Anfälligkeitssuche        Suche in 172616 CVE Beschreibungen
und 81291 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.0.71015
Kategorie:Ubuntu Local Security Checks
Titel:Ubuntu USN-1284-1 (update-manager)
Zusammenfassung:NOSUMMARY
Beschreibung:Description:
The remote host is missing an update to update-manager
announced via advisory USN-1284-1.

Details:

David Black discovered that Update Manager incorrectly extracted the
downloaded upgrade tarball before verifying its GPG signature. If a remote
attacker were able to perform a man-in-the-middle attack, this flaw could
potentially be used to replace arbitrary files. (CVE-2011-3152)

David Black discovered that Update Manager created a temporary directory
in an insecure fashion. A local attacker could possibly use this flaw to
read the XAUTHORITY file of the user performing the upgrade.
(CVE-2011-3154)

This update also adds a hotfix to Update Notifier to handle cases where the
upgrade is being performed from CD media.

Solution:
The problem can be corrected by updating your system to the following
package versions:

Ubuntu 11.10:
update-manager 1:0.152.25.5

Ubuntu 11.04:
update-manager 1:0.150.5.1
update-notifier 0.111ubuntu2.1

Ubuntu 10.10:
update-manager 1:0.142.23.1
update-notifier 0.105ubuntu1.1

Ubuntu 10.04 LTS:
auto-upgrade-tester 1:0.134.11.1
update-notifier 0.99.3ubuntu0.1

Ubuntu 8.04 LTS:
update-manager 1:0.87.31.1

http://www.securityspace.com/smysecure/catid.html?in=USN-1284-1

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2011-3152
BugTraq ID: 50833
http://www.securityfocus.com/bid/50833
http://www.osvdb.org/77642
http://secunia.com/advisories/47024
http://www.ubuntu.com/usn/USN-1284-1
XForce ISS Database: ubuntu-update-gpg-sec-bypass(71494)
https://exchange.xforce.ibmcloud.com/vulnerabilities/71494
Common Vulnerability Exposure (CVE) ID: CVE-2011-3154
CopyrightCopyright (c) 2012 E-Soft Inc. http://www.securityspace.com

Dies ist nur einer von 81291 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.




© 1998-2020 E-Soft Inc. Alle Rechte vorbehalten.