| Description: | Description:
The remote host is missing updates announced in
advisory TSLSA-2004-0061.
apache:
An issue was discovered where the field length limit was not enforced
for certain malicious requests. This could lead to a remote denial of
service attack.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CVE-2004-0942 to this issue.
kernel:
Fixes a number of errors in binfmt_elf and smbfs.
sudo:
Liam Helmer discovered an input validation flaw in sudo. When the
standard shell bash starts up, it searches the environment for
variables with a value beginning with (). For each of these
variables a function with the same name is created, with the function
body filled in from the environment variable's value.
A malicious user with sudo access to a shell script that uses bash can
use this feature to substitute arbitrary commands for any
non-fully-qualified programs called from the script. Therefore this
flaw can lead to privilege escalation.
Martin Schulze informed us that our previous sudo update did not fix
this problem. This update does.
Solution:
Update your system with the packages as indicated in
the referenced security advisory.
http://www.securityspace.com/smysecure/catid.html?in=TSLSA-2004-0061
Risk factor : Medium
CVSS Score:
5.0
|
