 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.0.58704 |
| Category: | Gentoo Local Security Checks |
| Title: | Gentoo Security Advisory GLSA 200710-25 (mldonkey) |
| Summary: | The remote host is missing updates announced in;advisory GLSA 200710-25. |
| Description: | Summary: The remote host is missing updates announced in advisory GLSA 200710-25. Vulnerability Insight: The Gentoo MLDonkey ebuild adds a user to the system with a valid login shell and no password. Solution: Change the p2p user's shell to disallow login. For example, as root run the following command: # usermod -s /bin/false p2p NOTE: updating to the current MLDonkey ebuild will not remove this vulnerability, it must be fixed manually. The updated ebuild is to prevent this problem from occurring in the future. CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2007-5714 http://security.gentoo.org/glsa/glsa-200710-25.xml http://secunia.com/advisories/27366 |
| Copyright | Copyright (C) 2008 E-Soft Inc. |
| This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |