Turbolinux Local Security Tests : Turbolinux TLSA-2003-8 (cvs)

Búsqueda de Vulnerabilidad		Buscar 219043 Descripciones CVE y 99761 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.52915

Categoría: Turbolinux Local Security Tests

Título: Turbolinux TLSA-2003-8 (cvs)

Resumen: NOSUMMARY

Descripción: Description:

The remote host is missing an update to cvs
announced via advisory TLSA-2003-8.

The CVS server component contains a double-free vulnerability that
can be triggered by a set of specially crafted directory requests.

Remote attackers to execute arbitrary shell commands.

Solution: Please use the turbopkg (zabom) tool to apply the update.
http://www.securityspace.com/smysecure/catid.html?in=TLSA-2003-8

Risk factor : High

CVSS Score:
7.5

Referencia Cruzada: BugTraq ID: 6650
Common Vulnerability Exposure (CVE) ID: CVE-2003-0015
http://www.securityfocus.com/bid/6650
Bugtraq: 20030122 [security@slackware.com: [slackware-security] New CVS packages available] (Google Search)
http://marc.info/?l=bugtraq&m=104333092200589&w=2
Bugtraq: 20030124 Test program for CVS double-free. (Google Search)
http://marc.info/?l=bugtraq&m=104342550612736&w=2
Bugtraq: 20030202 Exploit for CVS double free() for Linux pserver (Google Search)
http://marc.info/?l=bugtraq&m=104428571204468&w=2
Caldera Security Advisory: CSSA-2003-006
http://www.cert.org/advisories/CA-2003-02.html
CERT/CC vulnerability note: VU#650937
http://www.kb.cert.org/vuls/id/650937
Computer Incident Advisory Center Bulletin: N-032
http://www.ciac.org/ciac/bulletins/n-032.shtml
Debian Security Information: DSA-233 (Google Search)
http://www.debian.org/security/2003/dsa-233
FreeBSD Security Advisory: FreeBSD-SA-03:01
http://marc.info/?l=bugtraq&m=104438807203491&w=2
http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:009
http://security.e-matters.de/advisories/012003.html
http://www.redhat.com/support/errata/RHSA-2003-012.html
RedHat Security Advisories: RHSA-2003:013
http://rhn.redhat.com/errata/RHSA-2003-013.html
SuSE Security Announcement: SuSE-SA:2003:0007 (Google Search)
http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0028.html
XForce ISS Database: cvs-doublefree-memory-corruption(11108)
https://exchange.xforce.ibmcloud.com/vulnerabilities/11108

Copyright Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.52915
Categoría:	Turbolinux Local Security Tests
Título:	Turbolinux TLSA-2003-8 (cvs)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to cvs announced via advisory TLSA-2003-8. The CVS server component contains a double-free vulnerability that can be triggered by a set of specially crafted directory requests. Remote attackers to execute arbitrary shell commands. Solution: Please use the turbopkg (zabom) tool to apply the update. http://www.securityspace.com/smysecure/catid.html?in=TLSA-2003-8 Risk factor : High CVSS Score: 7.5
Referencia Cruzada:	BugTraq ID: 6650 Common Vulnerability Exposure (CVE) ID: CVE-2003-0015 http://www.securityfocus.com/bid/6650 Bugtraq: 20030122 [security@slackware.com: [slackware-security] New CVS packages available] (Google Search) http://marc.info/?l=bugtraq&m=104333092200589&w=2 Bugtraq: 20030124 Test program for CVS double-free. (Google Search) http://marc.info/?l=bugtraq&m=104342550612736&w=2 Bugtraq: 20030202 Exploit for CVS double free() for Linux pserver (Google Search) http://marc.info/?l=bugtraq&m=104428571204468&w=2 Caldera Security Advisory: CSSA-2003-006 http://www.cert.org/advisories/CA-2003-02.html CERT/CC vulnerability note: VU#650937 http://www.kb.cert.org/vuls/id/650937 Computer Incident Advisory Center Bulletin: N-032 http://www.ciac.org/ciac/bulletins/n-032.shtml Debian Security Information: DSA-233 (Google Search) http://www.debian.org/security/2003/dsa-233 FreeBSD Security Advisory: FreeBSD-SA-03:01 http://marc.info/?l=bugtraq&m=104438807203491&w=2 http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:009 http://security.e-matters.de/advisories/012003.html http://www.redhat.com/support/errata/RHSA-2003-012.html RedHat Security Advisories: RHSA-2003:013 http://rhn.redhat.com/errata/RHSA-2003-013.html SuSE Security Announcement: SuSE-SA:2003:0007 (Google Search) http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0028.html XForce ISS Database: cvs-doublefree-memory-corruption(11108) https://exchange.xforce.ibmcloud.com/vulnerabilities/11108
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com