Anfälligkeitssuche        Suche in 219043 CVE Beschreibungen
und 99761 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.0.52881
Kategorie:Turbolinux Local Security Tests
Titel:Turbolinux TLSA-2004-8 (wu-ftpd)
Zusammenfassung:NOSUMMARY
Beschreibung:Description:

The remote host is missing an update to wu-ftpd
announced via advisory TLSA-2004-8.

Wu-ftpd is the daemon (background) program which serves FTP files to ftp clients.

- wu-ftpd 2.6.2 and earlier, with the restricted-gid option enabled,
allows local users to bypass access restrictions by changing the permissions
to prevent access to their home directory, which causes wu-ftpd to use the root directory instead.
- Buffer overflow in the skey_challenge function in ftpd.c for wu-ftp daemon (wu-ftpd) 2.6.2
allows remote attackers to cause a denial of service and possibly execute arbitrary code
via a s/key (SKEY) request with a long name.

The ftp users may be able to read the file which cannot be read.
The vulnerabilities allow an attacker can cause to denial of service of the wu-ftpd.

Solution: Please use the turbopkg (zabom) tool to apply the update.
https://secure1.securityspace.com/smysecure/catid.html?in=TLSA-2004-8

Risk factor : Critical

CVSS Score:
10.0

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2004-0185
BugTraq ID: 8893
http://www.securityfocus.com/bid/8893
Debian Security Information: DSA-457 (Google Search)
http://www.debian.org/security/2004/dsa-457
http://unixpunx.org/txt/exploits_archive/packetstorm/0310-advisories/wuftpd-skey.txt
http://www.securiteam.com/unixfocus/6X00Q1P8KC.html
http://www.redhat.com/support/errata/RHSA-2004-096.html
XForce ISS Database: wuftpd-skey-bo(13518)
https://exchange.xforce.ibmcloud.com/vulnerabilities/13518
Common Vulnerability Exposure (CVE) ID: CVE-2004-0148
BugTraq ID: 9832
http://www.securityfocus.com/bid/9832
http://www.frsirt.com/english/advisories/2006/1867
HPdes Security Advisory: SSRT4704
http://marc.info/?l=bugtraq&m=108999466902690&w=2
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1147
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1636
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1637
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A648
SCO Security Bulletin: SCOSA-2005.6
http://secunia.com/advisories/11055
http://secunia.com/advisories/20168
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102356-1
XForce ISS Database: wuftpd-restrictedgid-gain-access(15423)
https://exchange.xforce.ibmcloud.com/vulnerabilities/15423
CopyrightCopyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.




© 1998-2024 E-Soft Inc. Alle Rechte vorbehalten.