Test Kennung:	1.3.6.1.4.1.25623.1.1.10.2020.0315
Kategorie:	Mageia Linux Local Security Checks
Titel:	Mageia: Security Advisory (MGASA-2020-0315)
Zusammenfassung:	The remote host is missing an update for the 'mumble' package(s) announced via the MGASA-2020-0315 advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'mumble' package(s) announced via the MGASA-2020-0315 advisory. Vulnerability Insight: Updated mumble package fixes security vulnerability: OCB2 is known to be broken under certain conditions: [link moved to references] To execute the universal attacks described in the paper, an attacker needs access to an encryption oracle that allows it to perform encryption queries with attacker-chosen nonce. Luckily in Mumble the encryption nonce is a fixed counter which is far too restrictive for the universal attacks to be feasible against Mumble. The basic attacks do not require an attacker-chosen nonce and as such are more applicable to Mumble. They are however of limited use and do require an en- and a decryption oracle which Mumble seemingly does not provide at the same time. To be on the safe side, this commit implements the counter-cryptanalysis measure described in the paper in section 9 for the sender and receiver side. This way if either server of client are patched, their communication is almost certainly (merely lacking formal proof) not susceptible to the attacks described in the paper. Fixed: Potential exploit in the OCB2 encryption (#4227) Affected Software/OS: 'mumble' package(s) on Mageia 7. Solution: Please install the updated package(s). CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Copyright	Copyright (C) 2022 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.