Oracle Linux Local Security Checks : Oracle: Security Advisory (ELSA-2011-0324)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.122228

Categoría: Oracle Linux Local Security Checks

Título: Oracle: Security Advisory (ELSA-2011-0324)

Resumen: The remote host is missing an update for the 'logwatch' package(s) announced via the ELSA-2011-0324 advisory.

Descripción: Summary:
The remote host is missing an update for the 'logwatch' package(s) announced via the ELSA-2011-0324 advisory.

Vulnerability Insight:
[7.3.6-49]
- Added fix for CVE-2011-1018: Privilege escalation due improper
sanitization of special characters in log file names
Resolves: #680304

Affected Software/OS:
'logwatch' package(s) on Oracle Linux 5, Oracle Linux 6.

Solution:
Please install the updated package(s).

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2011-1018
1025165
http://www.securitytracker.com/id?1025165
43356
http://secunia.com/advisories/43356
43495
http://secunia.com/advisories/43495
43622
http://secunia.com/advisories/43622
43644
http://secunia.com/advisories/43644
43734
http://secunia.com/advisories/43734
46554
http://www.securityfocus.com/bid/46554
ADV-2011-0533
http://www.vupen.com/english/advisories/2011/0533
ADV-2011-0581
http://www.vupen.com/english/advisories/2011/0581
ADV-2011-0596
http://www.vupen.com/english/advisories/2011/0596
DSA-2182
http://www.debian.org/security/2011/dsa-2182
FEDORA-2011-2318
http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055585.html
FEDORA-2011-2328
http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055579.html
FEDORA-2011-2396
http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055617.html
RHSA-2011:0324
http://www.redhat.com/support/errata/RHSA-2011-0324.html
SUSE-SR:2011:005
http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html
USN-1078-1
http://www.ubuntu.com/usn/USN-1078-1
[Logwatch-devel] 20110216 Remote command execution issue with root privileges
http://sourceforge.net/mailarchive/forum.php?thread_name=4D604843.7040303%40mblmail.net&forum_name=logwatch-devel
[oss-security] 20110224 CVE Request -- logwatch: Privilege escalation due improper sanitization of special characters in log file names
http://www.openwall.com/lists/oss-security/2011/02/24/13
[oss-security] 20110224 Re: CVE Request -- logwatch: Privilege escalation due improper sanitization of special characters in log file names
http://www.openwall.com/lists/oss-security/2011/02/24/15
http://logwatch.svn.sourceforge.net/viewvc/logwatch/scripts/logwatch.pl?r1=3&r2=26&pathrev=26
http://sourceforge.net/tracker/?func=detail&aid=3184223&group_id=312875&atid=1316824
https://bugzilla.redhat.com/show_bug.cgi?id=680237

Copyright Copyright (C) 2015 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.122228
Categoría:	Oracle Linux Local Security Checks
Título:	Oracle: Security Advisory (ELSA-2011-0324)
Resumen:	The remote host is missing an update for the 'logwatch' package(s) announced via the ELSA-2011-0324 advisory.
Descripción:	Summary: The remote host is missing an update for the 'logwatch' package(s) announced via the ELSA-2011-0324 advisory. Vulnerability Insight: [7.3.6-49] - Added fix for CVE-2011-1018: Privilege escalation due improper sanitization of special characters in log file names Resolves: #680304 Affected Software/OS: 'logwatch' package(s) on Oracle Linux 5, Oracle Linux 6. Solution: Please install the updated package(s). CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2011-1018 1025165 http://www.securitytracker.com/id?1025165 43356 http://secunia.com/advisories/43356 43495 http://secunia.com/advisories/43495 43622 http://secunia.com/advisories/43622 43644 http://secunia.com/advisories/43644 43734 http://secunia.com/advisories/43734 46554 http://www.securityfocus.com/bid/46554 ADV-2011-0533 http://www.vupen.com/english/advisories/2011/0533 ADV-2011-0581 http://www.vupen.com/english/advisories/2011/0581 ADV-2011-0596 http://www.vupen.com/english/advisories/2011/0596 DSA-2182 http://www.debian.org/security/2011/dsa-2182 FEDORA-2011-2318 http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055585.html FEDORA-2011-2328 http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055579.html FEDORA-2011-2396 http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055617.html RHSA-2011:0324 http://www.redhat.com/support/errata/RHSA-2011-0324.html SUSE-SR:2011:005 http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html USN-1078-1 http://www.ubuntu.com/usn/USN-1078-1 [Logwatch-devel] 20110216 Remote command execution issue with root privileges http://sourceforge.net/mailarchive/forum.php?thread_name=4D604843.7040303%40mblmail.net&forum_name=logwatch-devel [oss-security] 20110224 CVE Request -- logwatch: Privilege escalation due improper sanitization of special characters in log file names http://www.openwall.com/lists/oss-security/2011/02/24/13 [oss-security] 20110224 Re: CVE Request -- logwatch: Privilege escalation due improper sanitization of special characters in log file names http://www.openwall.com/lists/oss-security/2011/02/24/15 http://logwatch.svn.sourceforge.net/viewvc/logwatch/scripts/logwatch.pl?r1=3&r2=26&pathrev=26 http://sourceforge.net/tracker/?func=detail&aid=3184223&group_id=312875&atid=1316824 https://bugzilla.redhat.com/show_bug.cgi?id=680237
Copyright	Copyright (C) 2015 Greenbone AG