Debian Local Security Checks : Debian Security Advisory DSA 1828-1 (ocsinventory-agent)

Anfälligkeitssuche		Suche in 219043 CVE Beschreibungen und 99761 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.64380

Kategorie: Debian Local Security Checks

Titel: Debian Security Advisory DSA 1828-1 (ocsinventory-agent)

Zusammenfassung: NOSUMMARY

Beschreibung: Description:
The remote host is missing an update to ocsinventory-agent
announced via advisory DSA 1828-1.

It was discovered that the ocsinventory-agent which is part of the
ocsinventory suite, a hardware and software configuration indexing service,
is prone to an insecure perl module search path. As the agent is started
via cron and the current directory (/ in this case) is included in the
default perl module path the agent scans every directory on the system
for its perl modules. This enables an attacker to execute arbitrary code
via a crafted ocsinventory-agent perl module placed on the system.

The oldstable distribution (etch) does not contain ocsinventory-agent.

For the stable distribution (lenny), this problem has been fixed in
version 1:0.0.9.2repack1-4lenny1.

For the testing distribution (squeeze), this problem has been fixed in
version 1:0.0.9.2repack1-5

For the unstable distribution (sid), this problem has been fixed in
version 1:0.0.9.2repack1-5.

We recommend that you upgrade your ocsinventory-agent packages.

Solution:
http://www.securityspace.com/smysecure/catid.html?in=DSA%201828-1

CVSS Score:
7.2

CVSS Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2009-0667
BugTraq ID: 35593
http://www.securityfocus.com/bid/35593
Debian Security Information: DSA-1828 (Google Search)
http://www.debian.org/security/2009/dsa-1828
http://osvdb.org/55718
http://secunia.com/advisories/35727
http://secunia.com/advisories/35768
http://www.vupen.com/english/advisories/2009/1809

Copyright Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.64380
Kategorie:	Debian Local Security Checks
Titel:	Debian Security Advisory DSA 1828-1 (ocsinventory-agent)
Zusammenfassung:	NOSUMMARY
Beschreibung:	Description: The remote host is missing an update to ocsinventory-agent announced via advisory DSA 1828-1. It was discovered that the ocsinventory-agent which is part of the ocsinventory suite, a hardware and software configuration indexing service, is prone to an insecure perl module search path. As the agent is started via cron and the current directory (/ in this case) is included in the default perl module path the agent scans every directory on the system for its perl modules. This enables an attacker to execute arbitrary code via a crafted ocsinventory-agent perl module placed on the system. The oldstable distribution (etch) does not contain ocsinventory-agent. For the stable distribution (lenny), this problem has been fixed in version 1:0.0.9.2repack1-4lenny1. For the testing distribution (squeeze), this problem has been fixed in version 1:0.0.9.2repack1-5 For the unstable distribution (sid), this problem has been fixed in version 1:0.0.9.2repack1-5. We recommend that you upgrade your ocsinventory-agent packages. Solution: http://www.securityspace.com/smysecure/catid.html?in=DSA%201828-1 CVSS Score: 7.2 CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2009-0667 BugTraq ID: 35593 http://www.securityfocus.com/bid/35593 Debian Security Information: DSA-1828 (Google Search) http://www.debian.org/security/2009/dsa-1828 http://osvdb.org/55718 http://secunia.com/advisories/35727 http://secunia.com/advisories/35768 http://www.vupen.com/english/advisories/2009/1809
Copyright	Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com