Red Hat Local Security Checks : RedHat Security Advisory RHSA-2003:085

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.50988

Categoría: Red Hat Local Security Checks

Título: RedHat Security Advisory RHSA-2003:085

Resumen: NOSUMMARY

Descripción: Description:

The remote host is missing updates announced in
advisory RHSA-2003:085.

Tcpdump is a command-line tool for monitoring network traffic.

The ISAKMP parser in tcpdump 3.6 through 3.7.1 allows remote attackers to
cause a denial of service (CPU consumption) via a certain malformed ISAKMP
packet to UDP port 500, which causes tcpdump to enter an infinite loop.

Users of tcpdump are advised to upgrade to these errata packages which
contain a patch to correct this issue.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2003-085.html
http://www.idefense.com/advisory/02.27.03.txt

Risk factor : Medium

CVSS Score:
5.0

Referencia Cruzada: BugTraq ID: 6974
Common Vulnerability Exposure (CVE) ID: CVE-2003-0108
http://www.securityfocus.com/bid/6974
Bugtraq: 20030227 iDEFENSE Security Advisory 02.27.03: TCPDUMP Denial of Service Vulnerability in ISAKMP Packet Parsin (Google Search)
http://marc.info/?l=bugtraq&m=104637420104189&w=2
Bugtraq: 20030304 [OpenPKG-SA-2003.014] OpenPKG Security Advisory (tcpdump) (Google Search)
http://marc.info/?l=bugtraq&m=104678787109030&w=2
Conectiva Linux advisory: CLA-2003:629
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000629
Debian Security Information: DSA-255 (Google Search)
http://www.debian.org/security/2003/dsa-255
http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:027
http://www.idefense.com/advisory/02.27.03.txt
http://www.redhat.com/support/errata/RHSA-2003-032.html
http://www.redhat.com/support/errata/RHSA-2003-085.html
http://www.redhat.com/support/errata/RHSA-2003-214.html
SuSE Security Announcement: SuSE-SA:2003:0015 (Google Search)
http://www.novell.com/linux/security/advisories/2003_015_tcpdump.html
http://www.iss.net/security_center/static/11434.php

Copyright Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.50988
Categoría:	Red Hat Local Security Checks
Título:	RedHat Security Advisory RHSA-2003:085
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory RHSA-2003:085. Tcpdump is a command-line tool for monitoring network traffic. The ISAKMP parser in tcpdump 3.6 through 3.7.1 allows remote attackers to cause a denial of service (CPU consumption) via a certain malformed ISAKMP packet to UDP port 500, which causes tcpdump to enter an infinite loop. Users of tcpdump are advised to upgrade to these errata packages which contain a patch to correct this issue. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2003-085.html http://www.idefense.com/advisory/02.27.03.txt Risk factor : Medium CVSS Score: 5.0
Referencia Cruzada:	BugTraq ID: 6974 Common Vulnerability Exposure (CVE) ID: CVE-2003-0108 http://www.securityfocus.com/bid/6974 Bugtraq: 20030227 iDEFENSE Security Advisory 02.27.03: TCPDUMP Denial of Service Vulnerability in ISAKMP Packet Parsin (Google Search) http://marc.info/?l=bugtraq&m=104637420104189&w=2 Bugtraq: 20030304 [OpenPKG-SA-2003.014] OpenPKG Security Advisory (tcpdump) (Google Search) http://marc.info/?l=bugtraq&m=104678787109030&w=2 Conectiva Linux advisory: CLA-2003:629 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000629 Debian Security Information: DSA-255 (Google Search) http://www.debian.org/security/2003/dsa-255 http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:027 http://www.idefense.com/advisory/02.27.03.txt http://www.redhat.com/support/errata/RHSA-2003-032.html http://www.redhat.com/support/errata/RHSA-2003-085.html http://www.redhat.com/support/errata/RHSA-2003-214.html SuSE Security Announcement: SuSE-SA:2003:0015 (Google Search) http://www.novell.com/linux/security/advisories/2003_015_tcpdump.html http://www.iss.net/security_center/static/11434.php
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com