English | Deutsch | Español | Português
 Benutzerkennung:
 Passwort:
Registrieren
 About:   Dediziert  | Erweitert  | Standard  | Wiederkehrend  | Risikolos  | Desktop  | Basis  | Einmalig  | Sicherheits Siegel  | FAQ
  Preis/Funktionszusammenfassung  | Bestellen  | Neue Anfälligkeiten  | Vertraulichkeit  | Anfälligkeiten Suche
 Anfälligkeitssuche        Suche in 61204 CVE Beschreibungen
und 32582 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.0.53408
Kategorie:Debian Local Security Checks
Titel:Debian Security Advisory DSA 146-2 (dietlibc)
Zusammenfassung:Debian Security Advisory DSA 146-2 (dietlibc)
Beschreibung:The remote host is missing an update to dietlibc
announced via advisory DSA 146-2.

The upstream author of dietlibc, Felix von Leitner, discovered a
potential division by zero chance in the fwrite and calloc integer
overflow checks, which are fixed in the version below.

The new version includes fixes from DSA 146-1. For completness we
enclose the text of the other advisory:

An integer overflow bug has been discovered in the RPC library
used by dietlibc, a libc optimized for small size, which is
derived from the SunRPC library. This bug could be exploited to
gain unauthorized root access to software linking to this code.
The packages below also fix integer overflows in the calloc, fread
and fwrite code. They are also more strict regarding hostile DNS
packets that could lead to a vulnerability otherwise.

This problem has been fixed in version 0.12-2.4 for the current stable
distribution (woody) and in version 0.20-0cvs20020808 for the unstable
distribution (sid). Debian 2.2 (potato) is not affected since it
doesn't contain dietlibc packages.

We recommend that you upgrade your dietlibc packages immediately.


Solution:
http://www.securityspace.com/smysecure/catid.html?in=DSA%20146-2
Querverweis: BugTraq ID: 5356
Common Vulnerability Exposure (CVE) ID: CVE-2002-0391
ISS Security Advisory: 20020731 Remote Buffer Overflow Vulnerability in Sun RPC
http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=20823
Bugtraq: 20020731 Remote Buffer Overflow Vulnerability in Sun RPC (Google Search)
http://marc.theaimsgroup.com/?l=bugtraq&m=102813809232532&w=2
Bugtraq: 20020801 RPC analysis (Google Search)
http://marc.theaimsgroup.com/?l=bugtraq&m=102821785316087&w=2
Bugtraq: 20020802 MITKRB5-SA-2002-001: Remote root vulnerability in MIT krb5 admin (Google Search)
http://marc.theaimsgroup.com/?l=bugtraq&m=102831443208382&w=2
http://www.cert.org/advisories/CA-2002-25.html
CERT/CC vulnerability note: VU#192995
http://www.kb.cert.org/vuls/id/192995
AIX APAR: IY34194
http://archives.neohapsis.com/archives/aix/2002-q4/0002.html
Caldera Security Advisory: CSSA-2002-055.0
ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-055.0.txt
Conectiva Linux advisory: CLA-2002:515
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000515
Conectiva Linux advisory: CLA-2002:535
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000535
Debian Security Information: DSA-142 (Google Search)
http://www.debian.org/security/2002/dsa-142
Debian Security Information: DSA-143 (Google Search)
http://www.debian.org/security/2002/dsa-143
Debian Security Information: DSA-146 (Google Search)
http://www.debian.org/security/2002/dsa-146
Debian Security Information: DSA-149 (Google Search)
http://www.debian.org/security/2002/dsa-149
Debian Security Information: DSA-333 (Google Search)
http://www.debian.org/security/2003/dsa-333
En Garde Linux Advisory: ESA-20021003-021
http://www.linuxsecurity.com/advisories/other_advisory-2399.html
FreeBSD Security Advisory: FreeBSD-SA-02:34.rpc
http://marc.theaimsgroup.com/?l=bugtraq&m=102821928418261&w=2
HPdes Security Advisory: HPSBTL0208-061
http://online.securityfocus.com/advisories/4402
HPdes Security Advisory: HPSBUX0209-215
http://archives.neohapsis.com/archives/hp/2002-q3/0077.html
http://www.mandrakesoft.com/security/advisories?name=MDKSA-2002:057
Microsoft Security Bulletin: MS02-057
http://www.microsoft.com/technet/security/bulletin/ms02-057.asp
NETBSD Security Advisory: NetBSD-SA2002-011
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-011.txt.asc
RedHat Security Advisories: RHSA-2002:166
http://rhn.redhat.com/errata/RHSA-2002-166.html
http://www.redhat.com/support/errata/RHSA-2003-168.html
RedHat Security Advisories: RHSA-2002:172
http://rhn.redhat.com/errata/RHSA-2002-172.html
http://www.redhat.com/support/errata/RHSA-2002-173.html
http://www.redhat.com/support/errata/RHSA-2002-167.html
http://www.redhat.com/support/errata/RHSA-2003-212.html
SGI Security Advisory: 20020801-01-A
ftp://patches.sgi.com/support/free/security/advisories/20020801-01-A
SGI Security Advisory: 20020801-01-P
SuSE Security Announcement: SuSE-SA:2002:031 (Google Search)
Bugtraq: 20020803 OpenAFS Security Advisory 2002-001: Remote root vulnerability in OpenAFS servers (Google Search)
http://archives.neohapsis.com/archives/bugtraq/2002-07/0514.html
Bugtraq: 20020802 kerberos rpc xdr_array (Google Search)
http://online.securityfocus.com/archive/1/285740
Bugtraq: 20020909 GLSA: glibc (Google Search)
http://marc.theaimsgroup.com/?l=bugtraq&m=103158632831416&w=2
http://www.iss.net/security_center/static/9170.php
http://www.securityfocus.com/bid/5356
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:42
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:4728
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9
CopyrightCopyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Dies ist nur einer von 32582 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Registrierung eines neuen Benutzers
Email:
Benutzerkennung:
Passwort:
Bitte schicken Sie mir den monatlichen Newsletter, der mich über die neuesten Services, Verbesserungen und Umfragen informiert.
Bitte schicken Sie mir eine Anfälligkeitstest Benachrichtigung, wenn ein neuer Test hinzugefügt wird.
   Datenschutz
Anmeldung für registrierte Benutzer
 
Benutzerkennung:   
Passwort:  

 Benutzerkennung oder Passwort vergessen?
Email/Benutzerkennung:




Startseite | Über uns | Kontakt | Partnerprogramme | Datenschutz | Mailinglisten | Missbrauch
Sicherheits Überprüfungen | Verwaltete DNS | Netzwerk Überwachung | Webseiten Analysator | Internet Recherche Berichte
Web Sonde | Whois

© 1998-2014 E-Soft Inc. Alle Rechte vorbehalten.