Mandrake Local Security Checks : Mandriva Security Advisory MDVSA-2009:099-1 (openafs)

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 145615 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.66483

Kategorie: Mandrake Local Security Checks

Titel: Mandriva Security Advisory MDVSA-2009:099-1 (openafs)

Zusammenfassung: The remote host is missing an update to openafs;announced via advisory MDVSA-2009:099-1.

Beschreibung: Summary:
The remote host is missing an update to openafs
announced via advisory MDVSA-2009:099-1.

Vulnerability Insight:
Multiple vulnerabilities has been found and corrected in openafs:

The cache manager in the client in OpenAFS 1.0 through 1.4.8 and
1.5.0 through 1.5.58 on Linux allows remote attackers to cause a
denial of service (system crash) via an RX response with a large
error-code value that is interpreted as a pointer and dereferenced,
related to use of the ERR_PTR macro (CVE-2009-1250).

Heap-based buffer overflow in the cache manager in the client in
OpenAFS 1.0 through 1.4.8 and 1.5.0 through 1.5.58 on Unix platforms
allows remote attackers to cause a denial of service (system crash)
or possibly execute arbitrary code via an RX response containing
more data than specified in a request, related to use of XDR arrays
(CVE-2009-1251).

The updated packages have been patched to correct these issues.

Update:

Packages for 2008.0 are being provided due to extended support for
Corporate products.

Affected: 2008.0

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2009-1250
AIX APAR: ID71123
http://www-1.ibm.com/support/docview.wss?uid=swg1ID71123
BugTraq ID: 34404
http://www.securityfocus.com/bid/34404
Debian Security Information: DSA-1768 (Google Search)
http://www.debian.org/security/2009/dsa-1768
http://security.gentoo.org/glsa/glsa-201101-05.xml
http://www.mandriva.com/security/advisories?name=MDVSA-2009:099
http://secunia.com/advisories/34655
http://secunia.com/advisories/34684
http://secunia.com/advisories/36310
http://secunia.com/advisories/42896
http://www.vupen.com/english/advisories/2009/0984
http://www.vupen.com/english/advisories/2011/0117
Common Vulnerability Exposure (CVE) ID: CVE-2009-1251
BugTraq ID: 34407
http://www.securityfocus.com/bid/34407

Copyright Copyright (C) 2009 E-Soft Inc.

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.66483
Kategorie:	Mandrake Local Security Checks
Titel:	Mandriva Security Advisory MDVSA-2009:099-1 (openafs)
Zusammenfassung:	The remote host is missing an update to openafs;announced via advisory MDVSA-2009:099-1.
Beschreibung:	Summary: The remote host is missing an update to openafs announced via advisory MDVSA-2009:099-1. Vulnerability Insight: Multiple vulnerabilities has been found and corrected in openafs: The cache manager in the client in OpenAFS 1.0 through 1.4.8 and 1.5.0 through 1.5.58 on Linux allows remote attackers to cause a denial of service (system crash) via an RX response with a large error-code value that is interpreted as a pointer and dereferenced, related to use of the ERR_PTR macro (CVE-2009-1250). Heap-based buffer overflow in the cache manager in the client in OpenAFS 1.0 through 1.4.8 and 1.5.0 through 1.5.58 on Unix platforms allows remote attackers to cause a denial of service (system crash) or possibly execute arbitrary code via an RX response containing more data than specified in a request, related to use of XDR arrays (CVE-2009-1251). The updated packages have been patched to correct these issues. Update: Packages for 2008.0 are being provided due to extended support for Corporate products. Affected: 2008.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2009-1250 AIX APAR: ID71123 http://www-1.ibm.com/support/docview.wss?uid=swg1ID71123 BugTraq ID: 34404 http://www.securityfocus.com/bid/34404 Debian Security Information: DSA-1768 (Google Search) http://www.debian.org/security/2009/dsa-1768 http://security.gentoo.org/glsa/glsa-201101-05.xml http://www.mandriva.com/security/advisories?name=MDVSA-2009:099 http://secunia.com/advisories/34655 http://secunia.com/advisories/34684 http://secunia.com/advisories/36310 http://secunia.com/advisories/42896 http://www.vupen.com/english/advisories/2009/0984 http://www.vupen.com/english/advisories/2011/0117 Common Vulnerability Exposure (CVE) ID: CVE-2009-1251 BugTraq ID: 34407 http://www.securityfocus.com/bid/34407
Copyright	Copyright (C) 2009 E-Soft Inc.