ID de Prueba:	1.3.6.1.4.1.25623.1.0.122636
Categoría:	Oracle Linux Local Security Checks
Título:	Oracle: Security Advisory (ELSA-2007-0555)
Resumen:	The remote host is missing an update for the 'pam' package(s) announced via the ELSA-2007-0555 advisory.
Descripción:	Summary: The remote host is missing an update for the 'pam' package(s) announced via the ELSA-2007-0555 advisory. Vulnerability Insight: [0.99.6.2-3.26] - removed realtime default limits (#240123) from the package as it caused regression on machines with nonexistent realtime group [0.99.6.2-3.25] - added and improved translations (#219124) - adjusted the default limits for realtime users (#240123) [0.99.6.2-3.23] - pam_unix: truncated MD5 passwords in shadow shouldn't match (#219258) - pam_limits: add limits.d support (#232700) - pam_limits, pam_time, pam_access: add auditing of failed logins (#232993) - pam_namespace: expand /home/ksharma even when appended with text (#237163) original patch by Ted X. Toth - add some default limits for users in realtime group (#240123) - CVE-2007-3102 - prevent audit log injection through user name (#243204) [0.99.6.2-3.22] - make unix_update helper executable only by root as it isn't useful for regular user anyway [0.99.6.2-3.21] - pam_namespace: better document behavior on failure (#237249) - pam_unix: split out passwd change to a new helper binary (#236316) [0.99.6.2-3.19] - pam_selinux: improve context change auditing (#234781) [0.99.6.2-3.18] - pam_console: always decrement use count (#233581) - pam_namespace: fix parsing config file with unknown users (#234513) [0.99.6.2-3.17] - pam_namespace: unmount poly dir for override users (#229689) - pam_namespace: use raw context for poly dir name (#227345) - pam_namespace: truncate long poly dir name (append hash) (#230120) [0.99.6.2-3.15] - correctly relabel tty in the default case (#229542) Affected Software/OS: 'pam' package(s) on Oracle Linux 5. Solution: Please install the updated package(s). CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2007-1716 http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.html http://security.gentoo.org/glsa/glsa-200711-23.xml http://osvdb.org/37271 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11483 http://www.redhat.com/support/errata/RHSA-2007-0465.html http://www.redhat.com/support/errata/RHSA-2007-0555.html http://www.redhat.com/support/errata/RHSA-2007-0737.html http://secunia.com/advisories/25631 http://secunia.com/advisories/25894 http://secunia.com/advisories/26909 http://secunia.com/advisories/27590 http://secunia.com/advisories/27706 http://secunia.com/advisories/28319 SGI Security Advisory: 20070602-01-P ftp://patches.sgi.com/support/free/security/advisories/20070602-01-P.asc http://www.vupen.com/english/advisories/2007/3229 Common Vulnerability Exposure (CVE) ID: CVE-2007-3102 BugTraq ID: 26097 http://www.securityfocus.com/bid/26097 https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00214.html https://bugzilla.redhat.com/show_bug.cgi?id=248059 http://osvdb.org/39214 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11124 http://www.redhat.com/support/errata/RHSA-2007-0540.html http://www.redhat.com/support/errata/RHSA-2007-0703.html http://secunia.com/advisories/27235 http://secunia.com/advisories/27588 http://secunia.com/advisories/28320
Copyright	Copyright (C) 2015 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.