SecurityLex.Org
  Home My IP SecCon Glossary Vulnerability Tests Sans/FBI Top 20 Top 10 Ipfilter Recent Vulnerabilities Today's news Web Host Check 

VulnTests
SecureScout Testcase
eEye Retina RTH
Nessus Plugin ID
nCircle Sans CVE's
Dragonsoft Vuln ID
CVE Entries
Search CVSS vectors 
CVSS Base score between    and
Access Vector Confidentiality Impact
Access Complexity Integrity Impact
Authentification Availability Impact
Impact Bias

Your search for "22557" returned:
Nessus Plugin ID: 22557Name: [DSA1015] DSA-1015-1 sendmail
CVE References: CVE-2006-0058 (cve.mitre.org, nvd.nist.gov
SANS/FBI TOP20 Reference:
Group/Family: Debian Local Security Checks
Risk: High
Description: Synopsis :

The remote host is missing the DSA-1015 security update

Description :

Mark Dowd discovered a flaw in the handling of asynchronous signals in
sendmail, a powerful, efficient, and scalable mail transport agent.
This allows a remote attacker to exploit a race condition to
execute arbitrary code as root.
For the old stable distribution (woody) this problem has been fixed in
version 8.12.3-7.2.
For the stable distribution (sarge) this problem has been fixed in
version 8.13.4-3sarge1.

See also :

http://www.debian.org/security/2006/dsa-1015

Solution :

The Debian project recommends that you upgrade your sendmail package immediately.

/ CVSS Base Score : 7.6
(CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C)
Created: 2009-01-02 15:53:19Last Changed: 2009-07-31 01:54:55
 
 The Complete Lexicon to Security