Amazon Linux Local Security Checks : Amazon Linux: Security Advisory (ALAS-2013-161)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.120392

Categoría: Amazon Linux Local Security Checks

Título: Amazon Linux: Security Advisory (ALAS-2013-161)

Resumen: The remote host is missing an update for the 'dnsmasq' package(s) announced via the ALAS-2013-161 advisory.

Descripción: Summary:
The remote host is missing an update for the 'dnsmasq' package(s) announced via the ALAS-2013-161 advisory.

Vulnerability Insight:
It was discovered that dnsmasq, when used in combination with certain libvirtd configurations, could incorrectly process network packets from network interfaces that were intended to be prohibited. A remote, unauthenticated attacker could exploit this flaw to cause a denial of service via DNS amplification attacks. (CVE-2012-3411)

Affected Software/OS:
'dnsmasq' package(s) on Amazon Linux.

Solution:
Please install the updated package(s).

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2012-3411
54353
http://www.securityfocus.com/bid/54353
MDVSA-2013:072
http://www.mandriva.com/security/advisories?name=MDVSA-2013:072
RHSA-2013:0276
http://rhn.redhat.com/errata/RHSA-2013-0276.html
RHSA-2013:0277
http://rhn.redhat.com/errata/RHSA-2013-0277.html
RHSA-2013:0579
http://rhn.redhat.com/errata/RHSA-2013-0579.html
[oss-security] 20120712 Re: Re: CVE Request -- dnsmasq: When being run by libvirt open DNS proxy (reachable out-of the virtual network set for the particular guest domain too) is created
http://www.openwall.com/lists/oss-security/2012/07/12/5
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=683372
http://thekelleys.org.uk/gitweb/?p=dnsmasq.git%3Ba=commitdiff%3Bh=2f38141f434e23292f84cefc33e8de76fb856147
http://thekelleys.org.uk/gitweb/?p=dnsmasq.git%3Ba=commitdiff%3Bh=54dd393f3938fc0c19088fbd319b95e37d81a2b0
http://www.thekelleys.org.uk/dnsmasq/CHANGELOG
https://bugzilla.redhat.com/show_bug.cgi?id=833033

Copyright Copyright (C) 2015 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.120392
Categoría:	Amazon Linux Local Security Checks
Título:	Amazon Linux: Security Advisory (ALAS-2013-161)
Resumen:	The remote host is missing an update for the 'dnsmasq' package(s) announced via the ALAS-2013-161 advisory.
Descripción:	Summary: The remote host is missing an update for the 'dnsmasq' package(s) announced via the ALAS-2013-161 advisory. Vulnerability Insight: It was discovered that dnsmasq, when used in combination with certain libvirtd configurations, could incorrectly process network packets from network interfaces that were intended to be prohibited. A remote, unauthenticated attacker could exploit this flaw to cause a denial of service via DNS amplification attacks. (CVE-2012-3411) Affected Software/OS: 'dnsmasq' package(s) on Amazon Linux. Solution: Please install the updated package(s). CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2012-3411 54353 http://www.securityfocus.com/bid/54353 MDVSA-2013:072 http://www.mandriva.com/security/advisories?name=MDVSA-2013:072 RHSA-2013:0276 http://rhn.redhat.com/errata/RHSA-2013-0276.html RHSA-2013:0277 http://rhn.redhat.com/errata/RHSA-2013-0277.html RHSA-2013:0579 http://rhn.redhat.com/errata/RHSA-2013-0579.html [oss-security] 20120712 Re: Re: CVE Request -- dnsmasq: When being run by libvirt open DNS proxy (reachable out-of the virtual network set for the particular guest domain too) is created http://www.openwall.com/lists/oss-security/2012/07/12/5 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=683372 http://thekelleys.org.uk/gitweb/?p=dnsmasq.git%3Ba=commitdiff%3Bh=2f38141f434e23292f84cefc33e8de76fb856147 http://thekelleys.org.uk/gitweb/?p=dnsmasq.git%3Ba=commitdiff%3Bh=54dd393f3938fc0c19088fbd319b95e37d81a2b0 http://www.thekelleys.org.uk/dnsmasq/CHANGELOG https://bugzilla.redhat.com/show_bug.cgi?id=833033
Copyright	Copyright (C) 2015 Greenbone AG