FreeBSD Local Security Checks : FreeBSD Ports: qpopper

Búsqueda de Vulnerabilidad		Buscar 219043 Descripciones CVE y 99761 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.55812

Categoría: FreeBSD Local Security Checks

Título: FreeBSD Ports: qpopper

Resumen: NOSUMMARY

Descripción: Description:
The remote host is missing an update to the system
as announced in the referenced advisory.

The following package is affected: qpopper

CVE-2005-1151
qpopper 4.0.5 and earlier does not properly drop privileges before
processing certain user-supplied files, which allows local users to
overwrite or create arbitrary files as root.

CVE-2005-1152
popauth.c in qpopper 4.0.5 and earlier does not properly set the
umask, which may cause qpopper to create files with group or
world-writable permissions.

Solution:
Update your system with the appropriate patches or
software upgrades.

http://secunia.com/advisories/15475/
http://www.vuxml.org/freebsd/eb29a575-3381-11da-8340-000e0c2e438a.html

CVSS Score:
7.2

CVSS Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2005-1151
Debian Security Information: DSA-728 (Google Search)
http://www.debian.org/security/2005/dsa-728
http://www.gentoo.org/security/en/glsa/glsa-200505-17.xml
http://bugs.gentoo.org/show_bug.cgi?id=90622
http://secunia.com/advisories/15475
http://secunia.com/advisories/15478
http://secunia.com/advisories/15505
Common Vulnerability Exposure (CVE) ID: CVE-2005-1152
http://bugs.gentoo.org/attachment.cgi?id=58329&action=view

Copyright Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.55812
Categoría:	FreeBSD Local Security Checks
Título:	FreeBSD Ports: qpopper
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to the system as announced in the referenced advisory. The following package is affected: qpopper CVE-2005-1151 qpopper 4.0.5 and earlier does not properly drop privileges before processing certain user-supplied files, which allows local users to overwrite or create arbitrary files as root. CVE-2005-1152 popauth.c in qpopper 4.0.5 and earlier does not properly set the umask, which may cause qpopper to create files with group or world-writable permissions. Solution: Update your system with the appropriate patches or software upgrades. http://secunia.com/advisories/15475/ http://www.vuxml.org/freebsd/eb29a575-3381-11da-8340-000e0c2e438a.html CVSS Score: 7.2 CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2005-1151 Debian Security Information: DSA-728 (Google Search) http://www.debian.org/security/2005/dsa-728 http://www.gentoo.org/security/en/glsa/glsa-200505-17.xml http://bugs.gentoo.org/show_bug.cgi?id=90622 http://secunia.com/advisories/15475 http://secunia.com/advisories/15478 http://secunia.com/advisories/15505 Common Vulnerability Exposure (CVE) ID: CVE-2005-1152 http://bugs.gentoo.org/attachment.cgi?id=58329&action=view
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com