Startseite ▼ Bookkeeping
Online ▼ Sicherheits
Überprüfungs ▼
Verwaltetes
DNS ▼
Info
Bestellen/Erneuern
FAQ
AUP
Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password Netzwerk
Überwachung ▼
Enterprise
Erweiterte
Standard
Gratis Test
FAQ
Preis/Funktionszusammenfassung
Bestellen
Beispiele
Konfigurieren/Status Alarm Profile | |||
Test Kennung: | 1.3.6.1.4.1.25623.1.0.50824 |
Kategorie: | Mandrake Local Security Checks |
Titel: | Mandrake Security Advisory MDKSA-2002:047 (util-linux) |
Zusammenfassung: | NOSUMMARY |
Beschreibung: | Description: The remote host is missing an update to util-linux announced via advisory MDKSA-2002:047. Michal Zalewski found a vulnerability in the util-linux package with the chfn utility. This utility allows users to modify some information in the /etc/passwd file, and is installed setuid root. Using a carefully crafted attack sequence, an attacker can exploit a complex file locking and modification race that would allow them to make changes to the /etc/passwd file. To successfully exploit this vulnerability and obtain privilege escalation, there is a need for some administrator interaction, and the password file must over over 4kb in size the attacker's entry cannot be in the last 4kb of the file. Affected versions: 7.1, 7.2, 8.0, 8.1, 8.2, Corporate Server 1.0.1, Single Network Firewall 7.2 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. http://www.securityspace.com/smysecure/catid.html?in=MDKSA-2002:047 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0638 http://www.kb.cert.org/vuls/id/405955 Risk factor : High CVSS Score: 6.2 |
Querverweis: |
BugTraq ID: 5344 Common Vulnerability Exposure (CVE) ID: CVE-2002-0638 http://www.securityfocus.com/bid/5344 Bugtraq: 20020729 RAZOR advisory: Linux util-linux chfn local root vulnerability (Google Search) http://marc.info/?l=bugtraq&m=102795787713996&w=2 Bugtraq: 20020730 TSLSA-2002-0064 - util-linux (Google Search) http://archives.neohapsis.com/archives/bugtraq/2002-07/0396.html Caldera Security Advisory: CSSA-2002-043.0 ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-043.0.txt CERT/CC vulnerability note: VU#405955 http://www.kb.cert.org/vuls/id/405955 Conectiva Linux advisory: CLA-2002:523 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000523 HPdes Security Advisory: HPSBTL0207-054 http://online.securityfocus.com/advisories/4320 http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-047.php http://www.osvdb.org/5164 RedHat Security Advisories: RHSA-2002:132 http://rhn.redhat.com/errata/RHSA-2002-132.html http://www.redhat.com/support/errata/RHSA-2002-137.html http://archives.neohapsis.com/archives/bugtraq/2002-07/0357.html http://www.iss.net/security_center/static/9709.php |
Copyright | Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com |
Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten. |