the session cookie by
a brute force attack.

Solution: Please use the turbopkg (zabom) tool to apply the update.
http://www.securityspace.com/smysecure/catid.html?in=TLSA-2003-59

Risk factor : Critical

CVSS Score:
10.0

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2003-0690
Bugtraq: 20030916 [KDE SECURITY ADVISORY] KDM vulnerabilities (Google Search)
http://marc.info/?l=bugtraq&m=106374551513499&w=2
Conectiva Linux advisory: CLA-2003:747
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000747
Debian Security Information: DSA-388 (Google Search)
http://www.debian.org/security/2003/dsa-388
Debian Security Information: DSA-443 (Google Search)
http://www.debian.org/security/2004/dsa-443
http://www.mandriva.com/security/advisories?name=MDKSA-2003:091
http://cert.uni-stuttgart.de/archive/suse/security/2002/12/msg00101.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A193
http://www.redhat.com/support/errata/RHSA-2003-270.html
http://www.redhat.com/support/errata/RHSA-2003-286.html
http://www.redhat.com/support/errata/RHSA-2003-287.html
http://www.redhat.com/support/errata/RHSA-2003-288.html
http://www.redhat.com/support/errata/RHSA-2003-289.html
Common Vulnerability Exposure (CVE) ID: CVE-2003-0692
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A215
CopyrightCopyright (c) 2005 E-Soft Inc. http://www.securityspace.com

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2024 E-Soft Inc. All rights reserved.