CentOS Local Security Checks : CentOS Update for dstat CESA-2009:1619 centos5 i386

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 146377 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.880801

Kategorie: CentOS Local Security Checks

Titel: CentOS Update for dstat CESA-2009:1619 centos5 i386

Zusammenfassung: The remote host is missing an update for the 'dstat'; package(s) announced via the referenced advisory.

Beschreibung: Summary:
The remote host is missing an update for the 'dstat'
package(s) announced via the referenced advisory.

Vulnerability Insight:
Dstat is a versatile replacement for the vmstat, iostat, and netstat tools.
Dstat can be used for performance tuning tests, benchmarks, and
troubleshooting.

Robert Buchholz of the Gentoo Security Team reported a flaw in the Python
module search path used in dstat. If a local attacker could trick a
local user into running dstat from a directory containing a Python script
that is named like an importable module, they could execute arbitrary code
with the privileges of the user running dstat. (CVE-2009-3894)

All dstat users should upgrade to this updated package, which contains a
backported patch to correct this issue.

Affected Software/OS:
dstat on CentOS 5

Solution:
Please install the updated packages.

CVSS Score:
4.4

CVSS Vector:
AV:L/AC:M/Au:N/C:P/I:P/A:P

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2009-3894
37131
http://www.securityfocus.com/bid/37131
37445
http://secunia.com/advisories/37445
37457
http://secunia.com/advisories/37457
60511
http://osvdb.org/60511
GLSA-200911-04
http://security.gentoo.org/glsa/glsa-200911-04.xml
MDVSA-2009:341
http://www.mandriva.com/security/advisories?name=MDVSA-2009:341
RHSA-2009:1619
http://www.redhat.com/support/errata/RHSA-2009-1619.html
http://bugs.gentoo.org/show_bug.cgi?id=293497
http://svn.rpmforge.net/svn/trunk/tools/dstat/ChangeLog
https://bugzilla.redhat.com/show_bug.cgi?id=538459
oval:org.mitre.oval:def:8969
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8969

Copyright Copyright (C) 2011 Greenbone AG

Dies ist nur einer von 146377 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.880801
Kategorie:	CentOS Local Security Checks
Titel:	CentOS Update for dstat CESA-2009:1619 centos5 i386
Zusammenfassung:	The remote host is missing an update for the 'dstat'; package(s) announced via the referenced advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'dstat' package(s) announced via the referenced advisory. Vulnerability Insight: Dstat is a versatile replacement for the vmstat, iostat, and netstat tools. Dstat can be used for performance tuning tests, benchmarks, and troubleshooting. Robert Buchholz of the Gentoo Security Team reported a flaw in the Python module search path used in dstat. If a local attacker could trick a local user into running dstat from a directory containing a Python script that is named like an importable module, they could execute arbitrary code with the privileges of the user running dstat. (CVE-2009-3894) All dstat users should upgrade to this updated package, which contains a backported patch to correct this issue. Affected Software/OS: dstat on CentOS 5 Solution: Please install the updated packages. CVSS Score: 4.4 CVSS Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2009-3894 37131 http://www.securityfocus.com/bid/37131 37445 http://secunia.com/advisories/37445 37457 http://secunia.com/advisories/37457 60511 http://osvdb.org/60511 GLSA-200911-04 http://security.gentoo.org/glsa/glsa-200911-04.xml MDVSA-2009:341 http://www.mandriva.com/security/advisories?name=MDVSA-2009:341 RHSA-2009:1619 http://www.redhat.com/support/errata/RHSA-2009-1619.html http://bugs.gentoo.org/show_bug.cgi?id=293497 http://svn.rpmforge.net/svn/trunk/tools/dstat/ChangeLog https://bugzilla.redhat.com/show_bug.cgi?id=538459 oval:org.mitre.oval:def:8969 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8969
Copyright	Copyright (C) 2011 Greenbone AG