ID de Prueba:	1.3.6.1.4.1.25623.1.0.57729
Categoría:	FreeBSD Local Security Checks
Título:	FreeBSD Ports: sql-ledger
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to the system as announced in the referenced advisory. The following package is affected: sql-ledger CVE-2006-4244 SQL-Ledger 2.4.4 through 2.6.17 authenticates users by verifying that the value of the sql-ledger-[username] cookie matches the value of the sessionid parameter, which allows remote attackers to gain access as any logged-in user by setting the cookie and the parameter to the same value. CVE-2006-4731 Multiple directory traversal vulnerabilities in (1) login.pl and (2) admin.pl in (a) SQL-Ledger before 2.6.19 and (b) LedgerSMB before 1.0.0p1 allow remote attackers to execute arbitrary Perl code via an unspecified terminal parameter value containing ../ (dot dot slash). Solution: Update your system with the appropriate patches or software upgrades. http://www.us.debian.org/security/2006/dsa-1239 http://www.vuxml.org/freebsd/0679deeb-8eaf-11db-abc9-0003476f14d3.html CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2006-4244 BugTraq ID: 19758 http://www.securityfocus.com/bid/19758 Bugtraq: 20060830 SQL-Ledger serious security vulnerability and workaround (Google Search) http://www.securityfocus.com/archive/1/444741/100/0/threaded Bugtraq: 20060907 Full Disclosure for SQL-Ledger vulnerability CVE-2006-4244 (Google Search) http://www.securityfocus.com/archive/1/445512 http://secunia.com/advisories/21689 http://securityreason.com/securityalert/1472 XForce ISS Database: sql-ledger-session-unauth-access(28671) https://exchange.xforce.ibmcloud.com/vulnerabilities/28671 Common Vulnerability Exposure (CVE) ID: CVE-2006-4731 BugTraq ID: 19960 http://www.securityfocus.com/bid/19960 Bugtraq: 20060912 LedgerSMB 1.0.0 and SQL-Ledger 2.6.18 and earler arbitrary code execution (Google Search) http://www.securityfocus.com/archive/1/445817/100/0/threaded http://svn.sourceforge.net/viewvc/ledger-smb/trunk/login.pl?r1=53&r2=69 http://secunia.com/advisories/21824 http://secunia.com/advisories/21886 http://securityreason.com/securityalert/1553 http://www.vupen.com/english/advisories/2006/3554 http://www.vupen.com/english/advisories/2006/3555 XForce ISS Database: sqlledger-ledgersmb-terminal-file-include(28885) https://exchange.xforce.ibmcloud.com/vulnerabilities/28885 Common Vulnerability Exposure (CVE) ID: CVE-2006-5872 BugTraq ID: 21634 http://www.securityfocus.com/bid/21634 Bugtraq: 20070127 Full Disclosure: Arbitrary Code Execution in LedgerSMB CVE-2006-5872 (Google Search) http://www.securityfocus.com/archive/1/458300/100/0/threaded Debian Security Information: DSA-1239 (Google Search) http://www.debian.org/security/2006/dsa-1239 http://securitytracker.com/id?1017391 http://secunia.com/advisories/23375 http://secunia.com/advisories/23419 http://www.vupen.com/english/advisories/2006/5043 http://www.vupen.com/english/advisories/2007/0407
Copyright	Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.