Anfälligkeitssuche        Suche in 219043 CVE Beschreibungen
und 99761 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.0.51484
Kategorie:Conectiva Local Security Checks
Titel:Conectiva Security Advisory CLA-2003:783
Zusammenfassung:NOSUMMARY
Beschreibung:Description:

The remote host is missing updates announced in
advisory CLA-2003:783.

HylaFAX[1] is an Open Source software package used for sending and
receiving facsimiles. It allows the sharing of a single fax equipment
with clients through a server called hfaxd.

The SuSE Security Team found a format string vulnerability[2] in the
HylaFAX daemon (hfaxd) during a code audit. This vulnerability can be
exploited by a remote attacker to execute arbitrary code with the
privileges of the root user in the host where hfaxd is running. The
packages included with this announcement contain a patch[3] to fix
this issue.

To be vulnerable, the 0x002 bit for the 'ServerTracing' configuration
parameter must be set. This setting is usually used with depuration
purposes and is not set by default.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CVE-2003-0886[4] to this issue.


Solution:
The apt tool can be used to perform RPM package upgrades
by running 'apt-get update' followed by 'apt-get upgrade'

http://www.hylafax.org
http://www.securityfocus.com/archive/1/344134
http://bugs.hylafax.org/bugzilla/show_bug.cgi?id=468
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0886
http://www.securityspace.com/smysecure/catid.html?in=CLA-2003:783
http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=002003

Risk factor : Critical

CVSS Score:
10.0

Querverweis: BugTraq ID: 9005
Common Vulnerability Exposure (CVE) ID: CVE-2003-0886
Bugtraq: 20031111 HylaFAX - Format String Vulnerability Fixed (Google Search)
http://marc.info/?l=bugtraq&m=106858898708752&w=2
Conectiva Linux advisory: CLA-2003:783
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000783
Debian Security Information: DSA-401 (Google Search)
http://www.debian.org/security/2003/dsa-401
http://www.mandriva.com/security/advisories?name=MDKSA-2003:105
SuSE Security Announcement: SuSE-SA:2003:045 (Google Search)
http://www.novell.com/linux/security/advisories/2003_045_hylafax.html
CopyrightCopyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.




© 1998-2024 E-Soft Inc. Alle Rechte vorbehalten.