Startseite ▼ Bookkeeping
Online ▼ Sicherheits
Überprüfungs ▼
Verwaltetes
DNS ▼
Info
Bestellen/Erneuern
FAQ
AUP
Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password Netzwerk
Überwachung ▼
Enterprise
Erweiterte
Standard
Gratis Test
FAQ
Preis/Funktionszusammenfassung
Bestellen
Beispiele
Konfigurieren/Status Alarm Profile | |||
Test Kennung: | 1.3.6.1.4.1.25623.1.0.703462 |
Kategorie: | Debian Local Security Checks |
Titel: | Debian Security Advisory DSA 3462-1 (radicale - security update) |
Zusammenfassung: | Two vulnerabilities were fixed;in radicale, a CardDAV/CalDAV server.;;CVE-2015-8747;The (not configured by default and not available on Wheezy);multifilesystem storage backend allows read and write access to;arbitrary files (still subject to the DAC permissions of the user;the radicale server is running as).;;CVE-2015-8748;If an attacker is able to authenticate with a user name like `.*',;he can bypass read/write limitations imposed by regex-based rules,;including the built-in rules `owner_write' (read for everybody,;write for the calendar owner) and `owner_only' (read and write for;the calendar owner). |
Beschreibung: | Summary: Two vulnerabilities were fixed in radicale, a CardDAV/CalDAV server. CVE-2015-8747 The (not configured by default and not available on Wheezy) multifilesystem storage backend allows read and write access to arbitrary files (still subject to the DAC permissions of the user the radicale server is running as). CVE-2015-8748 If an attacker is able to authenticate with a user name like `.*', he can bypass read/write limitations imposed by regex-based rules, including the built-in rules `owner_write' (read for everybody, write for the calendar owner) and `owner_only' (read and write for the calendar owner). Affected Software/OS: radicale on Debian Linux Solution: For the oldstable distribution (wheezy), these problems have been fixed in version 0.7-1.1+deb7u1. For the stable distribution (jessie), these problems have been fixed in version 0.9-1+deb8u1. For the testing distribution (stretch), these problems have been fixed in version 1.1.1-1. For the unstable distribution (sid), these problems have been fixed in version 1.1.1-1. We recommend that you upgrade your radicale packages. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P |
Querverweis: |
Common Vulnerability Exposure (CVE) ID: CVE-2015-8747 BugTraq ID: 80255 http://www.securityfocus.com/bid/80255 Debian Security Information: DSA-3462 (Google Search) http://www.debian.org/security/2016/dsa-3462 http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175776.html http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175738.html http://www.openwall.com/lists/oss-security/2016/01/05/7 http://www.openwall.com/lists/oss-security/2016/01/06/4 http://www.openwall.com/lists/oss-security/2016/01/06/7 Common Vulnerability Exposure (CVE) ID: CVE-2015-8748 |
Copyright | Copyright (C) 2016 Greenbone Networks GmbH |
Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten. |