Startseite ▼ Bookkeeping
Online ▼ Sicherheits
Überprüfungs ▼
Verwaltetes
DNS ▼
Info
Bestellen/Erneuern
FAQ
AUP
Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password Netzwerk
Überwachung ▼
Enterprise
Erweiterte
Standard
Gratis Test
FAQ
Preis/Funktionszusammenfassung
Bestellen
Beispiele
Konfigurieren/Status Alarm Profile | |||
Test Kennung: | 1.3.6.1.4.1.25623.1.0.881587 |
Kategorie: | CentOS Local Security Checks |
Titel: | CentOS Update for libreport CESA-2013:0215 centos6 |
Zusammenfassung: | The remote host is missing an update for the 'libreport'; package(s) announced via the referenced advisory. |
Beschreibung: | Summary: The remote host is missing an update for the 'libreport' package(s) announced via the referenced advisory. Vulnerability Insight: ABRT (Automatic Bug Reporting Tool) is a tool to help users to detect defects in applications and to create a bug report with all the information needed by a maintainer to fix it. It uses a plug-in system to extend its functionality. libreport provides an API for reporting different problems in applications to different bug targets, such as Bugzilla, FTP, and Trac. It was found that the /usr/libexec/abrt-action-install-debuginfo-to-abrt-cache tool did not sufficiently sanitize its environment variables. This could lead to Python modules being loaded and run from non-standard directories (such as /tmp/). A local attacker could use this flaw to escalate their privileges to that of the abrt user. (CVE-2012-5659) A race condition was found in the way ABRT handled the directories used to store information about crashes. A local attacker with the privileges of the abrt user could use this flaw to perform a symbolic link attack, possibly allowing them to escalate their privileges to root. (CVE-2012-5660) Red Hat would like to thank Martin Carpenter of Citco for reporting the CVE-2012-5660 issue. CVE-2012-5659 was discovered by Miloslav Trma of Red Hat. All users of abrt and libreport are advised to upgrade to these updated packages, which correct these issues. Affected Software/OS: libreport on CentOS 6 Solution: Please install the updated packages. CVSS Score: 6.9 CVSS Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C |
Querverweis: |
Common Vulnerability Exposure (CVE) ID: CVE-2012-5659 https://bugzilla.redhat.com/show_bug.cgi?id=854011 RedHat Security Advisories: RHSA-2013:0215 http://rhn.redhat.com/errata/RHSA-2013-0215.html Common Vulnerability Exposure (CVE) ID: CVE-2012-5660 https://bugzilla.redhat.com/show_bug.cgi?id=887866 |
Copyright | Copyright (c) 2013 Greenbone Networks GmbH |
Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten. |