Startseite ▼ Bookkeeping
Online ▼ Sicherheits
Überprüfungs ▼
Verwaltetes
DNS ▼
Info
Bestellen/Erneuern
FAQ
AUP
Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password Netzwerk
Überwachung ▼
Enterprise
Erweiterte
Standard
Gratis Test
FAQ
Preis/Funktionszusammenfassung
Bestellen
Beispiele
Konfigurieren/Status Alarm Profile | |||
Test Kennung: | 1.3.6.1.4.1.25623.1.0.120162 |
Kategorie: | Amazon Linux Local Security Checks |
Titel: | Amazon Linux: Security Advisory (ALAS-2014-299) |
Zusammenfassung: | The remote host is missing an update announced via the referenced Security Advisory. |
Beschreibung: | Summary: The remote host is missing an update announced via the referenced Security Advisory. Vulnerability Insight: Use-after-free vulnerability in lighttpd before 1.4.33 allows remote attackers to cause a denial of service (segmentation fault and crash) via unspecified vectors that trigger FAMMonitorDirectory failures. lighttpd before 1.4.34, when SNI is enabled, configures weak SSL ciphers, which makes it easier for remote attackers to hijack sessions by inserting packets into the client-server data stream or obtain sensitive information by sniffing the network. lighttpd before 1.4.33 does not check the return value of the (1) setuid, (2) setgid, or (3) setgroups functions, which might cause lighttpd to run as root if it is restarted and allows remote attackers to gain privileges, as demonstrated by multiple calls to the clone function that cause setuid to fail when the user process limit is reached. Solution: Run yum update lighttpd to update your system. CVSS Score: 7.6 CVSS Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C |
Querverweis: |
Common Vulnerability Exposure (CVE) ID: CVE-2013-4560 Debian Security Information: DSA-2795 (Google Search) https://www.debian.org/security/2013/dsa-2795 HPdes Security Advisory: HPSBGN03191 http://marc.info/?l=bugtraq&m=141576815022399&w=2 http://jvn.jp/en/jp/JVN37417423/index.html http://www.openwall.com/lists/oss-security/2013/11/12/4 http://secunia.com/advisories/55682 SuSE Security Announcement: openSUSE-SU-2014:0072 (Google Search) http://lists.opensuse.org/opensuse-updates/2014-01/msg00049.html Common Vulnerability Exposure (CVE) ID: CVE-2013-4508 http://openwall.com/lists/oss-security/2013/11/04/19 Common Vulnerability Exposure (CVE) ID: CVE-2013-4559 |
Copyright | Copyright (C) 2015 Eero Volotinen |
Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten. |