 |
Inicial ▼ Bookkeeping
Online ▼ Auditorias ▼
DNS
Administrado ▼
Acerca de DNS
Ordenar/Renovar
Preguntas Frecuentes
AUP
Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password Monitoreo
de Redes ▼
Enterprise
Avanzado
Estándarr
Prueba
Preguntas Frecuentes
Resumen de Precio/Funciones
Ordenar
Muestras
Configure/Status Alert Profiles | ||
| ID de Prueba: | 1.3.6.1.4.1.25623.1.0.50543 |
| Categoría: | Mandrake Local Security Checks |
| Título: | Mandrake Security Advisory MDKSA-2004:061 (dhcp) |
| Resumen: | NOSUMMARY |
| Descripción: | Description: The remote host is missing an update to dhcp announced via advisory MDKSA-2004:061. A vulnerability in how ISC's DHCPD handles syslog messages can allow a malicious attacker with the ability to send special packets to the DHCPD listening port to crash the daemon, causing a Denial of Service. It is also possible that they may be able to execute arbitrary code on the vulnerable server with the permissions of the user running DHCPD, which is usually root. A similar vulnerability also exists in the way ISC's DHCPD makes use of the vsnprintf() function on system that do not support vsnprintf(). This vulnerability could also be used to execute arbitrary code and/or perform a DoS attack. The vsnprintf() statements that have this problem are defined after the vulnerable code noted above, which would trigger the previous problem rather than this one. Thanks to Gregory Duchemin and Solar Designer for discovering these flaws. The updated packages contain 3.0.1rc14 which is not vulnerable to these problems. Only ISC DHCPD 3.0.1rc12 and 3.0.1rc13 are vulnerable to these issues. Affected versions: 10.0, 9.2 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. http://www.securityspace.com/smysecure/catid.html?in=MDKSA-2004:061 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0460 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0461 http://www.kb.cert.org/vuls/id/317350 http://www.kb.cert.org/vuls/id/654390 Risk factor : Critical CVSS Score: 10.0 |
| Referencia Cruzada: |
Common Vulnerability Exposure (CVE) ID: CVE-2004-0460 BugTraq ID: 10590 http://www.securityfocus.com/bid/10590 Bugtraq: 20040622 DHCP Vuln // no code 0day // (Google Search) http://marc.info/?l=bugtraq&m=108795911203342&w=2 Bugtraq: 20040628 ISC DHCP overflows (Google Search) http://marc.info/?l=bugtraq&m=108843959502356&w=2 Bugtraq: 20040708 [OpenPKG-SA-2004.031] OpenPKG Security Advisory (dhcpd) (Google Search) http://marc.info/?l=bugtraq&m=108938625206063&w=2 Cert/CC Advisory: TA04-174A http://www.us-cert.gov/cas/techalerts/TA04-174A.html CERT/CC vulnerability note: VU#317350 http://www.kb.cert.org/vuls/id/317350 http://www.mandriva.com/security/advisories?name=MDKSA-2004:061 http://secunia.com/advisories/23265 SuSE Security Announcement: SuSE-SA:2004:019 (Google Search) http://www.novell.com/linux/security/advisories/2004_19_dhcp_server.html XForce ISS Database: dhcp-ascii-log-bo(16475) https://exchange.xforce.ibmcloud.com/vulnerabilities/16475 Common Vulnerability Exposure (CVE) ID: CVE-2004-0461 BugTraq ID: 10591 http://www.securityfocus.com/bid/10591 CERT/CC vulnerability note: VU#654390 http://www.kb.cert.org/vuls/id/654390 XForce ISS Database: dhcp-c-include-bo(16476) https://exchange.xforce.ibmcloud.com/vulnerabilities/16476 |
| Copyright | Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com |
| Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora. |