Test Kennung:	1.3.6.1.4.1.25623.1.0.880904
Kategorie:	CentOS Local Security Checks
Titel:	CentOS Update for hanterm-xf CESA-2009:0019-01 centos2 i386
Zusammenfassung:	The remote host is missing an update for the 'hanterm-xf'; package(s) announced via the referenced advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'hanterm-xf' package(s) announced via the referenced advisory. Vulnerability Insight: Hanterm is a replacement for xterm, a X Window System terminal emulator, that supports Hangul input and output. A flaw was found in the Hanterm handling of Device Control Request Status String (DECRQSS) escape sequences. An attacker could create a malicious text file (or log entry, if unfiltered) that could run arbitrary commands if read by a victim inside a Hanterm window. (CVE-2008-2383) All hanterm-xf users are advised to upgrade to the updated package, which contains a backported patch to resolve this issue. All running instances of hanterm must be restarted for the update to take effect. Affected Software/OS: hanterm-xf on CentOS 2 Solution: Please install the updated packages. CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2008-2383 http://lists.apple.com/archives/security-announce/2009/May/msg00002.html BugTraq ID: 33060 http://www.securityfocus.com/bid/33060 Cert/CC Advisory: TA09-133A http://www.us-cert.gov/cas/techalerts/TA09-133A.html Debian Security Information: DSA-1694 (Google Search) http://www.debian.org/security/2009/dsa-1694 https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00072.html https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00184.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9317 http://www.redhat.com/support/errata/RHSA-2009-0018.html http://www.redhat.com/support/errata/RHSA-2009-0019.html http://www.securitytracker.com/id?1021522 http://secunia.com/advisories/33318 http://secunia.com/advisories/33388 http://secunia.com/advisories/33397 http://secunia.com/advisories/33418 http://secunia.com/advisories/33419 http://secunia.com/advisories/33568 http://secunia.com/advisories/33820 http://secunia.com/advisories/35074 http://sunsolve.sun.com/search/document.do?assetkey=1-66-254208-1 SuSE Security Announcement: SUSE-SR:2009:002 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00004.html SuSE Security Announcement: SUSE-SR:2009:003 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00000.html https://usn.ubuntu.com/703-1/ http://www.vupen.com/english/advisories/2009/1297 XForce ISS Database: xterm-decrqss-code-execution(47655) https://exchange.xforce.ibmcloud.com/vulnerabilities/47655
Copyright	Copyright (c) 2011 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.