Red Hat Local Security Checks : RedHat Security Advisory RHSA-2003:305

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.51009

Categoría: Red Hat Local Security Checks

Título: RedHat Security Advisory RHSA-2003:305

Resumen: NOSUMMARY

Descripción: Description:

The remote host is missing updates announced in
advisory RHSA-2003:305.

Zebra an open source implementation of TCP/IP routing software.

Jonny Robertson reported that Zebra can be remotely crashed if a Zebra
password has been enabled and a remote attacker can connect to the Zebra
telnet management port. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CVE-2003-0795 to this issue.

Herbert Xu reported that Zebra can accept spoofed messages sent on the
kernel netlink interface by other users on the local machine. This could
lead to a local denial of service attack. The Common Vulnerabilities and
Exposures project (cve.mitre.org) has assigned the name CVE-2003-0858 to
this issue.

Users of Zebra should upgrade to these erratum packages, which contain
a patch preventing Zebra from crashing when it receives a telnet option
delimiter without any option data, and a patch that checks that netlink
messages actually came from the kernel.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2003-305.html

Risk factor : Medium

CVSS Score:
5.0

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2003-0795
Bugtraq: 20031114 Quagga remote vulnerability (Google Search)
http://marc.info/?l=bugtraq&m=106883387304266&w=2
Debian Security Information: DSA-415 (Google Search)
http://www.debian.org/security/2004/dsa-415
http://www.redhat.com/support/errata/RHSA-2003-305.html
http://www.redhat.com/support/errata/RHSA-2003-307.html
http://secunia.com/advisories/10563
Common Vulnerability Exposure (CVE) ID: CVE-2003-0858
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10169
http://www.redhat.com/support/errata/RHSA-2003-315.html

Copyright Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.51009
Categoría:	Red Hat Local Security Checks
Título:	RedHat Security Advisory RHSA-2003:305
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory RHSA-2003:305. Zebra an open source implementation of TCP/IP routing software. Jonny Robertson reported that Zebra can be remotely crashed if a Zebra password has been enabled and a remote attacker can connect to the Zebra telnet management port. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2003-0795 to this issue. Herbert Xu reported that Zebra can accept spoofed messages sent on the kernel netlink interface by other users on the local machine. This could lead to a local denial of service attack. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2003-0858 to this issue. Users of Zebra should upgrade to these erratum packages, which contain a patch preventing Zebra from crashing when it receives a telnet option delimiter without any option data, and a patch that checks that netlink messages actually came from the kernel. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2003-305.html Risk factor : Medium CVSS Score: 5.0
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2003-0795 Bugtraq: 20031114 Quagga remote vulnerability (Google Search) http://marc.info/?l=bugtraq&m=106883387304266&w=2 Debian Security Information: DSA-415 (Google Search) http://www.debian.org/security/2004/dsa-415 http://www.redhat.com/support/errata/RHSA-2003-305.html http://www.redhat.com/support/errata/RHSA-2003-307.html http://secunia.com/advisories/10563 Common Vulnerability Exposure (CVE) ID: CVE-2003-0858 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10169 http://www.redhat.com/support/errata/RHSA-2003-315.html
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com