Mandrake Local Security Checks : Mandriva Update for libuser MDVSA-2011:019 (libuser)

Anfälligkeitssuche		Suche in 219043 CVE Beschreibungen und 99761 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.831319

Kategorie: Mandrake Local Security Checks

Titel: Mandriva Update for libuser MDVSA-2011:019 (libuser)

Zusammenfassung: The remote host is missing an update for the 'libuser'; package(s) announced via the referenced advisory.

Beschreibung: Summary:
The remote host is missing an update for the 'libuser'
package(s) announced via the referenced advisory.

Vulnerability Insight:
A vulnerability has been found and corrected in libuser:

libuser before 0.57 uses a cleartext password value of (1) !! or (2) x
for new LDAP user accounts, which makes it easier for remote attackers
to obtain access by specifying one of these values (CVE-2011-0002).

Packages for 2009.0 are provided as of the Extended Maintenance
Program. The updated packages have been patched to correct this issue.

Affected Software/OS:
libuser on Mandriva Linux 2009.0,
Mandriva Linux 2009.0/X86_64,
Mandriva Linux 2010.0,
Mandriva Linux 2010.0/X86_64,
Mandriva Linux 2010.1,
Mandriva Linux 2010.1/X86_64,
Mandriva Enterprise Server 5,
Mandriva Enterprise Server 5/X86_64

Solution:
Please Install the Updated Packages.

CVSS Score:
6.4

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:N

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2011-0002
BugTraq ID: 45791
http://www.securityfocus.com/bid/45791
http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053365.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053378.html
http://www.mandriva.com/security/advisories?name=MDVSA-2011:019
http://www.osvdb.org/70421
http://www.redhat.com/support/errata/RHSA-2011-0170.html
http://securitytracker.com/id?1024960
http://secunia.com/advisories/42891
http://secunia.com/advisories/42966
http://secunia.com/advisories/43047
http://www.vupen.com/english/advisories/2011/0184
http://www.vupen.com/english/advisories/2011/0201
http://www.vupen.com/english/advisories/2011/0226
XForce ISS Database: libuser-password-security-bypass(64677)
https://exchange.xforce.ibmcloud.com/vulnerabilities/64677

Copyright Copyright (c) 2011 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.831319
Kategorie:	Mandrake Local Security Checks
Titel:	Mandriva Update for libuser MDVSA-2011:019 (libuser)
Zusammenfassung:	The remote host is missing an update for the 'libuser'; package(s) announced via the referenced advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'libuser' package(s) announced via the referenced advisory. Vulnerability Insight: A vulnerability has been found and corrected in libuser: libuser before 0.57 uses a cleartext password value of (1) !! or (2) x for new LDAP user accounts, which makes it easier for remote attackers to obtain access by specifying one of these values (CVE-2011-0002). Packages for 2009.0 are provided as of the Extended Maintenance Program. The updated packages have been patched to correct this issue. Affected Software/OS: libuser on Mandriva Linux 2009.0, Mandriva Linux 2009.0/X86_64, Mandriva Linux 2010.0, Mandriva Linux 2010.0/X86_64, Mandriva Linux 2010.1, Mandriva Linux 2010.1/X86_64, Mandriva Enterprise Server 5, Mandriva Enterprise Server 5/X86_64 Solution: Please Install the Updated Packages. CVSS Score: 6.4 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2011-0002 BugTraq ID: 45791 http://www.securityfocus.com/bid/45791 http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053365.html http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053378.html http://www.mandriva.com/security/advisories?name=MDVSA-2011:019 http://www.osvdb.org/70421 http://www.redhat.com/support/errata/RHSA-2011-0170.html http://securitytracker.com/id?1024960 http://secunia.com/advisories/42891 http://secunia.com/advisories/42966 http://secunia.com/advisories/43047 http://www.vupen.com/english/advisories/2011/0184 http://www.vupen.com/english/advisories/2011/0201 http://www.vupen.com/english/advisories/2011/0226 XForce ISS Database: libuser-password-security-bypass(64677) https://exchange.xforce.ibmcloud.com/vulnerabilities/64677
Copyright	Copyright (c) 2011 Greenbone Networks GmbH