Mandrake Local Security Checks : Mandrake Security Advisory MDKSA-2006:017 (mod_auth

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.56181

Categoría: Mandrake Local Security Checks

Título: Mandrake Security Advisory MDKSA-2006:017 (mod_auth_ldap)

Resumen: NOSUMMARY

Descripción: Description:

The remote host is missing an update to mod_auth_ldap
announced via advisory MDKSA-2006:017.

A format string flaw was discovered in the way that auth_ldap logs
information which may allow a remote attacker to execute arbitrary code
as the apache user if auth_ldap is used for authentication.

This update provides version 1.6.1 of auth_ldap which corrects the
problem. Only Corporate Server 2.1 shipped with a supported auth_ldap
package.

Affected: Corporate 2.1

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

https://secure1.securityspace.com/smysecure/catid.html?in=MDKSA-2006:017

Risk factor : High

CVSS Score:
7.5

Referencia Cruzada: BugTraq ID: 16177
Common Vulnerability Exposure (CVE) ID: CVE-2006-0150
http://www.securityfocus.com/bid/16177
Bugtraq: 20060109 Digital Armaments Security Advisory 01.09.2006: Apache auth_ldap module Multiple Format Strings Vulnerability (Google Search)
http://www.securityfocus.com/archive/1/421286/100/0/threaded
Debian Security Information: DSA-952 (Google Search)
http://www.debian.org/security/2006/dsa-952
http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:017
http://www.digitalarmaments.com/2006090173928420.html
http://www.redhat.com/support/errata/RHSA-2006-0179.html
http://securitytracker.com/id?1015456
http://secunia.com/advisories/18382
http://secunia.com/advisories/18405
http://secunia.com/advisories/18412
http://secunia.com/advisories/18568
http://www.vupen.com/english/advisories/2006/0117
XForce ISS Database: apache-authldap-format-string(24030)
https://exchange.xforce.ibmcloud.com/vulnerabilities/24030

Copyright Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.56181
Categoría:	Mandrake Local Security Checks
Título:	Mandrake Security Advisory MDKSA-2006:017 (mod_auth_ldap)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to mod_auth_ldap announced via advisory MDKSA-2006:017. A format string flaw was discovered in the way that auth_ldap logs information which may allow a remote attacker to execute arbitrary code as the apache user if auth_ldap is used for authentication. This update provides version 1.6.1 of auth_ldap which corrects the problem. Only Corporate Server 2.1 shipped with a supported auth_ldap package. Affected: Corporate 2.1 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. https://secure1.securityspace.com/smysecure/catid.html?in=MDKSA-2006:017 Risk factor : High CVSS Score: 7.5
Referencia Cruzada:	BugTraq ID: 16177 Common Vulnerability Exposure (CVE) ID: CVE-2006-0150 http://www.securityfocus.com/bid/16177 Bugtraq: 20060109 Digital Armaments Security Advisory 01.09.2006: Apache auth_ldap module Multiple Format Strings Vulnerability (Google Search) http://www.securityfocus.com/archive/1/421286/100/0/threaded Debian Security Information: DSA-952 (Google Search) http://www.debian.org/security/2006/dsa-952 http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:017 http://www.digitalarmaments.com/2006090173928420.html http://www.redhat.com/support/errata/RHSA-2006-0179.html http://securitytracker.com/id?1015456 http://secunia.com/advisories/18382 http://secunia.com/advisories/18405 http://secunia.com/advisories/18412 http://secunia.com/advisories/18568 http://www.vupen.com/english/advisories/2006/0117 XForce ISS Database: apache-authldap-format-string(24030) https://exchange.xforce.ibmcloud.com/vulnerabilities/24030
Copyright	Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com