Gentoo Local Security Checks : Gentoo Security Advisory GLSA 200411-15 (OpenSSL)

Búsqueda de Vulnerabilidad		Buscar 219043 Descripciones CVE y 99761 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.54736

Categoría: Gentoo Local Security Checks

Título: Gentoo Security Advisory GLSA 200411-15 (OpenSSL)

Resumen: NOSUMMARY

Descripción: Description:
The remote host is missing updates announced in
advisory GLSA 200411-15.

groffer, included in the Groff package, and the der_chop script, included
in the OpenSSL package, are both vulnerable to symlink attacks,
potentially allowing a local user to overwrite arbitrary files with the
rights of the user running the utility.

Solution:
All Groff users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose '>=sys-apps/groff-1.19.1-r2'

All OpenSSL users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose '>=dev-libs/openssl-0.9.7d-r2'

Note: /etc/ssl/misc/der_chop is protected by Portage as a configuration
file. Don't forget to use etc-update and overwrite the old version with
the new one.

http://www.securityspace.com/smysecure/catid.html?in=GLSA%20200411-15
http://bugs.gentoo.org/show_bug.cgi?id=68404
http://bugs.gentoo.org/show_bug.cgi?id=68407

CVSS Score:
2.1

CVSS Vector:
AV:L/AC:L/Au:N/C:N/I:P/A:N

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2004-0969
BugTraq ID: 11287
http://www.securityfocus.com/bid/11287
http://www.gentoo.org/security/en/glsa/glsa-200411-15.xml
http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:038
http://secunia.com/advisories/18764
http://www.trustix.org/errata/2004/0050
XForce ISS Database: script-temporary-file-overwrite(17583)
https://exchange.xforce.ibmcloud.com/vulnerabilities/17583
Common Vulnerability Exposure (CVE) ID: CVE-2004-0975
BugTraq ID: 11293
http://www.securityfocus.com/bid/11293
Debian Security Information: DSA-603 (Google Search)
http://www.debian.org/security/2004/dsa-603
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10621
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A164
http://www.redhat.com/support/errata/RHSA-2005-476.html
http://secunia.com/advisories/12973

Copyright Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.54736
Categoría:	Gentoo Local Security Checks
Título:	Gentoo Security Advisory GLSA 200411-15 (OpenSSL)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory GLSA 200411-15. groffer, included in the Groff package, and the der_chop script, included in the OpenSSL package, are both vulnerable to symlink attacks, potentially allowing a local user to overwrite arbitrary files with the rights of the user running the utility. Solution: All Groff users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=sys-apps/groff-1.19.1-r2' All OpenSSL users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=dev-libs/openssl-0.9.7d-r2' Note: /etc/ssl/misc/der_chop is protected by Portage as a configuration file. Don't forget to use etc-update and overwrite the old version with the new one. http://www.securityspace.com/smysecure/catid.html?in=GLSA%20200411-15 http://bugs.gentoo.org/show_bug.cgi?id=68404 http://bugs.gentoo.org/show_bug.cgi?id=68407 CVSS Score: 2.1 CVSS Vector: AV:L/AC:L/Au:N/C:N/I:P/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2004-0969 BugTraq ID: 11287 http://www.securityfocus.com/bid/11287 http://www.gentoo.org/security/en/glsa/glsa-200411-15.xml http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:038 http://secunia.com/advisories/18764 http://www.trustix.org/errata/2004/0050 XForce ISS Database: script-temporary-file-overwrite(17583) https://exchange.xforce.ibmcloud.com/vulnerabilities/17583 Common Vulnerability Exposure (CVE) ID: CVE-2004-0975 BugTraq ID: 11293 http://www.securityfocus.com/bid/11293 Debian Security Information: DSA-603 (Google Search) http://www.debian.org/security/2004/dsa-603 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10621 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A164 http://www.redhat.com/support/errata/RHSA-2005-476.html http://secunia.com/advisories/12973
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com