Mandrake Local Security Checks : Mandrake Security Advisory MDVSA-2008:209 (pam

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.61703

Categoría: Mandrake Local Security Checks

Título: Mandrake Security Advisory MDVSA-2008:209 (pam_krb5)

Resumen: NOSUMMARY

Descripción: Description:

The remote host is missing an update to pam_krb5
announced via advisory MDVSA-2008:209.

StÃ©phane Bertin discovered a flaw in the pam_krb5 existing_ticket
configuration option where, if enabled and using an existing credential
cache, it was possible for a local user to gain elevated privileges
by using a different, local user's credential cache (CVE-2008-3825).

The updated packages have been patched to prevent this issue.

Affected: 2007.1, 2008.0, 2008.1

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

https://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2008:209

Risk factor : Medium

CVSS Score:
4.4

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2008-3825
1020978
http://www.securitytracker.com/id?1020978
20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX
http://www.securityfocus.com/archive/1/516397/100/0/threaded
31534
http://www.securityfocus.com/bid/31534
32119
http://secunia.com/advisories/32119
32135
http://secunia.com/advisories/32135
32174
http://secunia.com/advisories/32174
43314
http://secunia.com/advisories/43314
FEDORA-2008-8605
https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00150.html
FEDORA-2008-8618
https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00166.html
MDVSA-2008:209
http://www.mandriva.com/security/advisories?name=MDVSA-2008:209
RHSA-2008:0907
http://www.redhat.com/support/errata/RHSA-2008-0907.html
SUSE-SR:2008:027
http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00002.html
http://www.vmware.com/security/advisories/VMSA-2011-0003.html
https://bugzilla.redhat.com/show_bug.cgi?id=461960
oval:org.mitre.oval:def:10923
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10923
pamkrb5-existingticket-privilege-escalation(45635)
https://exchange.xforce.ibmcloud.com/vulnerabilities/45635

Copyright Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.61703
Categoría:	Mandrake Local Security Checks
Título:	Mandrake Security Advisory MDVSA-2008:209 (pam_krb5)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to pam_krb5 announced via advisory MDVSA-2008:209. StÃ©phane Bertin discovered a flaw in the pam_krb5 existing_ticket configuration option where, if enabled and using an existing credential cache, it was possible for a local user to gain elevated privileges by using a different, local user's credential cache (CVE-2008-3825). The updated packages have been patched to prevent this issue. Affected: 2007.1, 2008.0, 2008.1 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. https://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2008:209 Risk factor : Medium CVSS Score: 4.4
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2008-3825 1020978 http://www.securitytracker.com/id?1020978 20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX http://www.securityfocus.com/archive/1/516397/100/0/threaded 31534 http://www.securityfocus.com/bid/31534 32119 http://secunia.com/advisories/32119 32135 http://secunia.com/advisories/32135 32174 http://secunia.com/advisories/32174 43314 http://secunia.com/advisories/43314 FEDORA-2008-8605 https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00150.html FEDORA-2008-8618 https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00166.html MDVSA-2008:209 http://www.mandriva.com/security/advisories?name=MDVSA-2008:209 RHSA-2008:0907 http://www.redhat.com/support/errata/RHSA-2008-0907.html SUSE-SR:2008:027 http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00002.html http://www.vmware.com/security/advisories/VMSA-2011-0003.html https://bugzilla.redhat.com/show_bug.cgi?id=461960 oval:org.mitre.oval:def:10923 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10923 pamkrb5-existingticket-privilege-escalation(45635) https://exchange.xforce.ibmcloud.com/vulnerabilities/45635
Copyright	Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com