Oracle Linux Local Security Checks : Oracle: Security Advisory (ELSA-2011-1533)

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 146377 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.122030

Kategorie: Oracle Linux Local Security Checks

Titel: Oracle: Security Advisory (ELSA-2011-1533)

Zusammenfassung: The remote host is missing an update for the 'ipa' package(s) announced via the ELSA-2011-1533 advisory.

Beschreibung: Summary:
The remote host is missing an update for the 'ipa' package(s) announced via the ELSA-2011-1533 advisory.

Vulnerability Insight:
[2.1.3-9.el6]
- Add current password prompt when changing own password in web UI (#751179)
- Remove extraneous trailing ' from netgroup patch (#749352)

[2.1.3-8.el6]
- Updated patch for CVE-2011-3636 to include CR in the HTTP headers.
xmlrpc-c in RHEL-6 doesn't suppose the dont_advertise option so that is
not set any more. Another fake header, X-Original-User_Agent, is added
so there is no more trailing junk after the Referer header. (#749870)

[2.1.3-7.el6]
- Require an HTTP Referer header to address CSRF attackes. CVE-2011-3636.
(#749870)

[2.1.3-6.el6]
- Users not showing up in nis netgroup triple (#749352)

[2.1.3-5.el6]
- Add update file to remove entitlement roles, privileges and
permissions (#739060)

[2.1.3-4.el6]
- Quote worker option in krb5kdc (#748754)

[2.1.3-3.el6]
- hbactest fails while you have svcgroup in hbacrule (#746227)
- Add Kerberos domain mapping for system hostname (#747443)
- Format certificates as PEM in browser (#701325)

[2.1.3-2.el6]
- ipa-client-install hangs if the discovered server is unresponsive (#745392)
- Fix minor problems in help system (#747028)
- Remove help fix from Disable automember patch (#746717)
- Update minimum version of sssd to 1.5.1-60 to pick up SELinux fix (#746265)

[2.1.3-1.el6]
- Update to upstream 2.1.3 release (#736170)
- Additional branding (#742264)
- Disable automember cli (#746717)
- ipa-client-install sometimes fails to start sssd properly (#736954)
- ipa-client-install adds duplicate information to krb5.conf (#714597)
- ipa-client-install should configure hostname (#714919)
- inconsistency in enabling 'delete' buttons (#730751)
- hbactest does not resolve canonical names during simulation (#740850)
- Default DNS Administration Role - Permissions missing (#742327)
- named fails to start after installing ipa server when short (#742875)
- Duplicate hostgroup and netgroup should not be allowed (#743253)
- named fails to start (#743680)
- Global password policy should not be able to be deleted (#744074)
- Client install fails when anonymous bind is disabled (#744101)
- Internal Server Error adding invalid reverse DNS zone (#744234)
- ipa hbactest does not evaluate indirect members from groups. (#744410)
- Leaks KDC password and master password via command line arguments (#744422)
- Traceback when upgrading from ipa-server-2.1.1-1 (#744798)
- IPA User's Primary GID is not being set to their UPG's GID (#745552)
- --forwarder option of ipa-dns-install allows invalid IP addr (#745698)
- UI does not grant access based on roles (#745957)
- Unable to add external user for RunAs User for Sudo (#746056)
- Typo in error message while adding invalid ptr record. (#746199)
- Don't use python 2.7-only syntax (#746229)
- Error when using ipa-client-install with --no-sssd option (#746276)
- Installation fails if sssd.conf exists and is already config (#746298)
- External hosts are not removed properly from sudorule ... [Please see the references for more information on the vulnerabilities]

Affected Software/OS:
'ipa' package(s) on Oracle Linux 6.

Solution:
Please install the updated package(s).

CVSS Score:
6.8

CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2011-3636
http://freeipa.org/page/IPAv2_214

Copyright Copyright (C) 2015 Greenbone AG

Dies ist nur einer von 146377 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.122030
Kategorie:	Oracle Linux Local Security Checks
Titel:	Oracle: Security Advisory (ELSA-2011-1533)
Zusammenfassung:	The remote host is missing an update for the 'ipa' package(s) announced via the ELSA-2011-1533 advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'ipa' package(s) announced via the ELSA-2011-1533 advisory. Vulnerability Insight: [2.1.3-9.el6] - Add current password prompt when changing own password in web UI (#751179) - Remove extraneous trailing ' from netgroup patch (#749352) [2.1.3-8.el6] - Updated patch for CVE-2011-3636 to include CR in the HTTP headers. xmlrpc-c in RHEL-6 doesn't suppose the dont_advertise option so that is not set any more. Another fake header, X-Original-User_Agent, is added so there is no more trailing junk after the Referer header. (#749870) [2.1.3-7.el6] - Require an HTTP Referer header to address CSRF attackes. CVE-2011-3636. (#749870) [2.1.3-6.el6] - Users not showing up in nis netgroup triple (#749352) [2.1.3-5.el6] - Add update file to remove entitlement roles, privileges and permissions (#739060) [2.1.3-4.el6] - Quote worker option in krb5kdc (#748754) [2.1.3-3.el6] - hbactest fails while you have svcgroup in hbacrule (#746227) - Add Kerberos domain mapping for system hostname (#747443) - Format certificates as PEM in browser (#701325) [2.1.3-2.el6] - ipa-client-install hangs if the discovered server is unresponsive (#745392) - Fix minor problems in help system (#747028) - Remove help fix from Disable automember patch (#746717) - Update minimum version of sssd to 1.5.1-60 to pick up SELinux fix (#746265) [2.1.3-1.el6] - Update to upstream 2.1.3 release (#736170) - Additional branding (#742264) - Disable automember cli (#746717) - ipa-client-install sometimes fails to start sssd properly (#736954) - ipa-client-install adds duplicate information to krb5.conf (#714597) - ipa-client-install should configure hostname (#714919) - inconsistency in enabling 'delete' buttons (#730751) - hbactest does not resolve canonical names during simulation (#740850) - Default DNS Administration Role - Permissions missing (#742327) - named fails to start after installing ipa server when short (#742875) - Duplicate hostgroup and netgroup should not be allowed (#743253) - named fails to start (#743680) - Global password policy should not be able to be deleted (#744074) - Client install fails when anonymous bind is disabled (#744101) - Internal Server Error adding invalid reverse DNS zone (#744234) - ipa hbactest does not evaluate indirect members from groups. (#744410) - Leaks KDC password and master password via command line arguments (#744422) - Traceback when upgrading from ipa-server-2.1.1-1 (#744798) - IPA User's Primary GID is not being set to their UPG's GID (#745552) - --forwarder option of ipa-dns-install allows invalid IP addr (#745698) - UI does not grant access based on roles (#745957) - Unable to add external user for RunAs User for Sudo (#746056) - Typo in error message while adding invalid ptr record. (#746199) - Don't use python 2.7-only syntax (#746229) - Error when using ipa-client-install with --no-sssd option (#746276) - Installation fails if sssd.conf exists and is already config (#746298) - External hosts are not removed properly from sudorule ... [Please see the references for more information on the vulnerabilities] Affected Software/OS: 'ipa' package(s) on Oracle Linux 6. Solution: Please install the updated package(s). CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2011-3636 http://freeipa.org/page/IPAv2_214
Copyright	Copyright (C) 2015 Greenbone AG