Mandrake Local Security Checks : Mandrake Security Advisory MDKSA-2007:097 (xscreensaver)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.58377

Categoría: Mandrake Local Security Checks

Título: Mandrake Security Advisory MDKSA-2007:097 (xscreensaver)

Resumen: NOSUMMARY

Descripción: Description:

The remote host is missing an update to xscreensaver
announced via advisory MDKSA-2007:097.

A problem with the way xscreensaver verifies user passwords
was discovered by Alex Yamauchi. When a system is using remote
authentication (i.e. LDAP) for logins, a local attacker able to cause
a network outage on the system could cause xscreensaver to crash,
which would unlock the screen.

Updated packages have been patched to correct this issue.

Affected: 2007.0, 2007.1, Corporate 3.0

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

https://secure1.securityspace.com/smysecure/catid.html?in=MDKSA-2007:097

Risk factor : Medium

CVSS Score:
4.6

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2007-1859
BugTraq ID: 23783
http://www.securityfocus.com/bid/23783
http://security.gentoo.org/glsa/glsa-200705-14.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2007:097
http://osvdb.org/35531
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11459
http://www.redhat.com/support/errata/RHSA-2007-0322.html
http://www.securitytracker.com/id?1017996
http://secunia.com/advisories/25065
http://secunia.com/advisories/25105
http://secunia.com/advisories/25116
http://secunia.com/advisories/25118
http://secunia.com/advisories/25119
http://secunia.com/advisories/25225
http://secunia.com/advisories/25610
SuSE Security Announcement: SUSE-SR:2007:009 (Google Search)
http://www.novell.com/linux/security/advisories/2007_9_sr.html
http://www.ubuntu.com/usn/usn-474-1
XForce ISS Database: xscreensaver-getpwuid-authentication-bypass(34054)
https://exchange.xforce.ibmcloud.com/vulnerabilities/34054

Copyright Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.58377
Categoría:	Mandrake Local Security Checks
Título:	Mandrake Security Advisory MDKSA-2007:097 (xscreensaver)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to xscreensaver announced via advisory MDKSA-2007:097. A problem with the way xscreensaver verifies user passwords was discovered by Alex Yamauchi. When a system is using remote authentication (i.e. LDAP) for logins, a local attacker able to cause a network outage on the system could cause xscreensaver to crash, which would unlock the screen. Updated packages have been patched to correct this issue. Affected: 2007.0, 2007.1, Corporate 3.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. https://secure1.securityspace.com/smysecure/catid.html?in=MDKSA-2007:097 Risk factor : Medium CVSS Score: 4.6
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2007-1859 BugTraq ID: 23783 http://www.securityfocus.com/bid/23783 http://security.gentoo.org/glsa/glsa-200705-14.xml http://www.mandriva.com/security/advisories?name=MDKSA-2007:097 http://osvdb.org/35531 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11459 http://www.redhat.com/support/errata/RHSA-2007-0322.html http://www.securitytracker.com/id?1017996 http://secunia.com/advisories/25065 http://secunia.com/advisories/25105 http://secunia.com/advisories/25116 http://secunia.com/advisories/25118 http://secunia.com/advisories/25119 http://secunia.com/advisories/25225 http://secunia.com/advisories/25610 SuSE Security Announcement: SUSE-SR:2007:009 (Google Search) http://www.novell.com/linux/security/advisories/2007_9_sr.html http://www.ubuntu.com/usn/usn-474-1 XForce ISS Database: xscreensaver-getpwuid-authentication-bypass(34054) https://exchange.xforce.ibmcloud.com/vulnerabilities/34054
Copyright	Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com