Red Hat Local Security Checks : RedHat Security Advisory RHSA-2003:201

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.50984

Categoría: Red Hat Local Security Checks

Título: RedHat Security Advisory RHSA-2003:201

Resumen: NOSUMMARY

Descripción: Description:

The remote host is missing updates announced in
advisory RHSA-2003:201.

The ypserv package contains the Network Information Service (NIS) server.

A vulnerability has been discovered in the ypserv NIS server prior to
version 2.7. If a malicious client queries ypserv via TCP and subsequently
ignores the server's response, ypserv will block attempting to send the
reply. This results in ypserv failing to respond to other client requests.

Versions 2.7 and above of ypserv have been altered to fork a child for each
client request, thus preventing any one request from causing the server to
block.

Red Hat recommends that users of NIS upgrade to these packages, which
contain version 2.8.0 of ypserv and are therefore not vulnerable to this issue.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2003-201.html
http://www.linux-nis.org/nis/ypserv/ChangeLog

Risk factor : Medium

CVSS Score:
5.0

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2003-0251
BugTraq ID: 8031
http://www.securityfocus.com/bid/8031
HPdes Security Advisory: HPSBTU02132
http://www.securityfocus.com/archive/1/440454/100/0/threaded
HPdes Security Advisory: SSRT061154
http://www.mandriva.com/security/advisories?name=MDKSA-2003:072
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A667
http://www.redhat.com/support/errata/RHSA-2003-173.html
http://www.redhat.com/support/errata/RHSA-2003-201.html
http://securitytracker.com/id?1016517
http://secunia.com/advisories/21112
http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F55600&zone_32=category%3Asecurity
TurboLinux Advisory: TLSA-2003-43
http://www.turbolinux.com/security/TLSA-2003-43.txt
http://www.vupen.com/english/advisories/2006/2873

Copyright Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.50984
Categoría:	Red Hat Local Security Checks
Título:	RedHat Security Advisory RHSA-2003:201
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory RHSA-2003:201. The ypserv package contains the Network Information Service (NIS) server. A vulnerability has been discovered in the ypserv NIS server prior to version 2.7. If a malicious client queries ypserv via TCP and subsequently ignores the server's response, ypserv will block attempting to send the reply. This results in ypserv failing to respond to other client requests. Versions 2.7 and above of ypserv have been altered to fork a child for each client request, thus preventing any one request from causing the server to block. Red Hat recommends that users of NIS upgrade to these packages, which contain version 2.8.0 of ypserv and are therefore not vulnerable to this issue. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2003-201.html http://www.linux-nis.org/nis/ypserv/ChangeLog Risk factor : Medium CVSS Score: 5.0
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2003-0251 BugTraq ID: 8031 http://www.securityfocus.com/bid/8031 HPdes Security Advisory: HPSBTU02132 http://www.securityfocus.com/archive/1/440454/100/0/threaded HPdes Security Advisory: SSRT061154 http://www.mandriva.com/security/advisories?name=MDKSA-2003:072 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A667 http://www.redhat.com/support/errata/RHSA-2003-173.html http://www.redhat.com/support/errata/RHSA-2003-201.html http://securitytracker.com/id?1016517 http://secunia.com/advisories/21112 http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F55600&zone_32=category%3Asecurity TurboLinux Advisory: TLSA-2003-43 http://www.turbolinux.com/security/TLSA-2003-43.txt http://www.vupen.com/english/advisories/2006/2873
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com