ID de Prueba:	1.3.6.1.4.1.25623.1.0.122805
Categoría:	Oracle Linux Local Security Checks
Título:	Oracle: Security Advisory (ELSA-2015-2623)
Resumen:	The remote host is missing an update for the 'grub2' package(s) announced via the ELSA-2015-2623 advisory.
Descripción:	Summary: The remote host is missing an update for the 'grub2' package(s) announced via the ELSA-2015-2623 advisory. Vulnerability Insight: [2.02-0.33.0.1] - Fix comparison in patch for 18504756 - Remove symlink to grub environment file during uninstall on EFI platforms [bug 19231481] - update Oracle Linux certificates (Alexey Petrenko) - Put 'with' in menuentry instead of 'using' [bug 18504756] - Use different titles for UEK and RHCK kernels [bug 18504756] [2.02-0.33] - Don't remove 01_users, it's the wrong thing to do. Related:rhbz1290089 [2.02-0.32] - Rebuild for .z so the release number is different. Related: rhbz#1290089 [2.02-0.31] - More work on handling of GRUB2_PASSWORD Resolves: rhbz#1290089 [2.02-0.30] - Fix security issue when reading username and password Resolves: CVE-2015-8370 - Do a better job of handling GRUB_PASSWORD Resolves: rhbz#1290089 Affected Software/OS: 'grub2' package(s) on Oracle Linux 7. Solution: Please install the updated package(s). CVSS Score: 6.9 CVSS Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2015-8370 BugTraq ID: 79358 http://www.securityfocus.com/bid/79358 Bugtraq: 20151215 Back to 28: Grub2 Authentication Bypass 0-Day [CVE-2015-8370] (Google Search) http://www.securityfocus.com/archive/1/537115/100/0/threaded Debian Security Information: DSA-3421 (Google Search) http://www.debian.org/security/2015/dsa-3421 http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174049.html http://lists.fedoraproject.org/pipermail/package-announce/2015-December/173703.html http://seclists.org/fulldisclosure/2015/Dec/69 https://security.gentoo.org/glsa/201512-03 http://hmarco.org/bugs/CVE-2015-8370-Grub2-authentication-bypass.html http://packetstormsecurity.com/files/134831/Grub2-Authentication-Bypass.html http://www.openwall.com/lists/oss-security/2015/12/15/6 http://www.openwall.com/lists/oss-security/2024/01/15/3 RedHat Security Advisories: RHSA-2015:2623 http://rhn.redhat.com/errata/RHSA-2015-2623.html http://www.securitytracker.com/id/1034422 SuSE Security Announcement: SUSE-SU-2015:2385 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00039.html SuSE Security Announcement: SUSE-SU-2015:2386 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00040.html SuSE Security Announcement: SUSE-SU-2015:2387 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00041.html SuSE Security Announcement: SUSE-SU-2015:2399 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00044.html SuSE Security Announcement: openSUSE-SU-2015:2375 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00037.html SuSE Security Announcement: openSUSE-SU-2015:2392 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00043.html SuSE Security Announcement: openSUSE-SU-2016:0036 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00003.html http://www.ubuntu.com/usn/USN-2836-1
Copyright	Copyright (C) 2015 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.