Conectiva Local Security Checks : Conectiva Security Advisory CLA-2003:735

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.51455

Categoría: Conectiva Local Security Checks

Título: Conectiva Security Advisory CLA-2003:735

Resumen: NOSUMMARY

Descripción: Description:

The remote host is missing updates announced in
advisory CLA-2003:735.

Exim[1] is a popular email server (MTA).

A remote heap buffer overflow vulnerability[2] has been reported[3]
in the Exim server. Carefully constructed EHLO/HELO messages can
cause a buffer overflow. By the time this message is processed, Exim
is no longer running with administrator privileges. At this time,
this vulnerability is believed to be difficult to exploit.

Exim is not installed nor started by default on Conectiva Linux.

Solution:
The apt tool can be used to perform RPM package upgrades
by running 'apt-get update' followed by 'apt-get upgrade'

https://secure1.securityspace.com/smysecure/catid.html?in=CLA-2003:735
http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=002003

Risk factor : High

CVSS Score:
7.5

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2003-0743
Bugtraq: 20030901 exim remote heap overflow, probably not exploitable (Google Search)
http://marc.info/?l=bugtraq&m=106252015820395&w=2
Conectiva Linux advisory: CLA-2003:735
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000735
Debian Security Information: DSA-376 (Google Search)
http://www.debian.org/security/2003/dsa-376
http://www.exim.org/pipermail/exim-users/Week-of-Mon-20030811/057720.html
http://www.exim.org/pipermail/exim-users/Week-of-Mon-20030811/057809.html
http://marc.info/?l=vuln-dev&m=106264740820334&w=2

Copyright Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.51455
Categoría:	Conectiva Local Security Checks
Título:	Conectiva Security Advisory CLA-2003:735
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory CLA-2003:735. Exim[1] is a popular email server (MTA). A remote heap buffer overflow vulnerability[2] has been reported[3] in the Exim server. Carefully constructed EHLO/HELO messages can cause a buffer overflow. By the time this message is processed, Exim is no longer running with administrator privileges. At this time, this vulnerability is believed to be difficult to exploit. Exim is not installed nor started by default on Conectiva Linux. Solution: The apt tool can be used to perform RPM package upgrades by running 'apt-get update' followed by 'apt-get upgrade' https://secure1.securityspace.com/smysecure/catid.html?in=CLA-2003:735 http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=002003 Risk factor : High CVSS Score: 7.5
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2003-0743 Bugtraq: 20030901 exim remote heap overflow, probably not exploitable (Google Search) http://marc.info/?l=bugtraq&m=106252015820395&w=2 Conectiva Linux advisory: CLA-2003:735 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000735 Debian Security Information: DSA-376 (Google Search) http://www.debian.org/security/2003/dsa-376 http://www.exim.org/pipermail/exim-users/Week-of-Mon-20030811/057720.html http://www.exim.org/pipermail/exim-users/Week-of-Mon-20030811/057809.html http://marc.info/?l=vuln-dev&m=106264740820334&w=2
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com