Amazon Linux Local Security Checks : Amazon Linux: Security Advisory (ALAS-2015-513)

Búsqueda de Vulnerabilidad		Buscar 219043 Descripciones CVE y 99761 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.120538

Categoría: Amazon Linux Local Security Checks

Título: Amazon Linux: Security Advisory (ALAS-2015-513)

Resumen: The remote host is missing an update announced via the referenced Security Advisory.

Descripción: Summary:
The remote host is missing an update announced via the referenced Security Advisory.

Vulnerability Insight:
A buffer overflow flaw was found in the way glibc's gethostbyname_r() and other related functions computed the size of a buffer when passed a misaligned buffer as input. An attacker able to make an application call any of these functions with a misaligned buffer could use this flaw to crash the application or, potentially, execute arbitrary code with the permissions of the user running the application. (CVE-2015-1781 )It was discovered that, under certain circumstances, glibc's getaddrinfo() function would send DNS queries to random file descriptors. An attacker could potentially use this flaw to send DNS queries to unintended recipients, resulting in information disclosure or data loss due to the application encountering corrupted data. (CVE-2013-7423 )

Solution:
Run yum update glibc to update your system.

CVSS Score:
6.8

CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2015-1781
BugTraq ID: 74255
http://www.securityfocus.com/bid/74255
Debian Security Information: DSA-3480 (Google Search)
http://www.debian.org/security/2016/dsa-3480
http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177404.html
https://security.gentoo.org/glsa/201602-02
https://www.sourceware.org/ml/libc-alpha/2015-08/msg00609.html
RedHat Security Advisories: RHSA-2015:0863
https://rhn.redhat.com/errata/RHSA-2015-0863.html
http://www.securitytracker.com/id/1032178
SuSE Security Announcement: SUSE-SU-2015:1424 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00019.html
SuSE Security Announcement: SUSE-SU-2016:0470 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00036.html
http://www.ubuntu.com/usn/USN-2985-1
http://www.ubuntu.com/usn/USN-2985-2
Common Vulnerability Exposure (CVE) ID: CVE-2013-7423
BugTraq ID: 72844
http://www.securityfocus.com/bid/72844
http://seclists.org/fulldisclosure/2021/Sep/0
http://packetstormsecurity.com/files/164014/Moxa-Command-Injection-Cross-Site-Scripting-Vulnerable-Software.html
http://www.openwall.com/lists/oss-security/2015/01/28/20
http://rhn.redhat.com/errata/RHSA-2015-0863.html
RedHat Security Advisories: RHSA-2016:1207
https://access.redhat.com/errata/RHSA-2016:1207
SuSE Security Announcement: openSUSE-SU-2015:0351 (Google Search)
http://lists.opensuse.org/opensuse-updates/2015-02/msg00089.html
http://www.ubuntu.com/usn/USN-2519-1

Copyright Copyright (C) 2015 Eero Volotinen

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.120538
Categoría:	Amazon Linux Local Security Checks
Título:	Amazon Linux: Security Advisory (ALAS-2015-513)
Resumen:	The remote host is missing an update announced via the referenced Security Advisory.
Descripción:	Summary: The remote host is missing an update announced via the referenced Security Advisory. Vulnerability Insight: A buffer overflow flaw was found in the way glibc's gethostbyname_r() and other related functions computed the size of a buffer when passed a misaligned buffer as input. An attacker able to make an application call any of these functions with a misaligned buffer could use this flaw to crash the application or, potentially, execute arbitrary code with the permissions of the user running the application. (CVE-2015-1781 )It was discovered that, under certain circumstances, glibc's getaddrinfo() function would send DNS queries to random file descriptors. An attacker could potentially use this flaw to send DNS queries to unintended recipients, resulting in information disclosure or data loss due to the application encountering corrupted data. (CVE-2013-7423 ) Solution: Run yum update glibc to update your system. CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2015-1781 BugTraq ID: 74255 http://www.securityfocus.com/bid/74255 Debian Security Information: DSA-3480 (Google Search) http://www.debian.org/security/2016/dsa-3480 http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177404.html https://security.gentoo.org/glsa/201602-02 https://www.sourceware.org/ml/libc-alpha/2015-08/msg00609.html RedHat Security Advisories: RHSA-2015:0863 https://rhn.redhat.com/errata/RHSA-2015-0863.html http://www.securitytracker.com/id/1032178 SuSE Security Announcement: SUSE-SU-2015:1424 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00019.html SuSE Security Announcement: SUSE-SU-2016:0470 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00036.html http://www.ubuntu.com/usn/USN-2985-1 http://www.ubuntu.com/usn/USN-2985-2 Common Vulnerability Exposure (CVE) ID: CVE-2013-7423 BugTraq ID: 72844 http://www.securityfocus.com/bid/72844 http://seclists.org/fulldisclosure/2021/Sep/0 http://packetstormsecurity.com/files/164014/Moxa-Command-Injection-Cross-Site-Scripting-Vulnerable-Software.html http://www.openwall.com/lists/oss-security/2015/01/28/20 http://rhn.redhat.com/errata/RHSA-2015-0863.html RedHat Security Advisories: RHSA-2016:1207 https://access.redhat.com/errata/RHSA-2016:1207 SuSE Security Announcement: openSUSE-SU-2015:0351 (Google Search) http://lists.opensuse.org/opensuse-updates/2015-02/msg00089.html http://www.ubuntu.com/usn/USN-2519-1
Copyright	Copyright (C) 2015 Eero Volotinen