Ubuntu Local Security Checks : Ubuntu USN-732-1 (dash)

Price/Feature Summary | Order | New Vulnerabilities | Confidentiality | Vulnerability Search

Vulnerability Search		Search 61204 CVE descriptions and 32582 test descriptions, access 10,000+ cross references.
	Tests CVE All

This is only one of 32582 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

New User Registration
Email:

UserID:

Passwd:

Please email me your monthly newsletters, informing the latest services, improvements & surveys.

Please email me a vulnerability test announcement whenever a new test is added.

Privacy

Registered User Login

UserID:

Passwd:

Forgot userid or passwd?

Email/Userid:

Test ID:	1.3.6.1.4.1.25623.1.0.63563
Category:	Ubuntu Local Security Checks
Title:	Ubuntu USN-732-1 (dash)
Summary:	Ubuntu USN-732-1 (dash)
Description:	The remote host is missing an update to dash announced via advisory USN-732-1. Details follow: Wolfgang M. Reimer discovered that dash, when invoked as a login shell, would source .profile files from the current directory. Local users may be able to bypass security restrictions and gain root privileges by placing specially crafted .profile files where they might get sourced by other dash users. Solution: The problem can be corrected by upgrading your system to the following package versions: Ubuntu 8.04 LTS: dash 0.5.4-8ubuntu1.1 Ubuntu 8.10: dash 0.5.4-9ubuntu1.1 In general, a standard system upgrade is sufficient to effect the necessary changes. http://www.securityspace.com/smysecure/catid.html?in=USN-732-1
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2009-0854 http://www.ubuntu.com/usn/USN-732-1 BugTraq ID: 34092 http://www.securityfocus.com/bid/34092 http://secunia.com/advisories/34205 XForce ISS Database: dash-profile-code-execution(49216) http://xforce.iss.net/xforce/xfdb/49216 Common Vulnerability Exposure (CVE) ID: CVE-2009-0675 Bugtraq: 20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components (Google Search) http://www.securityfocus.com/archive/1/archive/1/507985/100/0/threaded http://lists.openwall.net/netdev/2009/01/28/90 http://openwall.com/lists/oss-security/2009/02/20/2 Debian Security Information: DSA-1749 (Google Search) http://www.debian.org/security/2009/dsa-1749 Debian Security Information: DSA-1787 (Google Search) http://www.debian.org/security/2009/dsa-1787 Debian Security Information: DSA-1794 (Google Search) http://www.debian.org/security/2009/dsa-1794 http://www.mandriva.com/security/advisories?name=MDVSA-2009:071 http://www.redhat.com/support/errata/RHSA-2009-0360.html http://www.redhat.com/support/errata/RHSA-2009-0326.html SuSE Security Announcement: SUSE-SA:2009:031 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00001.html http://www.ubuntu.com/usn/usn-751-1 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11529 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:8685 http://secunia.com/advisories/33938 http://secunia.com/advisories/34394 http://secunia.com/advisories/33758 http://secunia.com/advisories/34502 http://secunia.com/advisories/34680 http://secunia.com/advisories/34981 http://secunia.com/advisories/35011 http://secunia.com/advisories/35394 http://secunia.com/advisories/37471 http://www.vupen.com/english/advisories/2009/3316 Common Vulnerability Exposure (CVE) ID: CVE-2009-0676 http://lkml.org/lkml/2009/2/12/123 http://openwall.com/lists/oss-security/2009/02/20/1 http://marc.info/?l=linux-kernel&m=123540732700371&w=2 http://www.openwall.com/lists/oss-security/2009/02/24/1 http://www.openwall.com/lists/oss-security/2009/03/02/6 RedHat Security Advisories: RHSA-2009:0459 http://rhn.redhat.com/errata/RHSA-2009-0459.html SuSE Security Announcement: SUSE-SA:2009:021 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00007.html SuSE Security Announcement: SUSE-SA:2009:030 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00000.html BugTraq ID: 33846 http://www.securityfocus.com/bid/33846 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11653 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:8618 http://secunia.com/advisories/34786 http://secunia.com/advisories/34962 http://secunia.com/advisories/35390 XForce ISS Database: kernel-sock-information-disclosure(48847) http://xforce.iss.net/xforce/xfdb/48847 Common Vulnerability Exposure (CVE) ID: CVE-2009-0759 http://www.openwall.com/lists/oss-security/2009/03/01/2 Debian Security Information: DSA-1735 (Google Search) http://www.debian.org/security/2009/dsa-1735 http://osvdb.org/52295 http://secunia.com/advisories/34230 Common Vulnerability Exposure (CVE) ID: CVE-2009-0660 Debian Security Information: DSA-1736 (Google Search) http://www.debian.org/security/2009/dsa-1736 BugTraq ID: 34064 http://www.securityfocus.com/bid/34064 http://secunia.com/advisories/34222 http://secunia.com/advisories/34231 http://www.vupen.com/english/advisories/2009/0665 XForce ISS Database: mahara-userprofile-xss(49168) http://xforce.iss.net/xforce/xfdb/49168 Common Vulnerability Exposure (CVE) ID: CVE-2008-2086 Bugtraq: 20081204 CVE-2008-2086: Java Web Start File Inclusion via System PropertiesOverride (Google Search) http://www.securityfocus.com/archive/1/archive/1/498907/100/0/threaded http://www.vsecurity.com/bulletins/advisories/2008/JWS-props.txt http://lists.apple.com/archives/security-announce/2009/Feb/msg00003.html http://security.gentoo.org/glsa/glsa-200911-02.xml HPdes Security Advisory: HPSBUX02411 http://marc.info/?l=bugtraq&m=123678756409861&w=2 HPdes Security Advisory: SSRT080111 RedHat Security Advisories: RHSA-2008:1018 RedHat Security Advisories: RHSA-2008:1025 http://rhn.redhat.com/errata/RHSA-2008-1025.html http://www.redhat.com/support/errata/RHSA-2009-0015.html http://www.redhat.com/support/errata/RHSA-2009-0016.html http://www.redhat.com/support/errata/RHSA-2009-0445.html http://sunsolve.sun.com/search/document.do?assetkey=1-26-244988-1 SuSE Security Announcement: SUSE-SA:2009:007 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00009.html SuSE Security Announcement: SUSE-SA:2009:018 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00004.html SuSE Security Announcement: SUSE-SR:2009:010 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html Cert/CC Advisory: TA08-340A http://www.us-cert.gov/cas/techalerts/TA08-340A.html BugTraq ID: 32620 http://www.securityfocus.com/bid/32620 http://osvdb.org/50510 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5601 http://www.securitytracker.com/id?1021318 http://secunia.com/advisories/32991 http://secunia.com/advisories/33015 http://secunia.com/advisories/33710 http://secunia.com/advisories/33528 http://secunia.com/advisories/34233 http://secunia.com/advisories/34605 http://secunia.com/advisories/34889 http://secunia.com/advisories/35065 http://secunia.com/advisories/37386 http://secunia.com/advisories/38539 http://securityreason.com/securityalert/4693 http://www.vupen.com/english/advisories/2009/0424 http://www.vupen.com/english/advisories/2009/0672 Common Vulnerability Exposure (CVE) ID: CVE-2008-5339 http://rhn.redhat.com/errata/RHSA-2008-1018.html http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6409 http://www.vupen.com/english/advisories/2008/3339 Common Vulnerability Exposure (CVE) ID: CVE-2008-5340 http://www.redhat.com/support/errata/RHSA-2009-0369.html http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6627 http://secunia.com/advisories/34447 Common Vulnerability Exposure (CVE) ID: CVE-2008-5341 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6529 Common Vulnerability Exposure (CVE) ID: CVE-2008-5342 http://osvdb.org/50514 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6359 Common Vulnerability Exposure (CVE) ID: CVE-2008-5343 http://xs-sniper.com/blog/2008/12/17/sun-fixes-gifars/ BugTraq ID: 32892 http://www.securityfocus.com/bid/32892 http://osvdb.org/50512 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5924 Common Vulnerability Exposure (CVE) ID: CVE-2008-5344 http://osvdb.org/50513 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6249 XForce ISS Database: jre-appletclass-security-bypass(47057) http://xforce.iss.net/xforce/xfdb/47057 Common Vulnerability Exposure (CVE) ID: CVE-2008-5345 RedHat Security Advisories: RHSA-2009:0466 https://rhn.redhat.com/errata/RHSA-2009-0466.html http://sunsolve.sun.com/search/document.do?assetkey=1-26-246387-1 http://osvdb.org/50508 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6059 http://secunia.com/advisories/34972 http://www.securitytracker.com/id?1021305 Common Vulnerability Exposure (CVE) ID: CVE-2008-5347 http://sunsolve.sun.com/search/document.do?assetkey=1-26-246366-1 http://sunsolve.sun.com/search/document.do?assetkey=1-77-1019798.1-1 SuSE Security Announcement: SUSE-SR:2009:006 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00001.html BugTraq ID: 32608 http://www.securityfocus.com/bid/32608 http://osvdb.org/50506 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5633 http://secunia.com/advisories/34259 http://www.securitytracker.com/id?1021307 http://secunia.com/advisories/33709 XForce ISS Database: jre-jaxws-jaxb-privilege-escalation(47068) http://xforce.iss.net/xforce/xfdb/47068 Common Vulnerability Exposure (CVE) ID: CVE-2008-5348 http://sunsolve.sun.com/search/document.do?assetkey=1-26-246346-1 http://sunsolve.sun.com/search/document.do?assetkey=1-77-1019797.1-1 http://osvdb.org/50505 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6549 Common Vulnerability Exposure (CVE) ID: CVE-2008-5350 http://sunsolve.sun.com/search/document.do?assetkey=1-26-246266-1 http://osvdb.org/50503 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6424 http://www.securitytracker.com/id?1021310 Common Vulnerability Exposure (CVE) ID: CVE-2008-5351 http://sunsolve.sun.com/search/document.do?assetkey=1-26-245246-1 http://osvdb.org/50502 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6212 http://www.securitytracker.com/id?1021311 Common Vulnerability Exposure (CVE) ID: CVE-2008-5353 Bugtraq: 20090524 Hardening OSX against CVE-2008-5353 (Google Search) http://www.securityfocus.com/archive/1/archive/1/503797/100/0/threaded http://blog.cr0.org/2009/05/write-once-own-everyone.html http://landonf.bikemonkey.org/code/macosx/CVE-2008-5353.20090519.html http://sunsolve.sun.com/search/document.do?assetkey=1-26-244991-1 http://osvdb.org/50500 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6511 http://www.securitytracker.com/id?1021313 http://secunia.com/advisories/35118 http://www.vupen.com/english/advisories/2009/1391 Common Vulnerability Exposure (CVE) ID: CVE-2008-5354 http://www.ximido.de/research/advisories/SM_Java-BO_200811.txt http://sunsolve.sun.com/search/document.do?assetkey=1-26-244990-1 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6537 XForce ISS Database: jre-commandline-privilege-escalation(47060) http://xforce.iss.net/xforce/xfdb/47060 Common Vulnerability Exposure (CVE) ID: CVE-2008-5356 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=757 http://sunsolve.sun.com/search/document.do?assetkey=1-26-244987-1 http://osvdb.org/50516 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6494 http://secunia.com/advisories/33187 XForce ISS Database: jre-truetype-font-bo(47103) http://xforce.iss.net/xforce/xfdb/47103 Common Vulnerability Exposure (CVE) ID: CVE-2008-5357 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=760 http://osvdb.org/50517 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6505 XForce ISS Database: jre-font-privilege-escalation(47050) http://xforce.iss.net/xforce/xfdb/47050 Common Vulnerability Exposure (CVE) ID: CVE-2008-5358 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=758 http://osvdb.org/50515 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6319 XForce ISS Database: jre-gif-images-privilege-escalation(47049) http://xforce.iss.net/xforce/xfdb/47049 Common Vulnerability Exposure (CVE) ID: CVE-2008-5359 http://www.zerodayinitiative.com/advisories/ZDI-08-080/ http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5841 XForce ISS Database: jre-image-processing-privilege-escalation(47048) http://xforce.iss.net/xforce/xfdb/47048 Common Vulnerability Exposure (CVE) ID: CVE-2008-5360 http://sunsolve.sun.com/search/document.do?assetkey=1-26-244986-1 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6596 http://www.securitytracker.com/id?1021316 XForce ISS Database: jre-guessable-file-unauth-access(47045) http://xforce.iss.net/xforce/xfdb/47045 Common Vulnerability Exposure (CVE) ID: CVE-2009-0712 HPdes Security Advisory: HPSBMA02412 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01655638 HPdes Security Advisory: SSRT080040 HPdes Security Advisory: HPSBMA02413 http://marc.info/?l=bugtraq&m=123688841217193&w=2 BugTraq ID: 34078 http://www.securityfocus.com/bid/34078 http://osvdb.org/52592 http://www.securitytracker.com/id?1021835 http://secunia.com/advisories/34243 http://secunia.com/advisories/34276 http://www.vupen.com/english/advisories/2009/0671 Common Vulnerability Exposure (CVE) ID: CVE-2009-0713 http://osvdb.org/52591 http://www.securitytracker.com/id?1021836 Common Vulnerability Exposure (CVE) ID: CVE-2008-4546 Bugtraq: 20081002 Adobe Flash Player plug-in null pointer dereference and browser crash (Google Search) http://www.securityfocus.com/archive/1/archive/1/496929/100/0/threaded http://www.mochimedia.com/~matthew/flashcrash/ http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html http://security.gentoo.org/glsa/glsa-201101-09.xml HPdes Security Advisory: HPSBMA02547 http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751 HPdes Security Advisory: SSRT100179 http://www.redhat.com/support/errata/RHSA-2010-0464.html http://www.redhat.com/support/errata/RHSA-2010-0470.html SuSE Security Announcement: SUSE-SR:2008:025 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html SuSE Security Announcement: SUSE-SA:2010:024 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00000.html SuSE Security Announcement: SUSE-SR:2010:013 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html TurboLinux Advisory: TLSA-2010-19 http://www.turbolinux.co.jp/security/2010/TLSA-2010-19j.txt Cert/CC Advisory: TA10-162A http://www.us-cert.gov/cas/techalerts/TA10-162A.html BugTraq ID: 31537 http://www.securityfocus.com/bid/31537 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:7187 http://securitytracker.com/id?1024085 http://securitytracker.com/id?1024086 http://secunia.com/advisories/32759 http://secunia.com/advisories/40545 http://secunia.com/advisories/43026 http://securityreason.com/securityalert/4401 http://www.vupen.com/english/advisories/2010/1453 http://www.vupen.com/english/advisories/2010/1421 http://www.vupen.com/english/advisories/2010/1432 http://www.vupen.com/english/advisories/2010/1434 http://www.vupen.com/english/advisories/2010/1482 http://www.vupen.com/english/advisories/2010/1522 http://www.vupen.com/english/advisories/2010/1793 http://www.vupen.com/english/advisories/2011/0192 XForce ISS Database: adobe-flash-version-dos(45630) http://xforce.iss.net/xforce/xfdb/45630 Common Vulnerability Exposure (CVE) ID: CVE-2009-0037 Bugtraq: 20090312 rPSA-2009-0042-1 curl (Google Search) http://www.securityfocus.com/archive/1/archive/1/501757/100/0/threaded Bugtraq: 20090711 VMSA-2009-0009 ESX Service Console updates for udev, sudo, and curl (Google Search) http://www.securityfocus.com/archive/1/archive/1/504849/100/0/threaded http://lists.vmware.com/pipermail/security-announce/2009/000060.html http://www.withdk.com/2009/03/03/curllibcurl-redirect-arbitrary-file-access/ http://www.withdk.com/archives/Libcurl_arbitrary_file_access.pdf http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html Debian Security Information: DSA-1738 (Google Search) http://www.debian.org/security/2009/dsa-1738 http://security.gentoo.org/glsa/glsa-200903-21.xml http://www.redhat.com/support/errata/RHSA-2009-0341.html http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.476602 http://www.ubuntu.com/usn/USN-726-1 BugTraq ID: 33962 http://www.securityfocus.com/bid/33962 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11054 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6074 http://www.securitytracker.com/id?1021783 http://secunia.com/advisories/34138 http://secunia.com/advisories/34202 http://secunia.com/advisories/34255 http://secunia.com/advisories/34237 http://secunia.com/advisories/34251 http://secunia.com/advisories/34399 http://secunia.com/advisories/35766 http://www.vupen.com/english/advisories/2009/0581 http://www.vupen.com/english/advisories/2009/1865 XForce ISS Database: curl-location-security-bypass(49030) http://xforce.iss.net/xforce/xfdb/49030 Common Vulnerability Exposure (CVE) ID: CVE-2009-0632 Cisco Security Advisory: 20090311 Cisco Unified Communications Manager IP Phone Personal Address Book Synchronizer Privilege Escalation Vulnerability http://www.cisco.com/en/US/products/products_security_advisory09186a0080a8643c.shtml Cisco Security Advisory: 20090311 Identifying and Mitigating Exploitation of the Cisco Unified Communications Manager IP Phone Personal Address Book Synchronizer Privilege Escalation Vulnerability http://www.cisco.com/en/US/products/products_applied_mitigation_bulletin09186a0080a86434.html BugTraq ID: 34082 http://www.securityfocus.com/bid/34082 http://osvdb.org/52589 http://www.securitytracker.com/id?1021839 http://secunia.com/advisories/34238 http://www.vupen.com/english/advisories/2009/0675 XForce ISS Database: cucm-pab-privilege-escalation(49196) http://xforce.iss.net/xforce/xfdb/49196 Common Vulnerability Exposure (CVE) ID: CVE-2008-1922 http://www.mandriva.com/security/advisories?name=MDVSA-2009:073 SuSE Security Announcement: SUSE-SR:2008:011 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2008-05/msg00000.html BugTraq ID: 29141 http://www.securityfocus.com/bid/29141 http://secunia.com/advisories/30202 http://secunia.com/advisories/30156 XForce ISS Database: sarg-unspecified-bo(42321) http://xforce.iss.net/xforce/xfdb/42321 Common Vulnerability Exposure (CVE) ID: CVE-2009-0478 Bugtraq: 20090204 Squid Proxy Cache Denial of Service in request handling (Google Search) http://www.securityfocus.com/archive/1/archive/1/500653/100/0/threaded http://www.milw0rm.com/exploits/8021 http://security.gentoo.org/glsa/glsa-200903-38.xml http://www.mandriva.com/security/advisories?name=MDVSA-2009:034 SuSE Security Announcement: SUSE-SR:2009:005 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00000.html BugTraq ID: 33604 http://www.securityfocus.com/bid/33604 http://www.securitytracker.com/id?1021684 http://secunia.com/advisories/33731 http://secunia.com/advisories/34467
Copyright	Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com