Mandrake Local Security Checks : Mandrake Security Advisory MDKSA-2002:050 (glibc)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.50826

Categoría: Mandrake Local Security Checks

Título: Mandrake Security Advisory MDKSA-2002:050 (glibc)

Resumen: NOSUMMARY

Descripción: Description:

The remote host is missing an update to glibc
announced via advisory MDKSA-2002:050.

A buffer overflow vulnerability was found in the way that the glibc
resolver handles the resolution of network names and addresses via DNS
in glibc versions 2.2.5 and earlier. Only systems using the dns
entry in the networks database in /etc/nsswitch.conf are vulnerable
to this issue. By default, Mandrake Linux has this database set to
files and is not vulnerable. Likewise, a similar bug is in the
glibc-compat packages which provide compatability for programs compiled
against 2.0.x versions of glibc.

Affected versions: 7.1, 7.2, 8.0, 8.1, 8.2, Corporate Server 1.0.1,
Single Network Firewall 7.2

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

http://www.securityspace.com/smysecure/catid.html?in=MDKSA-2002:050
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0684
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0651

Risk factor : High

CVSS Score:
7.5

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2002-0684
Bugtraq: 20020704 Re: Remote buffer overflow in resolver code of libc (Google Search)
http://marc.info/?l=bugtraq&m=102581482511612&w=2
http://www.cert.org/advisories/CA-2002-19.html
CERT/CC vulnerability note: VU#542971
http://www.kb.cert.org/vuls/id/542971
Conectiva Linux advisory: CLSA-2002:507
http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000507
http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-050.php
RedHat Security Advisories: RHSA-2002:139
http://rhn.redhat.com/errata/RHSA-2002-139.html
SuSE Security Announcement: SuSE-SA:2002:026 (Google Search)
Common Vulnerability Exposure (CVE) ID: CVE-2002-0651
AIX APAR: IY32719
http://archives.neohapsis.com/archives/aix/2002-q3/0001.html
AIX APAR: IY32746
BugTraq ID: 5100
http://www.securityfocus.com/bid/5100
Bugtraq: 20020626 Remote buffer overflow in resolver code of libc (Google Search)
http://marc.info/?l=bugtraq&m=102513011311504&w=2
Bugtraq: 20020704 [OpenPKG-SA-2002.006] OpenPKG Security Advisory (bind) (Google Search)
http://marc.info/?l=bugtraq&m=102579743329251&w=2
Caldera Security Advisory: CSSA-2002-SCO.37
ftp://ftp.caldera.com/pub/updates/UnixWare/CSSA-2002-SCO.37
Caldera Security Advisory: CSSA-2002-SCO.39
ftp://ftp.caldera.com/pub/updates/OpenServer/CSSA-2002-SCO.39
CERT/CC vulnerability note: VU#803539
http://www.kb.cert.org/vuls/id/803539
En Garde Linux Advisory: ESA-20020724-018
http://archives.neohapsis.com/archives/linux/engarde/2002-q3/0002.html
FreeBSD Security Advisory: FreeBSD-SA-02:28
http://marc.info/?l=bugtraq&m=102520962320134&w=2
http://frontal2.mandriva.com/security/advisories?name=MDKSA-2002:038
http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-043.php
http://www.pine.nl/advisories/pine-cert-20020601.txt
NETBSD Security Advisory: NetBSD-SA2002-006
ftp://ftp.NetBSD.ORG/pub/NetBSD/security/advisories/NetBSD-SA2002-006.txt.asc
http://archives.neohapsis.com/archives/ntbugtraq/2002-q3/0000.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4190
http://www.redhat.com/support/errata/RHSA-2002-119.html
http://www.redhat.com/support/errata/RHSA-2002-133.html
http://www.redhat.com/support/errata/RHSA-2002-167.html
http://www.redhat.com/support/errata/RHSA-2003-154.html
SGI Security Advisory: 20020701-01-I
ftp://patches.sgi.com/support/free/security/advisories/20020701-01-I/
http://www.iss.net/security_center/static/9432.php

Copyright Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.50826
Categoría:	Mandrake Local Security Checks
Título:	Mandrake Security Advisory MDKSA-2002:050 (glibc)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to glibc announced via advisory MDKSA-2002:050. A buffer overflow vulnerability was found in the way that the glibc resolver handles the resolution of network names and addresses via DNS in glibc versions 2.2.5 and earlier. Only systems using the dns entry in the networks database in /etc/nsswitch.conf are vulnerable to this issue. By default, Mandrake Linux has this database set to files and is not vulnerable. Likewise, a similar bug is in the glibc-compat packages which provide compatability for programs compiled against 2.0.x versions of glibc. Affected versions: 7.1, 7.2, 8.0, 8.1, 8.2, Corporate Server 1.0.1, Single Network Firewall 7.2 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. http://www.securityspace.com/smysecure/catid.html?in=MDKSA-2002:050 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0684 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0651 Risk factor : High CVSS Score: 7.5
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2002-0684 Bugtraq: 20020704 Re: Remote buffer overflow in resolver code of libc (Google Search) http://marc.info/?l=bugtraq&m=102581482511612&w=2 http://www.cert.org/advisories/CA-2002-19.html CERT/CC vulnerability note: VU#542971 http://www.kb.cert.org/vuls/id/542971 Conectiva Linux advisory: CLSA-2002:507 http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000507 http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-050.php RedHat Security Advisories: RHSA-2002:139 http://rhn.redhat.com/errata/RHSA-2002-139.html SuSE Security Announcement: SuSE-SA:2002:026 (Google Search) Common Vulnerability Exposure (CVE) ID: CVE-2002-0651 AIX APAR: IY32719 http://archives.neohapsis.com/archives/aix/2002-q3/0001.html AIX APAR: IY32746 BugTraq ID: 5100 http://www.securityfocus.com/bid/5100 Bugtraq: 20020626 Remote buffer overflow in resolver code of libc (Google Search) http://marc.info/?l=bugtraq&m=102513011311504&w=2 Bugtraq: 20020704 [OpenPKG-SA-2002.006] OpenPKG Security Advisory (bind) (Google Search) http://marc.info/?l=bugtraq&m=102579743329251&w=2 Caldera Security Advisory: CSSA-2002-SCO.37 ftp://ftp.caldera.com/pub/updates/UnixWare/CSSA-2002-SCO.37 Caldera Security Advisory: CSSA-2002-SCO.39 ftp://ftp.caldera.com/pub/updates/OpenServer/CSSA-2002-SCO.39 CERT/CC vulnerability note: VU#803539 http://www.kb.cert.org/vuls/id/803539 En Garde Linux Advisory: ESA-20020724-018 http://archives.neohapsis.com/archives/linux/engarde/2002-q3/0002.html FreeBSD Security Advisory: FreeBSD-SA-02:28 http://marc.info/?l=bugtraq&m=102520962320134&w=2 http://frontal2.mandriva.com/security/advisories?name=MDKSA-2002:038 http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-043.php http://www.pine.nl/advisories/pine-cert-20020601.txt NETBSD Security Advisory: NetBSD-SA2002-006 ftp://ftp.NetBSD.ORG/pub/NetBSD/security/advisories/NetBSD-SA2002-006.txt.asc http://archives.neohapsis.com/archives/ntbugtraq/2002-q3/0000.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4190 http://www.redhat.com/support/errata/RHSA-2002-119.html http://www.redhat.com/support/errata/RHSA-2002-133.html http://www.redhat.com/support/errata/RHSA-2002-167.html http://www.redhat.com/support/errata/RHSA-2003-154.html SGI Security Advisory: 20020701-01-I ftp://patches.sgi.com/support/free/security/advisories/20020701-01-I/ http://www.iss.net/security_center/static/9432.php
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com