Test Kennung:	1.3.6.1.4.1.25623.1.0.831718
Kategorie:	Mandrake Local Security Checks
Titel:	Mandriva Update for busybox MDVSA-2012:129 (busybox)
Zusammenfassung:	The remote host is missing an update for the 'busybox'; package(s) announced via the referenced advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'busybox' package(s) announced via the referenced advisory. Vulnerability Insight: Multiple vulnerabilities was found and corrected in busybox: The decompress function in ncompress allows remote attackers to cause a denial of service (crash), and possibly execute arbitrary code, via crafted data that leads to a buffer underflow (CVE-2006-1168). A missing DHCP option checking / sanitization flaw was reported for multiple DHCP clients. This flaw may allow DHCP server to trick DHCP clients to set e.g. system hostname to a specially crafted value containing shell special characters. Various scripts assume that hostname is trusted, which may lead to code execution when hostname is specially crafted (CVE-2011-2716). Additionally for Mandriva Enterprise Server 5 various problems in the ka-deploy and uClibc packages was discovered and fixed with this advisory. The updated packages have been patched to correct these issues. Affected Software/OS: busybox on Mandriva Linux 2011.0, Mandriva Enterprise Server 5.2 Solution: Please Install the Updated Packages. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2006-1168 BugTraq ID: 19455 http://www.securityfocus.com/bid/19455 Debian Security Information: DSA-1149 (Google Search) http://www.debian.org/security/2006/dsa-1149 http://security.gentoo.org/glsa/glsa-200610-03.xml http://www.mandriva.com/security/advisories?name=MDKSA-2006:140 http://www.mandriva.com/security/advisories?name=MDVSA-2012:129 http://bugs.gentoo.org/show_bug.cgi?id=141728 https://bugzilla.redhat.com/show_bug.cgi?id=728536 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9373 http://www.redhat.com/support/errata/RHSA-2006-0663.html RedHat Security Advisories: RHSA-2012:0810 http://rhn.redhat.com/errata/RHSA-2012-0810.html http://securitytracker.com/id?1016836 http://secunia.com/advisories/21427 http://secunia.com/advisories/21434 http://secunia.com/advisories/21437 http://secunia.com/advisories/21467 http://secunia.com/advisories/21880 http://secunia.com/advisories/22036 http://secunia.com/advisories/22296 http://secunia.com/advisories/22377 SGI Security Advisory: 20060901-01-P ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.asc SuSE Security Announcement: SUSE-SR:2006:020 (Google Search) http://www.novell.com/linux/security/advisories/2006_20_sr.html http://www.vupen.com/english/advisories/2006/3234 XForce ISS Database: ncompress-decompress-underflow(28315) https://exchange.xforce.ibmcloud.com/vulnerabilities/28315 Common Vulnerability Exposure (CVE) ID: CVE-2011-2716 20190612 SEC Consult SA-20190612-0 :: Multiple vulnerabilities in WAGO 852 Industrial Managed Switch Series http://seclists.org/fulldisclosure/2019/Jun/18 20190613 SEC Consult SA-20190612-0 :: Multiple vulnerabilities in WAGO 852 Industrial Managed Switch Series https://seclists.org/bugtraq/2019/Jun/14 20200827 SEC Consult SA-20200827-0 :: Multiple Vulnerabilities in ZTE mobile Hotspot MS910S http://seclists.org/fulldisclosure/2020/Aug/20 45363 http://secunia.com/advisories/45363 48879 http://www.securityfocus.com/bid/48879 MDVSA-2012:129 RHSA-2012:0810 http://downloads.avaya.com/css/P8/documents/100158840 http://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html http://www.busybox.net/news.html https://bugs.busybox.net/show_bug.cgi?id=3979 https://support.t-mobile.com/docs/DOC-21994
Copyright	Copyright (C) 2012 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.