 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.0.57034 |
| Category: | Slackware Local Security Checks |
| Title: | Slackware: Security Advisory (SSA:2006-178-03) |
| Summary: | The remote host is missing an update for the 'arts' package(s) announced via the SSA:2006-178-03 advisory. |
| Description: | Summary: The remote host is missing an update for the 'arts' package(s) announced via the SSA:2006-178-03 advisory. Vulnerability Insight: New aRts packages are available for Slackware 10.0, 10.1, 10.2, and -current to fix a possible security issue with artswrapper. The artswrapper program and the artsd daemon can be used to gain root privileges if artswrapper is setuid root and the system is running a 2.6.x kernel. Note that artswrapper is not setuid root on Slackware by default. Some people have recommended setting it that way online though, so it's at least worth warning about. It's far safer to just add users to the audio group. The official KDE security advisory may be found here: [link moved to references] More details about this issue may be found in the Common Vulnerabilities and Exposures (CVE) database: [link moved to references] Here are the details from the Slackware 10.2 ChangeLog: +--------------------------+ patches/packages/arts-1.4.2-i486-2_slack10.2.tgz: Patched to fix a possible exploit if artswrapper is setuid root (which, by default, it is not) and the system is running a 2.6 kernel. Systems running 2.4 kernels are not affected. The official KDE security advisory may be found here: [link moved to references] The CVE entry for this issue may be found here: [link moved to references] (* Security fix *) +--------------------------+ Affected Software/OS: 'arts' package(s) on Slackware 10.0, Slackware 10.1, Slackware 10.2, Slackware current. Solution: Please install the updated package(s). CVSS Score: 6.0 CVSS Vector: AV:L/AC:H/Au:S/C:C/I:C/A:C |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2006-2916 BugTraq ID: 18429 http://www.securityfocus.com/bid/18429 BugTraq ID: 23697 http://www.securityfocus.com/bid/23697 Bugtraq: 20060615 rPSA-2006-0105-1 arts (Google Search) http://www.securityfocus.com/archive/1/437362/100/0/threaded http://www.gentoo.org/security/en/glsa/glsa-200606-22.xml http://security.gentoo.org/glsa/glsa-200704-22.xml http://www.mandriva.com/security/advisories?name=MDKSA-2006:107 http://mail.gnome.org/archives/beast/2006-December/msg00025.html http://www.osvdb.org/26506 http://securitytracker.com/id?1016298 http://secunia.com/advisories/20677 http://secunia.com/advisories/20786 http://secunia.com/advisories/20827 http://secunia.com/advisories/20868 http://secunia.com/advisories/20899 http://secunia.com/advisories/25032 http://secunia.com/advisories/25059 http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.468256 SuSE Security Announcement: SUSE-SR:2006:015 (Google Search) http://www.novell.com/linux/security/advisories/2006_38_security.html http://www.vupen.com/english/advisories/2006/2357 http://www.vupen.com/english/advisories/2007/0409 XForce ISS Database: arts-artwrapper-privilege-escalation(27221) https://exchange.xforce.ibmcloud.com/vulnerabilities/27221 |
| Copyright | Copyright (C) 2012 Greenbone AG |
| This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |