Startseite ▼ Bookkeeping
Online ▼ Sicherheits
Überprüfungs ▼
Verwaltetes
DNS ▼
Info
Bestellen/Erneuern
FAQ
AUP
Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password Netzwerk
Überwachung ▼
Enterprise
Erweiterte
Standard
Gratis Test
FAQ
Preis/Funktionszusammenfassung
Bestellen
Beispiele
Konfigurieren/Status Alarm Profile | |||
Test Kennung: | 1.3.6.1.4.1.25623.1.0.62904 |
Kategorie: | Red Hat Local Security Checks |
Titel: | RedHat Security Advisory RHSA-2008:0193 |
Zusammenfassung: | NOSUMMARY |
Beschreibung: | Description: The remote host is missing updates announced in advisory RHSA-2008:0193. The lspp-eal4-config-ibm and capp-lspp-eal4-config-hp packages contain utilities and documentation for configuring a machine for the Controlled Access Protection Profile, or the Labeled Security Protection Profile. It was discovered that use of the 'capp-lspp-config' script results in the '/etc/pam.d/system-auth' file being set to world-writable. Authorized local users who have limited privileges could then exploit this to gain additional access, or to escalate their privileges. (CVE-2008-0884) This issue only affects users who have installed either of these packages from the Red Hat FTP site as their base system configuration kickstart script. New deployments using the lspp-eal4-config-ibm or capp-lspp-eal4-config-hp packages are advised to upgrade to these updated packages, which resolve this issue. Solution: For systems already deployed, the following command can be run as root to restore the permissions to a secure setting: chmod 0644 /etc/pam.d/system-auth Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2008-0193.html http://www.redhat.com/security/updates/classification/#important Risk factor : High CVSS Score: 6.9 |
Querverweis: |
Common Vulnerability Exposure (CVE) ID: CVE-2008-0884 BugTraq ID: 28557 http://www.securityfocus.com/bid/28557 RedHat Security Advisories: RHSA-2008:0193 http://rhn.redhat.com/errata/RHSA-2008-0193.html http://securitytracker.com/id?1019740 http://secunia.com/advisories/29642 XForce ISS Database: redhat-lsppeal4config-insecure-permissions(41584) https://exchange.xforce.ibmcloud.com/vulnerabilities/41584 |
Copyright | Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com |
Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten. |