Búsqueda de    
Vulnerabilidad   
    Buscar 219043 Descripciones CVE y
99761 Descripciones de Pruebas,
accesos 10,000+ referencias cruzadas.
Pruebas   CVE   Todos  

ID de Prueba:1.3.6.1.4.1.25623.1.0.880801
Categoría:CentOS Local Security Checks
Título:CentOS Update for dstat CESA-2009:1619 centos5 i386
Resumen:The remote host is missing an update for the 'dstat'; package(s) announced via the referenced advisory.
Descripción:Summary:
The remote host is missing an update for the 'dstat'
package(s) announced via the referenced advisory.

Vulnerability Insight:
Dstat is a versatile replacement for the vmstat, iostat, and netstat tools.
Dstat can be used for performance tuning tests, benchmarks, and
troubleshooting.

Robert Buchholz of the Gentoo Security Team reported a flaw in the Python
module search path used in dstat. If a local attacker could trick a
local user into running dstat from a directory containing a Python script
that is named like an importable module, they could execute arbitrary code
with the privileges of the user running dstat. (CVE-2009-3894)

All dstat users should upgrade to this updated package, which contains a
backported patch to correct this issue.

Affected Software/OS:
dstat on CentOS 5

Solution:
Please install the updated packages.

CVSS Score:
4.4

CVSS Vector:
AV:L/AC:M/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2009-3894
BugTraq ID: 37131
http://www.securityfocus.com/bid/37131
http://security.gentoo.org/glsa/glsa-200911-04.xml
http://www.mandriva.com/security/advisories?name=MDVSA-2009:341
http://osvdb.org/60511
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8969
http://www.redhat.com/support/errata/RHSA-2009-1619.html
http://secunia.com/advisories/37445
http://secunia.com/advisories/37457
CopyrightCopyright (c) 2011 Greenbone Networks GmbH

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.

Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.




© 1998-2024 E-Soft Inc. Todos los derechos reservados.