Trustix Local Security Checks : Trustix Security Advisory TSLSA-2005-0013 (cvs)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.54311

Categoría: Trustix Local Security Checks

Título: Trustix Security Advisory TSLSA-2005-0013 (cvs)

Resumen: NOSUMMARY

Descripción: Description:

The remote host is missing updates announced in
advisory TSLSA-2005-0013.

From the NEWS file:
- Thanks to a report from Alen Zukich , several
minor security issues have been addressed. One was a buffer overflow
that is potentially serious but which may not be exploitable, assigned
CVE-2005-0753 by the Common Vulnerabilities and Exposures Project
<http://www.cve.mitre.org>. Other fixes resulting from Alen's report
include repair of an arbitrary free with no known exploit and several
plugged memory leaks and potentially freed NULL pointers which may have
been exploitable for a denial of service attack.

- Thanks to a report from Craig Monson , minor
potential vulnerabilities in the contributed Perl scripts have been
fixed. The confirmed vulnerability could allow the execution of
arbitrary code on the CVS server, but only if a user already had
commit access and if one of the contrib scripts was installed
improperly, a condition which should have been quickly visible to
any administrator. The complete description of the problem is here:
. If you were
making use of any of the contributed trigger scripts on a CVS server,
you should probably still replace them with the new versions, to be
on the safe side.

Solution:
Update your system with the packages as indicated in
the referenced security advisory.

https://secure1.securityspace.com/smysecure/catid.html?in=TSLSA-2005-0013

Risk factor : High

CVSS Score:
7.5

Referencia Cruzada: BugTraq ID: 13217
Common Vulnerability Exposure (CVE) ID: CVE-2005-0753
14976
http://secunia.com/advisories/14976/
DSA-742
http://www.debian.org/security/2005/dsa-742
GLSA-200504-16
http://www.gentoo.org/security/en/glsa/glsa-200504-16.xml
RHSA-2005:387
http://www.redhat.com/support/errata/RHSA-2005-387.html
SUSE-SA:2005:024
http://www.novell.com/linux/security/advisories/2005_24_cvs.html
cvs-bo(20148)
https://exchange.xforce.ibmcloud.com/vulnerabilities/20148
http://bugs.gentoo.org/attachment.cgi?id=54352&action=view
oval:org.mitre.oval:def:9688
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9688

Copyright Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.54311
Categoría:	Trustix Local Security Checks
Título:	Trustix Security Advisory TSLSA-2005-0013 (cvs)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory TSLSA-2005-0013. From the NEWS file: - Thanks to a report from Alen Zukich , several minor security issues have been addressed. One was a buffer overflow that is potentially serious but which may not be exploitable, assigned CVE-2005-0753 by the Common Vulnerabilities and Exposures Project <http://www.cve.mitre.org>. Other fixes resulting from Alen's report include repair of an arbitrary free with no known exploit and several plugged memory leaks and potentially freed NULL pointers which may have been exploitable for a denial of service attack. - Thanks to a report from Craig Monson , minor potential vulnerabilities in the contributed Perl scripts have been fixed. The confirmed vulnerability could allow the execution of arbitrary code on the CVS server, but only if a user already had commit access and if one of the contrib scripts was installed improperly, a condition which should have been quickly visible to any administrator. The complete description of the problem is here: . If you were making use of any of the contributed trigger scripts on a CVS server, you should probably still replace them with the new versions, to be on the safe side. Solution: Update your system with the packages as indicated in the referenced security advisory. https://secure1.securityspace.com/smysecure/catid.html?in=TSLSA-2005-0013 Risk factor : High CVSS Score: 7.5
Referencia Cruzada:	BugTraq ID: 13217 Common Vulnerability Exposure (CVE) ID: CVE-2005-0753 14976 http://secunia.com/advisories/14976/ DSA-742 http://www.debian.org/security/2005/dsa-742 GLSA-200504-16 http://www.gentoo.org/security/en/glsa/glsa-200504-16.xml RHSA-2005:387 http://www.redhat.com/support/errata/RHSA-2005-387.html SUSE-SA:2005:024 http://www.novell.com/linux/security/advisories/2005_24_cvs.html cvs-bo(20148) https://exchange.xforce.ibmcloud.com/vulnerabilities/20148 http://bugs.gentoo.org/attachment.cgi?id=54352&action=view oval:org.mitre.oval:def:9688 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9688
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com