ID de Prueba:	1.3.6.1.4.1.25623.1.0.51474
Categoría:	Conectiva Local Security Checks
Título:	Conectiva Security Advisory CLA-2003:769
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory CLA-2003:769. SANE (Scanner Access Now Easy) is an interface to both local and networked scanners and other image acquisition devices. The sane package contains several scanner drivers, utilities and saned, a application that allows the sharing of scanners across a network. This update fixes several vulnerabilities in the sane package: - Remote vulnerabilities in saned. These vulnerabilities can be exploited by remote attackers to cause a denial of service or even execute arbitrary code with the privileges of the user running saned (which is usually root). The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned[1,2,3,4,5,6] the names CVE-2003-0773, CVE-2003-0774, CVE-2003-0775, CVE-2003-0776, CVE-2003-0777 and CVE-2003-0778 to these issues. - Temporary file handling vulnerabilities (does not affect Conectiva Linux 9). In several sane backends (drivers), temporary files are created in an unsafe manner. A local attacker can exploit these vulnerabilities to overwrite arbitrary system or user files. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2001-0890[7] to this issue. The Conectiva Linux 9 package (sane-1.0.9) also includes fixes for a bug[8] in the plustek driver which may cause hardware damage in EPSON 1260 scanners (previous versions do not contain the driver). Solution: The apt tool can be used to perform RPM package upgrades by running 'apt-get update' followed by 'apt-get upgrade' http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0773 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0774 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0775 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0776 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0777 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0778 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0890 http://www.gjaeger.de/scanner/plustek.html#epson http://www.securityspace.com/smysecure/catid.html?in=CLA-2003:769 http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=002003 Risk factor : High CVSS Score: 7.5
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2003-0773 BugTraq ID: 8593 http://www.securityfocus.com/bid/8593 BugTraq ID: 8595 http://www.securityfocus.com/bid/8595 Debian Security Information: DSA-379 (Google Search) http://www.debian.org/security/2003/dsa-379 http://www.mandriva.com/security/advisories?name=MDKSA-2003:099 http://www.redhat.com/support/errata/RHSA-2003-278.html http://www.redhat.com/support/errata/RHSA-2003-285.html SCO Security Bulletin: CSSA-2004-005.0 ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2004-005.0/CSSA-2004-005.0.txt SuSE Security Announcement: SuSE-SA:2003:046 (Google Search) http://www.novell.com/linux/security/advisories/2003_046_sane.html Common Vulnerability Exposure (CVE) ID: CVE-2003-0774 Common Vulnerability Exposure (CVE) ID: CVE-2003-0775 BugTraq ID: 8600 http://www.securityfocus.com/bid/8600 Common Vulnerability Exposure (CVE) ID: CVE-2003-0776 Common Vulnerability Exposure (CVE) ID: CVE-2003-0777 BugTraq ID: 8597 http://www.securityfocus.com/bid/8597 Common Vulnerability Exposure (CVE) ID: CVE-2003-0778 BugTraq ID: 8596 http://www.securityfocus.com/bid/8596 Common Vulnerability Exposure (CVE) ID: CVE-2001-0890 BugTraq ID: 3987 http://www.securityfocus.com/bid/3987 RedHat Security Advisories: RHSA-2001:171 http://rhn.redhat.com/errata/RHSA-2001-171.html http://www.iss.net/security_center/static/7714.php
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.