Security News -  Security Reviews -   Exploits -  Tools -  UNIX Focus -  Windows Focus
SecuriTeam™  Beyond Security®  SecuriTeam™ Home  Ask the Team  Mailing Lists  Advertising Info  Blogs SecuriTeam™ in Your Inbox   E-mail this CVE-2002-0184 to a friend New vulnerability? New tool? Tell us	CVE-2002-0184 US TurboLinux Security Severely Out of Date     Credit: The information has been provided by David Endler. Website Security Scan Code Vulnerability Test Network Assessment Tool Detect hidden vulnerabilities Exhaustive automated testing Real-time, continuous security Get guidance from professionals of internal or 3rd party code. scanning for your entire network    CVE-2002-0184 Details Check for CVE-2002-0184 Vulnerability Assessment and Management. Automated Pen Testing for 50 to 50,000 nodes beyondsecurity.com/vulnerability-scanner Analysis: The collective security weakness of the outstanding issues listed below is staggering. The following is a list of the most serious problems for which most other Linux vendors have provided updates on their US sites. It represents the outstanding security problems associated with the limited TurboLinux distributions and updates that have been available on the US sites only. The list is by no means complete. Listed is the most current version of the software package available on the US servers that ships with TurboLinux 7.0 and the particular vulnerability CAN or CVE ID from Mitre Corp.'s Common Vulnerabilities and Exposures (CVE) Project at http://cve.mitre.org/cve, also searchable at http://icat.nist.gov.  * Apache 1.3.20 (CVE-2001-0730)  * at 3.1.8 (CAN-2002-0004)  * enscript 1.6.1 (CAN-2002-0044)  * imlib 1.9.10 (CAN-2002-0167, CAN-2002-0168)  * mod_ssl 2.8.4 (CAN-2002-0082)  * ncurses4 4.2 (CAN-2002-0062)  * OpenSSH 2.9p2 (CAN-2002-0083)  * PHP 4.0.5 (CAN-2002-0081)  * rsync 2.4.6 (CAN-2002-0048)  * sane 1.0.3 (CAN-2001-0887)  * Squid 2.3STABLE4 (CAN-2002-0067, CAN-2002-0068, CAN-2002-0069)  * sudo 1.6.3p7 (CAN-2002-0184)  * ucd-snmp 4.2.1 (CAN-2002-0012, CAN-2002-0012)  * xchat 1.6.4 (CAN-2002-0006)  * xsane 0.78 (CAN-2001-0887)  * zlib 1.1.3 (CAN-2001-0059) Detection: The above outstanding security issues pertain to the latest US available TurboLinux 6 and 7 distribution and possibly other earlier versions. Vendor response: Marjo Mercado, Director of Solutions and Support, pointed out the availability of updates on the Japanese servers. He could not provide an explanation as to why the US servers had not been synced in months. Updated packages for the above security issues are available at: ftp://ftp.turbolinux.co.jp/pub/TurboLinux/stable/tested/6 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/stable/tested/7 And ftp://ftp.turbolinux.com/mirrors/ftp.turbolinux.co.jp/stable Additionally while it may be inconvenient to many non-Japanese customers, users can also get notification of new security issues in Japanese for the time being from http://the.turbolinux.co.jp/bugzilla/.  Comments on CVE-2002-0184:  Add new comment:  Subject:  Name/Nick/Email:          Chars Left:	All Sections Security News Unix focus Exploits Tools Windows focus Security Reviews
	Security News - Security Reviews - Exploits - Tools - UNIX Focus - Windows Focus

Copyright © 1998-2010 Beyond Security® All rights reserved.
Terms of Use Site Privacy Statement.
SecuriTeam™ is a trademark of Beyond Security®