Test ID:	1.3.6.1.4.1.25623.1.0.57548
Category:	Ubuntu Local Security Checks
Title:	Ubuntu USN-367-1 (pike7.6)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing an update to pike7.6 announced via advisory USN-367-1. A security issue affects the following Ubuntu releases: Ubuntu 5.04 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. An SQL injection was discovered in Pike's PostgreSQL module. Applications using a PostgreSQL database and uncommon character encodings could be fooled into running arbitrary SQL commands, which could result in privilege escalation within the application, application data exposure, or denial of service. Please refer to http://www.ubuntu.com/usn/usn-288-1 for more detailled information. Solution: The problem can be corrected by upgrading your system to the following package versions: Ubuntu 5.04: pike7.6-pg 7.6.13-1ubuntu0.1 In general, a standard system upgrade is sufficient to effect the necessary changes. https://secure1.securityspace.com/smysecure/catid.html?in=USN-367-1 Risk factor : High CVSS Score: 7.5
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2006-4041 BugTraq ID: 19367 http://www.securityfocus.com/bid/19367 http://security.gentoo.org/glsa/glsa-200608-10.xml http://secunia.com/advisories/20494 http://secunia.com/advisories/21362 http://secunia.com/advisories/22481 http://www.ubuntu.com/usn/usn-367-1 http://www.vupen.com/english/advisories/2006/2209 XForce ISS Database: pike-sql-injection(26992) https://exchange.xforce.ibmcloud.com/vulnerabilities/26992
Copyright	Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.