 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.0.122636 |
| Category: | Oracle Linux Local Security Checks |
| Title: | Oracle: Security Advisory (ELSA-2007-0555) |
| Summary: | The remote host is missing an update for the 'pam' package(s) announced via the ELSA-2007-0555 advisory. |
| Description: | Summary: The remote host is missing an update for the 'pam' package(s) announced via the ELSA-2007-0555 advisory. Vulnerability Insight: [0.99.6.2-3.26] - removed realtime default limits (#240123) from the package as it caused regression on machines with nonexistent realtime group [0.99.6.2-3.25] - added and improved translations (#219124) - adjusted the default limits for realtime users (#240123) [0.99.6.2-3.23] - pam_unix: truncated MD5 passwords in shadow shouldn't match (#219258) - pam_limits: add limits.d support (#232700) - pam_limits, pam_time, pam_access: add auditing of failed logins (#232993) - pam_namespace: expand /home/ksharma even when appended with text (#237163) original patch by Ted X. Toth - add some default limits for users in realtime group (#240123) - CVE-2007-3102 - prevent audit log injection through user name (#243204) [0.99.6.2-3.22] - make unix_update helper executable only by root as it isn't useful for regular user anyway [0.99.6.2-3.21] - pam_namespace: better document behavior on failure (#237249) - pam_unix: split out passwd change to a new helper binary (#236316) [0.99.6.2-3.19] - pam_selinux: improve context change auditing (#234781) [0.99.6.2-3.18] - pam_console: always decrement use count (#233581) - pam_namespace: fix parsing config file with unknown users (#234513) [0.99.6.2-3.17] - pam_namespace: unmount poly dir for override users (#229689) - pam_namespace: use raw context for poly dir name (#227345) - pam_namespace: truncate long poly dir name (append hash) (#230120) [0.99.6.2-3.15] - correctly relabel tty in the default case (#229542) Affected Software/OS: 'pam' package(s) on Oracle Linux 5. Solution: Please install the updated package(s). CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2007-1716 http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.html http://security.gentoo.org/glsa/glsa-200711-23.xml http://osvdb.org/37271 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11483 http://www.redhat.com/support/errata/RHSA-2007-0465.html http://www.redhat.com/support/errata/RHSA-2007-0555.html http://www.redhat.com/support/errata/RHSA-2007-0737.html http://secunia.com/advisories/25631 http://secunia.com/advisories/25894 http://secunia.com/advisories/26909 http://secunia.com/advisories/27590 http://secunia.com/advisories/27706 http://secunia.com/advisories/28319 SGI Security Advisory: 20070602-01-P ftp://patches.sgi.com/support/free/security/advisories/20070602-01-P.asc http://www.vupen.com/english/advisories/2007/3229 Common Vulnerability Exposure (CVE) ID: CVE-2007-3102 BugTraq ID: 26097 http://www.securityfocus.com/bid/26097 https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00214.html https://bugzilla.redhat.com/show_bug.cgi?id=248059 http://osvdb.org/39214 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11124 http://www.redhat.com/support/errata/RHSA-2007-0540.html http://www.redhat.com/support/errata/RHSA-2007-0703.html http://secunia.com/advisories/27235 http://secunia.com/advisories/27588 http://secunia.com/advisories/28320 |
| Copyright | Copyright (C) 2015 Greenbone AG |
| This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |