English | Deutsch | Español | Português
 UserID:
 Passwd:
new user
 About:   Dedicated  | Advanced  | Standard  | Recurring  | No Risk  | Desktop  | Basic  | Single  | Security Seal  | FAQ
  Price/Feature Summary  | Order  | New Vulnerabilities  | Confidentiality  | Vulnerability Search
 Vulnerability   
Search   
    Search 74154 CVE descriptions
and 39337 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.63563
Category:Ubuntu Local Security Checks
Title:Ubuntu USN-732-1 (dash)
Summary:Ubuntu USN-732-1 (dash)
Description:The remote host is missing an update to dash
announced via advisory USN-732-1.

Details follow:

Wolfgang M. Reimer discovered that dash, when invoked as a login shell, would
source .profile files from the current directory. Local users may be able to
bypass security restrictions and gain root privileges by placing specially
crafted .profile files where they might get sourced by other dash users.

Solution:
The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 8.04 LTS:
dash 0.5.4-8ubuntu1.1

Ubuntu 8.10:
dash 0.5.4-9ubuntu1.1

In general, a standard system upgrade is sufficient to effect the
necessary changes.

http://www.securityspace.com/smysecure/catid.html?in=USN-732-1
Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2009-0854
http://www.ubuntu.com/usn/USN-732-1
BugTraq ID: 34092
http://www.securityfocus.com/bid/34092
http://secunia.com/advisories/34205
XForce ISS Database: dash-profile-code-execution(49216)
http://xforce.iss.net/xforce/xfdb/49216
Common Vulnerability Exposure (CVE) ID: CVE-2009-0675
Bugtraq: 20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components (Google Search)
http://www.securityfocus.com/archive/1/archive/1/507985/100/0/threaded
http://lists.openwall.net/netdev/2009/01/28/90
http://openwall.com/lists/oss-security/2009/02/20/2
Debian Security Information: DSA-1749 (Google Search)
http://www.debian.org/security/2009/dsa-1749
Debian Security Information: DSA-1787 (Google Search)
http://www.debian.org/security/2009/dsa-1787
Debian Security Information: DSA-1794 (Google Search)
http://www.debian.org/security/2009/dsa-1794
http://www.mandriva.com/security/advisories?name=MDVSA-2009:071
http://www.redhat.com/support/errata/RHSA-2009-0360.html
http://www.redhat.com/support/errata/RHSA-2009-0326.html
SuSE Security Announcement: SUSE-SA:2009:031 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00001.html
http://www.ubuntu.com/usn/usn-751-1
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11529
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:8685
http://secunia.com/advisories/33938
http://secunia.com/advisories/34394
http://secunia.com/advisories/33758
http://secunia.com/advisories/34502
http://secunia.com/advisories/34680
http://secunia.com/advisories/34981
http://secunia.com/advisories/35011
http://secunia.com/advisories/35394
http://secunia.com/advisories/37471
http://www.vupen.com/english/advisories/2009/3316
Common Vulnerability Exposure (CVE) ID: CVE-2009-0676
http://lkml.org/lkml/2009/2/12/123
http://openwall.com/lists/oss-security/2009/02/20/1
http://marc.info/?l=linux-kernel&m=123540732700371&w=2
http://www.openwall.com/lists/oss-security/2009/02/24/1
http://www.openwall.com/lists/oss-security/2009/03/02/6
RedHat Security Advisories: RHSA-2009:0459
http://rhn.redhat.com/errata/RHSA-2009-0459.html
SuSE Security Announcement: SUSE-SA:2009:021 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00007.html
SuSE Security Announcement: SUSE-SA:2009:030 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00000.html
BugTraq ID: 33846
http://www.securityfocus.com/bid/33846
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11653
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:8618
http://secunia.com/advisories/34786
http://secunia.com/advisories/34962
http://secunia.com/advisories/35390
XForce ISS Database: kernel-sock-information-disclosure(48847)
http://xforce.iss.net/xforce/xfdb/48847
Common Vulnerability Exposure (CVE) ID: CVE-2009-0759
http://www.openwall.com/lists/oss-security/2009/03/01/2
Debian Security Information: DSA-1735 (Google Search)
http://www.debian.org/security/2009/dsa-1735
http://osvdb.org/52295
http://secunia.com/advisories/34230
Common Vulnerability Exposure (CVE) ID: CVE-2009-0660
Debian Security Information: DSA-1736 (Google Search)
http://www.debian.org/security/2009/dsa-1736
BugTraq ID: 34064
http://www.securityfocus.com/bid/34064
http://secunia.com/advisories/34222
http://secunia.com/advisories/34231
http://www.vupen.com/english/advisories/2009/0665
XForce ISS Database: mahara-userprofile-xss(49168)
http://xforce.iss.net/xforce/xfdb/49168
Common Vulnerability Exposure (CVE) ID: CVE-2008-2086
Bugtraq: 20081204 CVE-2008-2086: Java Web Start File Inclusion via System PropertiesOverride (Google Search)
http://www.securityfocus.com/archive/1/archive/1/498907/100/0/threaded
http://www.vsecurity.com/bulletins/advisories/2008/JWS-props.txt
http://lists.apple.com/archives/security-announce/2009/Feb/msg00003.html
http://security.gentoo.org/glsa/glsa-200911-02.xml
HPdes Security Advisory: HPSBUX02411
http://marc.info/?l=bugtraq&m=123678756409861&w=2
HPdes Security Advisory: SSRT080111
RedHat Security Advisories: RHSA-2008:1018
RedHat Security Advisories: RHSA-2008:1025
http://rhn.redhat.com/errata/RHSA-2008-1025.html
http://www.redhat.com/support/errata/RHSA-2009-0015.html
http://www.redhat.com/support/errata/RHSA-2009-0016.html
http://www.redhat.com/support/errata/RHSA-2009-0445.html
http://sunsolve.sun.com/search/document.do?assetkey=1-26-244988-1
SuSE Security Announcement: SUSE-SA:2009:007 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00009.html
SuSE Security Announcement: SUSE-SA:2009:018 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00004.html
SuSE Security Announcement: SUSE-SR:2009:010 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html
Cert/CC Advisory: TA08-340A
http://www.us-cert.gov/cas/techalerts/TA08-340A.html
BugTraq ID: 32620
http://www.securityfocus.com/bid/32620
http://osvdb.org/50510
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5601
http://www.securitytracker.com/id?1021318
http://secunia.com/advisories/32991
http://secunia.com/advisories/33015
http://secunia.com/advisories/33710
http://secunia.com/advisories/33528
http://secunia.com/advisories/34233
http://secunia.com/advisories/34605
http://secunia.com/advisories/34889
http://secunia.com/advisories/35065
http://secunia.com/advisories/37386
http://secunia.com/advisories/38539
http://securityreason.com/securityalert/4693
http://www.vupen.com/english/advisories/2009/0424
http://www.vupen.com/english/advisories/2009/0672
Common Vulnerability Exposure (CVE) ID: CVE-2008-5339
http://rhn.redhat.com/errata/RHSA-2008-1018.html
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6409
http://www.vupen.com/english/advisories/2008/3339
Common Vulnerability Exposure (CVE) ID: CVE-2008-5340
http://www.redhat.com/support/errata/RHSA-2009-0369.html
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6627
http://secunia.com/advisories/34447
Common Vulnerability Exposure (CVE) ID: CVE-2008-5341
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6529
Common Vulnerability Exposure (CVE) ID: CVE-2008-5342
http://osvdb.org/50514
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6359
Common Vulnerability Exposure (CVE) ID: CVE-2008-5343
http://xs-sniper.com/blog/2008/12/17/sun-fixes-gifars/
BugTraq ID: 32892
http://www.securityfocus.com/bid/32892
http://osvdb.org/50512
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5924
Common Vulnerability Exposure (CVE) ID: CVE-2008-5344
http://osvdb.org/50513
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6249
XForce ISS Database: jre-appletclass-security-bypass(47057)
http://xforce.iss.net/xforce/xfdb/47057
Common Vulnerability Exposure (CVE) ID: CVE-2008-5345
RedHat Security Advisories: RHSA-2009:0466
https://rhn.redhat.com/errata/RHSA-2009-0466.html
http://sunsolve.sun.com/search/document.do?assetkey=1-26-246387-1
http://osvdb.org/50508
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6059
http://secunia.com/advisories/34972
http://www.securitytracker.com/id?1021305
Common Vulnerability Exposure (CVE) ID: CVE-2008-5347
http://sunsolve.sun.com/search/document.do?assetkey=1-26-246366-1
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1019798.1-1
SuSE Security Announcement: SUSE-SR:2009:006 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00001.html
BugTraq ID: 32608
http://www.securityfocus.com/bid/32608
http://osvdb.org/50506
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5633
http://secunia.com/advisories/34259
http://www.securitytracker.com/id?1021307
http://secunia.com/advisories/33709
XForce ISS Database: jre-jaxws-jaxb-privilege-escalation(47068)
http://xforce.iss.net/xforce/xfdb/47068
Common Vulnerability Exposure (CVE) ID: CVE-2008-5348
http://sunsolve.sun.com/search/document.do?assetkey=1-26-246346-1
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1019797.1-1
http://osvdb.org/50505
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6549
Common Vulnerability Exposure (CVE) ID: CVE-2008-5350
http://sunsolve.sun.com/search/document.do?assetkey=1-26-246266-1
http://osvdb.org/50503
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6424
http://www.securitytracker.com/id?1021310
Common Vulnerability Exposure (CVE) ID: CVE-2008-5351
http://sunsolve.sun.com/search/document.do?assetkey=1-26-245246-1
http://osvdb.org/50502
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6212
http://www.securitytracker.com/id?1021311
Common Vulnerability Exposure (CVE) ID: CVE-2008-5353
Bugtraq: 20090524 Hardening OSX against CVE-2008-5353 (Google Search)
http://www.securityfocus.com/archive/1/archive/1/503797/100/0/threaded
http://blog.cr0.org/2009/05/write-once-own-everyone.html
http://landonf.bikemonkey.org/code/macosx/CVE-2008-5353.20090519.html
http://sunsolve.sun.com/search/document.do?assetkey=1-26-244991-1
http://osvdb.org/50500
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6511
http://www.securitytracker.com/id?1021313
http://secunia.com/advisories/35118
http://www.vupen.com/english/advisories/2009/1391
Common Vulnerability Exposure (CVE) ID: CVE-2008-5354
http://www.ximido.de/research/advisories/SM_Java-BO_200811.txt
http://sunsolve.sun.com/search/document.do?assetkey=1-26-244990-1
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6537
XForce ISS Database: jre-commandline-privilege-escalation(47060)
http://xforce.iss.net/xforce/xfdb/47060
Common Vulnerability Exposure (CVE) ID: CVE-2008-5356
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=757
http://sunsolve.sun.com/search/document.do?assetkey=1-26-244987-1
http://osvdb.org/50516
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6494
http://secunia.com/advisories/33187
XForce ISS Database: jre-truetype-font-bo(47103)
http://xforce.iss.net/xforce/xfdb/47103
Common Vulnerability Exposure (CVE) ID: CVE-2008-5357
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=760
http://osvdb.org/50517
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6505
XForce ISS Database: jre-font-privilege-escalation(47050)
http://xforce.iss.net/xforce/xfdb/47050
Common Vulnerability Exposure (CVE) ID: CVE-2008-5358
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=758
http://osvdb.org/50515
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6319
XForce ISS Database: jre-gif-images-privilege-escalation(47049)
http://xforce.iss.net/xforce/xfdb/47049
Common Vulnerability Exposure (CVE) ID: CVE-2008-5359
http://www.zerodayinitiative.com/advisories/ZDI-08-080/
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5841
XForce ISS Database: jre-image-processing-privilege-escalation(47048)
http://xforce.iss.net/xforce/xfdb/47048
Common Vulnerability Exposure (CVE) ID: CVE-2008-5360
http://sunsolve.sun.com/search/document.do?assetkey=1-26-244986-1
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6596
http://www.securitytracker.com/id?1021316
XForce ISS Database: jre-guessable-file-unauth-access(47045)
http://xforce.iss.net/xforce/xfdb/47045
Common Vulnerability Exposure (CVE) ID: CVE-2009-0712
HPdes Security Advisory: HPSBMA02412
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01655638
HPdes Security Advisory: SSRT080040
HPdes Security Advisory: HPSBMA02413
http://marc.info/?l=bugtraq&m=123688841217193&w=2
BugTraq ID: 34078
http://www.securityfocus.com/bid/34078
http://osvdb.org/52592
http://www.securitytracker.com/id?1021835
http://secunia.com/advisories/34243
http://secunia.com/advisories/34276
http://www.vupen.com/english/advisories/2009/0671
Common Vulnerability Exposure (CVE) ID: CVE-2009-0713
http://osvdb.org/52591
http://www.securitytracker.com/id?1021836
Common Vulnerability Exposure (CVE) ID: CVE-2008-4546
Bugtraq: 20081002 Adobe Flash Player plug-in null pointer dereference and browser crash (Google Search)
http://www.securityfocus.com/archive/1/archive/1/496929/100/0/threaded
http://www.mochimedia.com/~matthew/flashcrash/
http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html
http://security.gentoo.org/glsa/glsa-201101-09.xml
HPdes Security Advisory: HPSBMA02547
http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751
HPdes Security Advisory: SSRT100179
http://www.redhat.com/support/errata/RHSA-2010-0464.html
http://www.redhat.com/support/errata/RHSA-2010-0470.html
SuSE Security Announcement: SUSE-SR:2008:025 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html
SuSE Security Announcement: SUSE-SA:2010:024 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00000.html
SuSE Security Announcement: SUSE-SR:2010:013 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html
TurboLinux Advisory: TLSA-2010-19
http://www.turbolinux.co.jp/security/2010/TLSA-2010-19j.txt
Cert/CC Advisory: TA10-162A
http://www.us-cert.gov/cas/techalerts/TA10-162A.html
BugTraq ID: 31537
http://www.securityfocus.com/bid/31537
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:7187
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:16302
http://securitytracker.com/id?1024085
http://securitytracker.com/id?1024086
http://secunia.com/advisories/32759
http://secunia.com/advisories/40545
http://secunia.com/advisories/43026
http://securityreason.com/securityalert/4401
http://www.vupen.com/english/advisories/2010/1453
http://www.vupen.com/english/advisories/2010/1421
http://www.vupen.com/english/advisories/2010/1432
http://www.vupen.com/english/advisories/2010/1434
http://www.vupen.com/english/advisories/2010/1482
http://www.vupen.com/english/advisories/2010/1522
http://www.vupen.com/english/advisories/2010/1793
http://www.vupen.com/english/advisories/2011/0192
XForce ISS Database: adobe-flash-version-dos(45630)
http://xforce.iss.net/xforce/xfdb/45630
Common Vulnerability Exposure (CVE) ID: CVE-2009-0037
Bugtraq: 20090312 rPSA-2009-0042-1 curl (Google Search)
http://www.securityfocus.com/archive/1/archive/1/501757/100/0/threaded
Bugtraq: 20090711 VMSA-2009-0009 ESX Service Console updates for udev, sudo, and curl (Google Search)
http://www.securityfocus.com/archive/1/archive/1/504849/100/0/threaded
http://lists.vmware.com/pipermail/security-announce/2009/000060.html
http://www.withdk.com/2009/03/03/curllibcurl-redirect-arbitrary-file-access/
http://www.withdk.com/archives/Libcurl_arbitrary_file_access.pdf
http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html
Debian Security Information: DSA-1738 (Google Search)
http://www.debian.org/security/2009/dsa-1738
http://security.gentoo.org/glsa/glsa-200903-21.xml
http://www.redhat.com/support/errata/RHSA-2009-0341.html
http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.476602
http://www.ubuntu.com/usn/USN-726-1
BugTraq ID: 33962
http://www.securityfocus.com/bid/33962
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11054
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6074
http://www.securitytracker.com/id?1021783
http://secunia.com/advisories/34138
http://secunia.com/advisories/34202
http://secunia.com/advisories/34255
http://secunia.com/advisories/34237
http://secunia.com/advisories/34251
http://secunia.com/advisories/34399
http://secunia.com/advisories/35766
http://www.vupen.com/english/advisories/2009/0581
http://www.vupen.com/english/advisories/2009/1865
XForce ISS Database: curl-location-security-bypass(49030)
http://xforce.iss.net/xforce/xfdb/49030
Common Vulnerability Exposure (CVE) ID: CVE-2009-0632
Cisco Security Advisory: 20090311 Cisco Unified Communications Manager IP Phone Personal Address Book Synchronizer Privilege Escalation Vulnerability
http://www.cisco.com/en/US/products/products_security_advisory09186a0080a8643c.shtml
Cisco Security Advisory: 20090311 Identifying and Mitigating Exploitation of the Cisco Unified Communications Manager IP Phone Personal Address Book Synchronizer Privilege Escalation Vulnerability
http://www.cisco.com/en/US/products/products_applied_mitigation_bulletin09186a0080a86434.html
BugTraq ID: 34082
http://www.securityfocus.com/bid/34082
http://osvdb.org/52589
http://www.securitytracker.com/id?1021839
http://secunia.com/advisories/34238
http://www.vupen.com/english/advisories/2009/0675
XForce ISS Database: cucm-pab-privilege-escalation(49196)
http://xforce.iss.net/xforce/xfdb/49196
Common Vulnerability Exposure (CVE) ID: CVE-2008-1922
http://www.mandriva.com/security/advisories?name=MDVSA-2009:073
SuSE Security Announcement: SUSE-SR:2008:011 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-05/msg00000.html
BugTraq ID: 29141
http://www.securityfocus.com/bid/29141
http://secunia.com/advisories/30202
http://secunia.com/advisories/30156
XForce ISS Database: sarg-unspecified-bo(42321)
http://xforce.iss.net/xforce/xfdb/42321
Common Vulnerability Exposure (CVE) ID: CVE-2009-0478
Bugtraq: 20090204 Squid Proxy Cache Denial of Service in request handling (Google Search)
http://www.securityfocus.com/archive/1/archive/1/500653/100/0/threaded
http://www.milw0rm.com/exploits/8021
http://security.gentoo.org/glsa/glsa-200903-38.xml
http://www.mandriva.com/security/advisories?name=MDVSA-2009:034
SuSE Security Announcement: SUSE-SR:2009:005 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00000.html
BugTraq ID: 33604
http://www.securityfocus.com/bid/33604
http://www.securitytracker.com/id?1021684
http://secunia.com/advisories/33731
http://secunia.com/advisories/34467
CopyrightCopyright (c) 2009 E-Soft Inc. http://www.securityspace.com

This is only one of 39337 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

New User Registration
Email:
UserID:
Passwd:
Please email me your monthly newsletters, informing the latest services, improvements & surveys.
Please email me a vulnerability test announcement whenever a new test is added.
   Privacy
Registered User Login
 
UserID:   
Passwd:  

 Forgot userid or passwd?
Email/Userid:




Home | About Us | Contact Us | Partner Programs | Privacy | Mailing Lists | Abuse
Security Audits | Managed DNS | Network Monitoring | Site Analyzer | Internet Research Reports
Web Probe | Whois

© 1998-2014 E-Soft Inc. All rights reserved.