ID de Prueba:	1.3.6.1.4.1.25623.1.0.51488
Categoría:	Conectiva Local Security Checks
Título:	Conectiva Security Advisory CLA-2003:794
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory CLA-2003:794. rsync[1] is a program used mainly to mirror files between remote sites. rsync versions prior to 2.5.7 have a heap buffer overflow vulnerability[2] which can be exploited by remote attackers to execute arbitrary code. This vulnerability specially affects installations where rsync is used as a server/daemon, that is, where it was started with the --daemon command line argument. A new rsync version, 2.5.7, was released by the authors to address this vulnerability. Solution: The apt tool can be used to perform RPM package upgrades by running 'apt-get update' followed by 'apt-get upgrade' https://secure1.securityspace.com/smysecure/catid.html?in=CLA-2003:794 http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=002003 Risk factor : High CVSS Score: 7.5
Referencia Cruzada:	BugTraq ID: 9153 Common Vulnerability Exposure (CVE) ID: CVE-2003-0962 http://www.securityfocus.com/bid/9153 Bugtraq: 20031204 GLSA: exploitable heap overflow in rsync (200312-03) (Google Search) http://marc.info/?l=bugtraq&m=107056923528423&w=2 Bugtraq: 20031204 [OpenPKG-SA-2003.051] OpenPKG Security Advisory (rsync) (Google Search) http://marc.info/?l=bugtraq&m=107055702911867&w=2 Bugtraq: 20031204 rsync security advisory (fwd) (Google Search) http://marc.info/?l=bugtraq&m=107055681311602&w=2 CERT/CC vulnerability note: VU#325603 http://www.kb.cert.org/vuls/id/325603 Conectiva Linux advisory: CLA-2003:794 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000794 Debian Security Information: DSA-404 (Google Search) En Garde Linux Advisory: ESA-20031204-032 Immunix Linux Advisory: IMNX-2003-73-001-01 http://www.mandriva.com/security/advisories?name=MDKSA-2003:111 http://www.osvdb.org/2898 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9415 http://www.redhat.com/support/errata/RHSA-2003-398.html http://secunia.com/advisories/10353 http://secunia.com/advisories/10354 http://secunia.com/advisories/10355 http://secunia.com/advisories/10356 http://secunia.com/advisories/10357 http://secunia.com/advisories/10358 http://secunia.com/advisories/10359 http://secunia.com/advisories/10360 http://secunia.com/advisories/10361 http://secunia.com/advisories/10362 http://secunia.com/advisories/10363 http://secunia.com/advisories/10364 http://secunia.com/advisories/10378 http://secunia.com/advisories/10474 SGI Security Advisory: 20031202-01-U ftp://patches.sgi.com/support/free/security/advisories/20031202-01-U SuSE Security Announcement: SuSE-SA:2003:050 (Google Search) http://marc.info/?l=bugtraq&m=107055684711629&w=2 XForce ISS Database: linux-rsync-heap-overflow(13899) https://exchange.xforce.ibmcloud.com/vulnerabilities/13899
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.