Mandrake Local Security Checks : Mandrake Security Advisory MDKSA-2003:003 (dhcpcd)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.50665

Categoría: Mandrake Local Security Checks

Título: Mandrake Security Advisory MDKSA-2003:003 (dhcpcd)

Resumen: NOSUMMARY

Descripción: Description:

The remote host is missing an update to dhcpcd
announced via advisory MDKSA-2003:003.

A vulnerability was discovered by Simon Kelley in the dhcpcd DHCP
client daemon. dhcpcd has the ability to execute an external script
named dhcpcd-.exe when an IP address is assigned to that
network interface. The script sources the file
/var/lib/dhcpcd/dhcpcd-.info which contains shell variables
and DHCP assignment information. The way quotes are handled inside
these assignments is flawed, and a malicious DHCP server can execute
arbitrary shell commands on the vulnerable DHCP client system. This
can also be exploited by an attacker able to spoof DHCP responses.

Mandrake Linux packages contain a sample /etc/dhcpc/dhcpcd.exe file
and encourages all users to upgrade immediately. Please note that
when you do upgrade, you will have to restart the network for the
changes to take proper effect by issuing service network restart
as root.

Affected versions: 7.2, 8.0, 8.1, 8.2, 9.0,
Multi Network Firewall 8.2,

Single Network Firewall 7.2

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

http://www.securityspace.com/smysecure/catid.html?in=MDKSA-2003:003
http://www.phystech.com/download/dhcdcd_changelog.html

Risk factor : High

Copyright Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.50665
Categoría:	Mandrake Local Security Checks
Título:	Mandrake Security Advisory MDKSA-2003:003 (dhcpcd)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to dhcpcd announced via advisory MDKSA-2003:003. A vulnerability was discovered by Simon Kelley in the dhcpcd DHCP client daemon. dhcpcd has the ability to execute an external script named dhcpcd-.exe when an IP address is assigned to that network interface. The script sources the file /var/lib/dhcpcd/dhcpcd-.info which contains shell variables and DHCP assignment information. The way quotes are handled inside these assignments is flawed, and a malicious DHCP server can execute arbitrary shell commands on the vulnerable DHCP client system. This can also be exploited by an attacker able to spoof DHCP responses. Mandrake Linux packages contain a sample /etc/dhcpc/dhcpcd.exe file and encourages all users to upgrade immediately. Please note that when you do upgrade, you will have to restart the network for the changes to take proper effect by issuing service network restart as root. Affected versions: 7.2, 8.0, 8.1, 8.2, 9.0, Multi Network Firewall 8.2, Single Network Firewall 7.2 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. http://www.securityspace.com/smysecure/catid.html?in=MDKSA-2003:003 http://www.phystech.com/download/dhcdcd_changelog.html Risk factor : High
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com