ID de Prueba:	1.3.6.1.4.1.25623.1.0.11312
Categoría:	Gain root remotely
Título:	DHCP server overflow / format string bug
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is running a DHCP server. If the remote server is ISC-DHCPd, make sure you are running the latest version, as several flaws affect older versions and may allow an attacker to gain root on this host *** Note that Nessus did not check for the presence of the *** flaws, so this might be a false positive See also : http://www.cert.org/advisories/CA-2003-01.html http://www.cert.org/advisories/CA-2002-12.html Risk factor : High
Referencia Cruzada:	BugTraq ID: 4701 BugTraq ID: 6627 BugTraq ID: 6628 BugTraq ID: 11591 Common Vulnerability Exposure (CVE) ID: CVE-2003-0026 http://www.securityfocus.com/bid/6627 Bugtraq: 20030122 [securityslackware.com: [slackware-security] New DHCP packages available] (Google Search) http://archives.neohapsis.com/archives/bugtraq/2003-01/0250.html http://www.cert.org/advisories/CA-2003-01.html CERT/CC vulnerability note: VU#284857 http://www.kb.cert.org/vuls/id/284857 Computer Incident Advisory Center Bulletin: N-031 http://www.ciac.org/ciac/bulletins/n-031.shtml Conectiva Linux advisory: CLA-2003:562 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000562 Debian Security Information: DSA-231 (Google Search) http://www.debian.org/security/2003/dsa-231 http://www.mandriva.com/security/advisories?name=MDKSA-2003:007 http://www.openpkg.com/security/advisories/OpenPKG-SA-2003.002.html http://www.redhat.com/support/errata/RHSA-2003-011.html http://www.securitytracker.com/id?1005924 SuSE Security Announcement: SuSE-SA:2003:0006 (Google Search) http://www.suse.com/de/security/2003_006_dhcp.html SuSE Security Announcement: SuSE-SA:2003:006 (Google Search) XForce ISS Database: dhcpd-minires-multiple-bo(11073) https://exchange.xforce.ibmcloud.com/vulnerabilities/11073 Common Vulnerability Exposure (CVE) ID: CVE-2002-0702 http://www.securityfocus.com/bid/4701 Bugtraq: 20020508 [NGSEC-2002-2] ISC DHCPDv3, remote root compromise (Google Search) http://marc.info/?l=bugtraq&m=102089498828206&w=2 Caldera Security Advisory: CSSA-2002-028.0 ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-028.0.txt http://www.cert.org/advisories/CA-2002-12.html CERT/CC vulnerability note: VU#854315 http://www.kb.cert.org/vuls/id/854315 Conectiva Linux advisory: CLA-2002:483 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000483 http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-037.php SuSE Security Announcement: SuSE-SA:2002:019 (Google Search) http://www.novell.com/linux/security/advisories/2002_19_dhcp.html http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0063.html http://www.iss.net/security_center/static/9039.php Common Vulnerability Exposure (CVE) ID: CVE-2003-0039 http://www.securityfocus.com/bid/6628 Bugtraq: 20030115 DoS against DHCP infrastructure with isc dhcrelay (Google Search) http://marc.info/?l=bugtraq&m=104310927813830&w=2 Bugtraq: 20030219 [OpenPKG-SA-2003.012] OpenPKG Security Advisory (dhcpd) (Google Search) http://www.openpkg.org/security/OpenPKG-SA-2003.012-dhcpd.html CERT/CC vulnerability note: VU#149953 http://www.kb.cert.org/vuls/id/149953 Conectiva Linux advisory: CLSA-2003:616 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000616 Debian Security Information: DSA-245 (Google Search) http://www.debian.org/security/2003/dsa-245 http://www.redhat.com/support/errata/RHSA-2003-034.html TurboLinux Advisory: TLSA-2003-26 http://cc.turbolinux.com/security/TLSA-2003-26.txt XForce ISS Database: dhcp-dhcrelay-dos(11187) https://exchange.xforce.ibmcloud.com/vulnerabilities/11187
Copyright	This script is Copyright (C) 2003 Renaud Deraison

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.