 |
Startseite ▼ Bookkeeping
Online ▼ Sicherheits
Überprüfungs ▼
Verwaltetes
DNS ▼
Info
Bestellen/Erneuern
FAQ
AUP
Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password Netzwerk
Überwachung ▼
Enterprise
Erweiterte
Standard
Gratis Test
FAQ
Preis/Funktionszusammenfassung
Bestellen
Beispiele
Konfigurieren/Status Alarm Profile | ||
| Test Kennung: | 1.3.6.1.4.1.25623.1.0.54135 |
| Kategorie: | SuSE Local Security Checks |
| Titel: | SuSE Security Advisory SUSE-SA:2002:040 (lprng, html2ps) |
| Zusammenfassung: | NOSUMMARY |
| Beschreibung: | Description: The remote host is missing updates announced in advisory SUSE-SA:2002:040. The lprng package contains the runlpr program which allows the lp user to execute the lpr program as root. Local attackers can pass certain commandline arguments to lpr running as root, fooling it to execute arbitrary commands as root. This has been fixed. Note that this vulnerability can only be exploited if the attacker has previously gained access to the lp account. Additionally, the html2ps printfilter, which is installed as part of the LPRng print system, allowed remote attackers to execute arbitrary commands in the context of the lp user. These two issues combined allow attackers to mount a remote root attack. Solution: Update your system with the packages as indicated in the referenced security advisory. http://www.securityspace.com/smysecure/catid.html?in=SUSE-SA:2002:040 Risk factor : High |
| Copyright | Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com |
| Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten. |