English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 145615 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.57836
Category:Trustix Local Security Checks
Title:Trustix Security Advisory TSLSA-2007-0005 (Multiple packages)
Summary:NOSUMMARY
Description:Description:

The remote host is missing updates announced in
advisory TSLSA-2007-0005.

bind < TSL 3.0 > < TSL 2.2 > < TSEL 2 >
- New Upstream.
- SECURITY Fix: Some vulnerabilities have been reported in ISC BIND,
which can be exploited by malicious people to cause a DoS. An
unspecified error may cause the named daemon to dereference a
freed fetch context.
- Another vulnerability in ISC BIND allows remote attackers to cause
a denial of service (exit) via a type * (ANY) DNS query response
that contains multiple RRsets, which triggers an assertion error,
aka the DNSSEC Validation vulnerability.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the names CVE-2007-0493 and CVE-2007-0494 to these issues.

ed < TSL 3.0 > < TSL 2.2 > < TSEL 2 >
- New upstream.
- SECURITY FIX: A vulnerability has been identified in the
open_sbuf() [buf.c] function that handles temporary files in an
insecure manner, which could allow malicious users to conduct
symlink attacks and create or overwrite arbitrary files with the
privileges of the user invoking the vulnerable application.

The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2006-6939 to this issue.

elinks < TSL 3.0 >
- New upstream.
- SECURITY Fix: Teemu Salmela has discovered a vulnerability, which
is caused due to an error in the validation of smb:// URLs when
Links runs smbclient commands. This can be exploited to download
and overwrite local files or upload local files to an SMB share
by injecting smbclient commands in the smb:// URL.

The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the names CVE-2006-5925 to this issue.

Solution:
Update your system with the packages as indicated in
the referenced security advisory.

http://www.securityspace.com/smysecure/catid.html?in=TSLSA-2007-0005

Risk factor : High

CVSS Score:
7.8

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2007-0493
1017561
http://securitytracker.com/id?1017561
2007-0005
http://www.trustix.org/errata/2007/0005
20070125 BIND remote exploit (low severity) [Fwd: Internet Systems Consortium Security Advisory.]
http://lists.grok.org.uk/pipermail/full-disclosure/2007-January/052018.html
http://www.securityfocus.com/archive/1/458066/100/0/threaded
22229
http://www.securityfocus.com/bid/22229
23904
http://secunia.com/advisories/23904
23924
http://secunia.com/advisories/23924
23943
http://secunia.com/advisories/23943
23972
http://secunia.com/advisories/23972
23974
http://secunia.com/advisories/23974
23977
http://secunia.com/advisories/23977
24014
http://secunia.com/advisories/24014
24048
http://secunia.com/advisories/24048
24054
http://secunia.com/advisories/24054
24129
http://secunia.com/advisories/24129
24203
http://secunia.com/advisories/24203
24930
http://secunia.com/advisories/24930
24950
http://secunia.com/advisories/24950
25402
http://secunia.com/advisories/25402
25649
http://secunia.com/advisories/25649
ADV-2007-0349
http://www.vupen.com/english/advisories/2007/0349
ADV-2007-1401
http://www.vupen.com/english/advisories/2007/1401
ADV-2007-1939
http://www.vupen.com/english/advisories/2007/1939
ADV-2007-2163
http://www.vupen.com/english/advisories/2007/2163
ADV-2007-2315
http://www.vupen.com/english/advisories/2007/2315
APPLE-SA-2007-05-24
http://lists.apple.com/archives/security-announce/2007/May/msg00004.html
FEDORA-2007-147
http://fedoranews.org/cms/node/2507
FEDORA-2007-164
http://fedoranews.org/cms/node/2537
FreeBSD-SA-07:02
http://security.freebsd.org/advisories/FreeBSD-SA-07:02.bind.asc
GLSA-200702-06
http://security.gentoo.org/glsa/glsa-200702-06.xml
HPSBTU02207
https://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00967144
HPSBUX02219
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01070495
MDKSA-2007:030
http://www.mandriva.com/security/advisories?name=MDKSA-2007:030
NetBSD-SA2007-003
http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2007-003.txt.asc
OpenPKG-SA-2007.007
http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.007.html
RHSA-2007:0057
http://www.redhat.com/support/errata/RHSA-2007-0057.html
SSA:2007-026-01
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.494157
SSRT061213
SSRT061239
SSRT061273
SSRT071304
SUSE-SA:2007:014
http://lists.suse.com/archive/suse-security-announce/2007-Jan/0016.html
USN-418-1
http://www.ubuntu.com/usn/usn-418-1
[bind-announce] 20070125 Internet Systems Consortium Security Advisory.
http://marc.info/?l=bind-announce&m=116968519321296&w=2
http://docs.info.apple.com/article.html?artnum=305530
http://www.isc.org/index.pl?/sw/bind/bind-security.php
http://www.isc.org/index.pl?/sw/bind/view/?release=9.2.8
http://www.isc.org/index.pl?/sw/bind/view/?release=9.3.4
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04952488
https://issues.rpath.com/browse/RPL-989
oval:org.mitre.oval:def:9614
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9614
Common Vulnerability Exposure (CVE) ID: CVE-2007-0494
AIX APAR: IY95618
http://www-1.ibm.com/support/docview.wss?uid=isg1IY95618
AIX APAR: IY95619
http://www-1.ibm.com/support/docview.wss?uid=isg1IY95619
AIX APAR: IY96144
http://www-1.ibm.com/support/docview.wss?uid=isg1IY96144
AIX APAR: IY96324
http://www-1.ibm.com/support/docview.wss?uid=isg1IY96324
BugTraq ID: 22231
http://www.securityfocus.com/bid/22231
Debian Security Information: DSA-1254 (Google Search)
http://www.debian.org/security/2007/dsa-1254
FreeBSD Security Advisory: FreeBSD-SA-07:02
http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.html
HPdes Security Advisory: HPSBTU02207
HPdes Security Advisory: HPSBUX02219
HPdes Security Advisory: SSRT061213
HPdes Security Advisory: SSRT061239
HPdes Security Advisory: SSRT061273
HPdes Security Advisory: SSRT071304
http://marc.info/?l=bind-announce&m=116968519300764&w=2
NETBSD Security Advisory: NetBSD-SA2007-003
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11523
http://www.redhat.com/support/errata/RHSA-2007-0044.html
http://securitytracker.com/id?1017573
http://secunia.com/advisories/23944
http://secunia.com/advisories/24083
http://secunia.com/advisories/24284
http://secunia.com/advisories/24648
http://secunia.com/advisories/25482
http://secunia.com/advisories/25715
http://secunia.com/advisories/26909
http://secunia.com/advisories/27706
SGI Security Advisory: 20070201-01-P
ftp://patches.sgi.com/support/free/security/advisories/20070201-01-P.asc
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102969-1
SuSE Security Announcement: SUSE-SA:2007:014 (Google Search)
http://www.vupen.com/english/advisories/2007/2002
http://www.vupen.com/english/advisories/2007/2245
http://www.vupen.com/english/advisories/2007/3229
XForce ISS Database: bind-rrsets-dos(31838)
https://exchange.xforce.ibmcloud.com/vulnerabilities/31838
Common Vulnerability Exposure (CVE) ID: CVE-2006-6939
BugTraq ID: 22129
http://www.securityfocus.com/bid/22129
http://fedoranews.org/cms/node/2449
http://fedoranews.org/cms/node/2450
http://www.mandriva.com/security/advisories?name=MDKSA-2007:023
http://secunia.com/advisories/23832
http://secunia.com/advisories/23848
http://secunia.com/advisories/23857
http://www.vupen.com/english/advisories/2006/4573
XForce ISS Database: gnued-opensbuf-symlink(30374)
https://exchange.xforce.ibmcloud.com/vulnerabilities/30374
Common Vulnerability Exposure (CVE) ID: CVE-2006-5925
1017232
http://securitytracker.com/id?1017232
1017233
http://securitytracker.com/id?1017233
20061115 Links smbclient command execution
http://marc.info/?l=full-disclosure&m=116355556512780&w=2
http://www.securityfocus.com/archive/1/451870/100/200/threaded
21082
http://www.securityfocus.com/bid/21082
22905
http://secunia.com/advisories/22905
22920
http://secunia.com/advisories/22920
22923
http://secunia.com/advisories/22923
23022
http://secunia.com/advisories/23022
23132
http://secunia.com/advisories/23132
23188
http://secunia.com/advisories/23188
23234
http://secunia.com/advisories/23234
23389
http://secunia.com/advisories/23389
23467
http://secunia.com/advisories/23467
24005
http://secunia.com/advisories/24005
DSA-1226
https://www.debian.org/security/2006/dsa-1226
DSA-1228
http://www.debian.org/security/2006/dsa-1228
DSA-1240
http://www.debian.org/security/2006/dsa-1240
GLSA-200612-16
http://security.gentoo.org/glsa/glsa-200612-16.xml
GLSA-200701-27
http://www.gentoo.org/security/en/glsa/glsa-200701-27.xml
MDKSA-2006:216
http://www.mandriva.com/security/advisories?name=MDKSA-2006:216
RHSA-2006:0742
http://www.redhat.com/support/errata/RHSA-2006-0742.html
SUSE-SR:2006:027
http://www.novell.com/linux/security/advisories/2006_27_sr.html
http://bugzilla.elinks.cz/show_bug.cgi?id=841
links-smbclient-command-execution(30299)
https://exchange.xforce.ibmcloud.com/vulnerabilities/30299
oval:org.mitre.oval:def:11213
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11213
CopyrightCopyright (c) 2007 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.