 |
Inicial ▼ Bookkeeping
Online ▼ Auditorias ▼
DNS
Administrado ▼
Acerca de DNS
Ordenar/Renovar
Preguntas Frecuentes
AUP
Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password Monitoreo
de Redes ▼
Enterprise
Avanzado
Estándarr
Prueba
Preguntas Frecuentes
Resumen de Precio/Funciones
Ordenar
Muestras
Configure/Status Alert Profiles | ||
| ID de Prueba: | 1.3.6.1.4.1.25623.1.0.51541 |
| Categoría: | Conectiva Local Security Checks |
| Título: | Conectiva Security Advisory CLA-2002:532 |
| Resumen: | NOSUMMARY |
| Descripción: | Description: The remote host is missing updates announced in advisory CLA-2002:532. Sendmail is a widely used Mail Transfer Agent (MTA). smrsh is an application intended as a replacement for the sh shell for use with Sendmail. It imposes some restrictions to what programs can be executed when parsing ~ /.forward and system wide mail aliases. Zen-parse and Pedram Amini found two ways[1] to exploit smrsh in order to make it execute any program on the system. The first one is by inserting specially formatted commands in the .forward file located in the user's home directory. The second one is by directly calling smrsh with special parameters. By exploiting this vulnerability, users who have no shell account or are not allowed to execute some programs can use smrsh to bypass such restrictions. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2002-1165 to this issue[2]. Solution: The apt tool can be used to perform RPM package upgrades by running 'apt-get update' followed by 'apt-get upgrade' http://www.sendmail.org/smrsh.adv.txt http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1165 http://www.securityspace.com/smysecure/catid.html?in=CLA-2002:532 http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=002002 Risk factor : Medium CVSS Score: 4.6 |
| Referencia Cruzada: |
BugTraq ID: 5845 Common Vulnerability Exposure (CVE) ID: CVE-2002-1165 http://www.securityfocus.com/bid/5845 Bugtraq: 20021001 iDEFENSE Security Advisory 10.01.02: Sendmail smrsh bypass vulnerabilities (Google Search) http://marc.info/?l=bugtraq&m=103350914307274&w=2 Caldera Security Advisory: CSSA-2002-052.0 Conectiva Linux advisory: CLA-2002:532 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000532 FreeBSD Security Advisory: FreeBSD-SA-02:41 http://www.mandriva.com/security/advisories?name=MDKSA-2002:083 NETBSD Security Advisory: NetBSD-SA2002-023 ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-023.txt.asc http://www.redhat.com/support/errata/RHSA-2003-073.html http://secunia.com/advisories/7826 SGI Security Advisory: 20030101-01-P http://www.iss.net/security_center/static/10232.php |
| Copyright | Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com |
| Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora. |