ID de Prueba:	1.3.6.1.4.1.25623.1.0.51477
Categoría:	Conectiva Local Security Checks
Título:	Conectiva Security Advisory CLA-2003:774
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory CLA-2003:774. Bugzilla[1] is a bug tracking system used by many software projects. Several vulnerabilities have been announced[2] and are being fixed in this update. 1. SQL injection in collectstats.pl [3] An user with 'editproducts' privileges (usually an administrator) can select arbitrary SQL commands to be run by the nightly statistics cron job (collectstats.pl) by giving a product a carefully crafted name. 2. SQL injection in editkeywords [4] An user with 'editkeywords' privileges (usually an administrator) can inject arbitrary SQL commands via the URL used to edit an existing keyword. 3. Privilege mishandling [5] When deleting products and the 'usebuggroups' parameter is on, the privilege which allows someone to add people to the group which is being deleted does not get removed, allowing users with that privilege to get that privilege for the next group that is created which reuses that group ID. This only allows someone who had been granted privileges in the past to retain them. 4. Information leak [6] If the email address of someone who has voted on a restricted ticket is known, the script_summary( of that ticket can be accessed by users which would usually have no such privileges. Solution: The apt tool can be used to perform RPM package upgrades by running 'apt-get update' followed by 'apt-get upgrade' https://secure1.securityspace.com/smysecure/catid.html?in=CLA-2003:774 http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=002003 Risk factor : High
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.