English | Deutsch | Español
 
Startseite ▼
Startseite Über uns Kontact Datenschutz Partnerprogramme Zeugnisse In der Presse Mailinglisten Missbrauch Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Sicherheits
Überprüfungs ▼
Home Dediziert Erweitert Standard Wiederkehrend Risikolos Desktop Basis Sicherheits Segal FAQ Preis/Funktionszusammenfassung Bestellen Neue Anfälligkeiten Alle Anfälligkeiten Vertraulichkeit Anfälligkeiten Suche Durchführen Terminkalender IP Permissions Maßgeschneidert Warteschlange Erinnerer Siegel Berichte Berichts Stil
Verwaltetes
DNS ▼
Info Bestellen/Erneuern FAQ AUP Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password
Netzwerk
Überwachung ▼
Enterprise Erweiterte Standard Gratis Test FAQ Preis/Funktionszusammenfassung Bestellen Beispiele
Konfigurieren/Status Alarm Profile
Recherce
Berichte ▼
Home FAQ Glossary Archive
 Anmeldung/Registrierung 
 
 Anfälligkeitssuche        Suche in 324607 CVE Beschreibungen
und 145615 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.1.10.2017.0390
Kategorie:Mageia Linux Local Security Checks
Titel:Mageia: Security Advisory (MGASA-2017-0390)
Zusammenfassung:The remote host is missing an update for the 'kmod-vboxadditions, kmod-virtualbox, virtualbox' package(s) announced via the MGASA-2017-0390 advisory.
Beschreibung:Summary:
The remote host is missing an update for the 'kmod-vboxadditions, kmod-virtualbox, virtualbox' package(s) announced via the MGASA-2017-0390 advisory.

Vulnerability Insight:
This update provides the virtualbox 5.1.30 maintenance release, fixing
security and other issues:

In OpenSSL 1.1.0 before 1.1.0d, if a malicious server supplies bad
parameters for a DHE or ECDHE key exchange then this can result in
the client attempting to dereference a NULL pointer leading to a
client crash. This could be exploited in a Denial of Service attack
(CVE-2017-3730).

OpenSSL is vulnerable to a denial of service, caused by an out-of-bounds
read when using a specific cipher. By sending specially crafted truncated
packets, a remote attacker could exploit this vulnerability using
CHACHA20/POLY1305 to cause the application to crash (CVE-2017-3731).

OpenSSL could allow a remote attacker to obtain sensitive information,
caused by a propagation error in the BN_mod_exp() function. An attacker
could exploit this vulnerability to obtain information about the private
key (CVE-2017-3732).

During a renegotiation handshake if the Encrypt-Then-Mac extension is
negotiated where it was not in the original handshake (or vice-versa)
then this can cause OpenSSL 1.1.0 before 1.1.0e to crash (dependent on
ciphersuite). Both clients and servers are affected (CVE-2017-3733)

A local user can exploit a flaw in the Oracle VM VirtualBox Core component
to partially access data, partially modify data, and deny service
(CVE-2017-10392, CVE-2017-10407, CVE-2017-10408).

A local user can exploit a flaw in the Oracle VM VirtualBox Core component
to partially access data, partially modify data, and partially deny service
(CVE-2017-10428).

For other fixes in this update see the referenced changelog.

Affected Software/OS:
'kmod-vboxadditions, kmod-virtualbox, virtualbox' package(s) on Mageia 5, Mageia 6.

Solution:
Please install the updated package(s).

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2017-10392
BugTraq ID: 101368
http://www.securityfocus.com/bid/101368
http://www.securitytracker.com/id/1039599
Common Vulnerability Exposure (CVE) ID: CVE-2017-10407
BugTraq ID: 101370
http://www.securityfocus.com/bid/101370
Common Vulnerability Exposure (CVE) ID: CVE-2017-10408
BugTraq ID: 101371
http://www.securityfocus.com/bid/101371
Common Vulnerability Exposure (CVE) ID: CVE-2017-10428
BugTraq ID: 101362
http://www.securityfocus.com/bid/101362
Common Vulnerability Exposure (CVE) ID: CVE-2017-2730
Common Vulnerability Exposure (CVE) ID: CVE-2017-3731
BugTraq ID: 95813
http://www.securityfocus.com/bid/95813
Debian Security Information: DSA-3773 (Google Search)
http://www.debian.org/security/2017/dsa-3773
FreeBSD Security Advisory: FreeBSD-SA-17:02
https://security.FreeBSD.org/advisories/FreeBSD-SA-17:02.openssl.asc
https://security.gentoo.org/glsa/201702-07
https://github.com/openssl/openssl/commit/00d965474b22b54e4275232bc71ee0c699c5cd21
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
RedHat Security Advisories: RHSA-2017:0286
http://rhn.redhat.com/errata/RHSA-2017-0286.html
RedHat Security Advisories: RHSA-2018:2185
https://access.redhat.com/errata/RHSA-2018:2185
RedHat Security Advisories: RHSA-2018:2186
https://access.redhat.com/errata/RHSA-2018:2186
RedHat Security Advisories: RHSA-2018:2187
https://access.redhat.com/errata/RHSA-2018:2187
http://www.securitytracker.com/id/1037717
Common Vulnerability Exposure (CVE) ID: CVE-2017-3732
BugTraq ID: 95814
http://www.securityfocus.com/bid/95814
https://github.com/openssl/openssl/commit/a59b90bf491410f1f2bc4540cc21f1980fd14c5b
RedHat Security Advisories: RHSA-2018:2568
https://access.redhat.com/errata/RHSA-2018:2568
RedHat Security Advisories: RHSA-2018:2575
https://access.redhat.com/errata/RHSA-2018:2575
RedHat Security Advisories: RHSA-2018:2713
https://access.redhat.com/errata/RHSA-2018:2713
Common Vulnerability Exposure (CVE) ID: CVE-2017-3733
BugTraq ID: 96269
http://www.securityfocus.com/bid/96269
https://github.com/openssl/openssl/commit/4ad93618d26a3ea23d36ad5498ff4f59eff3a4d2
http://www.securitytracker.com/id/1037846
CopyrightCopyright (C) 2022 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.



© 1998-2025 E-Soft Inc. Alle Rechte vorbehalten.