F5 Local Security Checks : F5 BIG-IP - MCPD vulnerability CVE-2016-7474

Búsqueda de Vulnerabilidad		Buscar 219043 Descripciones CVE y 99761 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.140221

Categoría: F5 Local Security Checks

Título: F5 BIG-IP - MCPD vulnerability CVE-2016-7474

Resumen: In some cases the MCPD binary cache may allow a user with Advanced Shell access, or privileges to generate a qkview, to temporarily obtain normally unrecoverable information.

Descripción: Summary:
In some cases the MCPD binary cache may allow a user with Advanced Shell access, or privileges to generate a qkview, to temporarily obtain normally unrecoverable information.

Vulnerability Impact:
A local user may have access to sensitive data such as passwords for recently created local user accounts and passphrases that have been set since the last reboot.

Solution:
See the referenced vendor advisory for a solution.

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:N

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2016-7474
BugTraq ID: 97198
http://www.securityfocus.com/bid/97198
http://www.securitytracker.com/id/1038133
Common Vulnerability Exposure (CVE) ID: CVE-2016-9244
BugTraq ID: 96143
http://www.securityfocus.com/bid/96143
https://www.exploit-db.com/exploits/41298/
http://packetstormsecurity.com/files/141017/Ticketbleed-F5-TLS-Information-Disclosure.html
https://blog.filippo.io/finding-ticketbleed/
https://filippo.io/Ticketbleed/
https://github.com/0x00string/oldays/blob/master/CVE-2016-9244.py
http://www.securitytracker.com/id/1037800

Copyright Copyright (C) 2017 Greenbone Networks GmbH

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.140221
Categoría:	F5 Local Security Checks
Título:	F5 BIG-IP - MCPD vulnerability CVE-2016-7474
Resumen:	In some cases the MCPD binary cache may allow a user with Advanced Shell access, or privileges to generate a qkview, to temporarily obtain normally unrecoverable information.
Descripción:	Summary: In some cases the MCPD binary cache may allow a user with Advanced Shell access, or privileges to generate a qkview, to temporarily obtain normally unrecoverable information. Vulnerability Impact: A local user may have access to sensitive data such as passwords for recently created local user accounts and passphrases that have been set since the last reboot. Solution: See the referenced vendor advisory for a solution. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2016-7474 BugTraq ID: 97198 http://www.securityfocus.com/bid/97198 http://www.securitytracker.com/id/1038133 Common Vulnerability Exposure (CVE) ID: CVE-2016-9244 BugTraq ID: 96143 http://www.securityfocus.com/bid/96143 https://www.exploit-db.com/exploits/41298/ http://packetstormsecurity.com/files/141017/Ticketbleed-F5-TLS-Information-Disclosure.html https://blog.filippo.io/finding-ticketbleed/ https://filippo.io/Ticketbleed/ https://github.com/0x00string/oldays/blob/master/CVE-2016-9244.py http://www.securitytracker.com/id/1037800
Copyright	Copyright (C) 2017 Greenbone Networks GmbH