 |
Inicial ▼ Bookkeeping
Online ▼ Auditorias ▼
DNS
Administrado ▼
Acerca de DNS
Ordenar/Renovar
Preguntas Frecuentes
AUP
Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password Monitoreo
de Redes ▼
Enterprise
Avanzado
Estándarr
Prueba
Preguntas Frecuentes
Resumen de Precio/Funciones
Ordenar
Muestras
Configure/Status Alert Profiles | ||
| ID de Prueba: | 1.3.6.1.4.1.25623.1.0.64503 |
| Categoría: | Mandrake Local Security Checks |
| Título: | Mandrake Security Advisory MDVSA-2009:171 (pulseaudio) |
| Resumen: | The remote host is missing an update to pulseaudio;announced via advisory MDVSA-2009:171. |
| Descripción: | Summary: The remote host is missing an update to pulseaudio announced via advisory MDVSA-2009:171. Vulnerability Insight: A vulnerability has been found and corrected in pulseaudio: Tavis Ormandy and Julien Tinnes of the Google Security Team discovered that pulseaudio, when installed setuid root, does not drop privileges before re-executing itself to achieve immediate bindings. This can be exploited by a user who has write access to any directory on the file system containing /usr/bin to gain local root access. The user needs to exploit a race condition related to creating a hard link (CVE-2009-1894). This update provides fixes for this vulnerability. Affected: Enterprise Server 5.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. CVSS Score: 7.2 CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C |
| Referencia Cruzada: |
Common Vulnerability Exposure (CVE) ID: CVE-2009-1894 20090717 PulseAudio local race condition privilege escalation vulnerability http://www.securityfocus.com/archive/1/505052/100/0/threaded 35721 http://www.securityfocus.com/bid/35721 35868 http://secunia.com/advisories/35868 35886 http://secunia.com/advisories/35886 35896 http://secunia.com/advisories/35896 DSA-1838 http://www.debian.org/security/2009/dsa-1838 GLSA-200907-13 http://security.gentoo.org/glsa/glsa-200907-13.xml MDVSA-2009:152 http://www.mandriva.com/security/advisories?name=MDVSA-2009:152 MDVSA-2009:171 http://www.mandriva.com/security/advisories?name=MDVSA-2009:171 USN-804-1 http://www.ubuntu.com/usn/usn-804-1 http://blog.cr0.org/2009/07/old-school-local-root-vulnerability-in.html http://taviso.decsystem.org/research.html http://www.akitasecurity.nl/advisory.php?id=AK20090602 https://admin.fedoraproject.org/updates/pulseaudio-0.9.10-1.el5.2 https://bugzilla.redhat.com/show_bug.cgi?id=510071 pulseaudio-suid-privilege-escalation(51804) https://exchange.xforce.ibmcloud.com/vulnerabilities/51804 |
| Copyright | Copyright (C) 2009 E-Soft Inc. |
| Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora. |