ID de Prueba:	1.3.6.1.4.1.25623.1.0.57251
Categoría:	Mandrake Local Security Checks
Título:	Mandrake Security Advisory MDKSA-2006:139 (krb5)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to krb5 announced via advisory MDKSA-2006:139. A flaw was discovered in some bundled Kerberos-aware packages that would fail to check the results of the setuid() call. This call can fail in some circumstances on the Linux 2.6 kernel if certain user limits are reached, which could be abused by a local attacker to get the applications to continue to run as root, possibly leading to an elevation of privilege. Updated packages have been patched to correct this issue. Affected: 2006.0, Corporate 3.0, Multi Network Firewall 2.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. https://secure1.securityspace.com/smysecure/catid.html?in=MDKSA-2006:139 Risk factor : High CVSS Score: 7.2
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2006-3083 BugTraq ID: 19427 http://www.securityfocus.com/bid/19427 Bugtraq: 20060808 MITKRB-SA-2006-001: multiple local privilege escalation vulnerabilities (Google Search) http://www.securityfocus.com/archive/1/442599/100/0/threaded Bugtraq: 20060816 UPDATED: MITKRB5-SA-2006-001: multiple local privilege escalation vulnerabilities (Google Search) http://www.securityfocus.com/archive/1/443498/100/100/threaded CERT/CC vulnerability note: VU#580124 http://www.kb.cert.org/vuls/id/580124 Debian Security Information: DSA-1146 (Google Search) http://www.debian.org/security/2006/dsa-1146 http://www.gentoo.org/security/en/glsa/glsa-200608-15.xml http://security.gentoo.org/glsa/glsa-200608-21.xml http://www.mandriva.com/security/advisories?name=MDKSA-2006:139 http://www.osvdb.org/27869 http://www.osvdb.org/27870 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9515 http://www.redhat.com/support/errata/RHSA-2006-0612.html http://securitytracker.com/id?1016664 http://secunia.com/advisories/21402 http://secunia.com/advisories/21423 http://secunia.com/advisories/21436 http://secunia.com/advisories/21439 http://secunia.com/advisories/21441 http://secunia.com/advisories/21456 http://secunia.com/advisories/21461 http://secunia.com/advisories/21467 http://secunia.com/advisories/21527 http://secunia.com/advisories/21613 http://secunia.com/advisories/21847 http://secunia.com/advisories/22291 SuSE Security Announcement: SUSE-SR:2006:020 (Google Search) http://www.novell.com/linux/security/advisories/2006_20_sr.html SuSE Security Announcement: SUSE-SR:2006:022 (Google Search) http://www.novell.com/linux/security/advisories/2006_22_sr.html http://www.ubuntu.com/usn/usn-334-1 http://www.vupen.com/english/advisories/2006/3225
Copyright	Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.