Red Hat Local Security Checks : RedHat Security Advisory RHSA-2002:224

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.51224

Categoría: Red Hat Local Security Checks

Título: RedHat Security Advisory RHSA-2002:224

Resumen: NOSUMMARY

Descripción: Description:

The remote host is missing updates announced in
advisory RHSA-2002:224.

Updated ypserv packages which fix a memory leak are now available for Red
Hat Linux Advanced Server.

[Updated 08 Jan 2003]
Added fixed packages for the Itanium (IA64) architecture.

[Updated 06 Feb 2003]
Added fixed packages for Advanced Workstation 2.1

ypserv is an NIS authentication server. ypserv versions before 2.5 contain
a memory leak that can be triggered remotely.

When someone requests a map that doesn't exist, a previous mapname may be
leaked. This happens, for instance, if you run 'ypmatch foo
aaaaaaaaaaaaaaaaaaaa'. Repeated runs will result in the yp server using
more and more memory, and running more slowly. It could also result in
ypserv being killed due to the system being out of memory.

This errata updates Red Hat Advanced Server 2.1 to a patched version of
ypserv that doesn't have the memory leak.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2002-224.html

Risk factor : Medium

CVSS Score:
5.0

Referencia Cruzada: BugTraq ID: 6016
Common Vulnerability Exposure (CVE) ID: CVE-2002-1232
http://www.securityfocus.com/bid/6016
Bugtraq: 20021028 GLSA: ypserv (Google Search)
http://marc.info/?l=bugtraq&m=103582692228894&w=2
Caldera Security Advisory: CSSA-2002-054.0
ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-054.0.txt
Conectiva Linux advisory: CLA-2002:539
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000539
Debian Security Information: DSA-180 (Google Search)
http://www.debian.org/security/2002/dsa-180
HPdes Security Advisory: HPSBTL0210-074
http://online.securityfocus.com/advisories/4605
http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-078.php
http://www.redhat.com/support/errata/RHSA-2002-223.html
http://www.redhat.com/support/errata/RHSA-2002-224.html
http://www.redhat.com/support/errata/RHSA-2003-229.html
http://www.iss.net/security_center/static/10423.php

Copyright Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.51224
Categoría:	Red Hat Local Security Checks
Título:	RedHat Security Advisory RHSA-2002:224
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory RHSA-2002:224. Updated ypserv packages which fix a memory leak are now available for Red Hat Linux Advanced Server. [Updated 08 Jan 2003] Added fixed packages for the Itanium (IA64) architecture. [Updated 06 Feb 2003] Added fixed packages for Advanced Workstation 2.1 ypserv is an NIS authentication server. ypserv versions before 2.5 contain a memory leak that can be triggered remotely. When someone requests a map that doesn't exist, a previous mapname may be leaked. This happens, for instance, if you run 'ypmatch foo aaaaaaaaaaaaaaaaaaaa'. Repeated runs will result in the yp server using more and more memory, and running more slowly. It could also result in ypserv being killed due to the system being out of memory. This errata updates Red Hat Advanced Server 2.1 to a patched version of ypserv that doesn't have the memory leak. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2002-224.html Risk factor : Medium CVSS Score: 5.0
Referencia Cruzada:	BugTraq ID: 6016 Common Vulnerability Exposure (CVE) ID: CVE-2002-1232 http://www.securityfocus.com/bid/6016 Bugtraq: 20021028 GLSA: ypserv (Google Search) http://marc.info/?l=bugtraq&m=103582692228894&w=2 Caldera Security Advisory: CSSA-2002-054.0 ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-054.0.txt Conectiva Linux advisory: CLA-2002:539 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000539 Debian Security Information: DSA-180 (Google Search) http://www.debian.org/security/2002/dsa-180 HPdes Security Advisory: HPSBTL0210-074 http://online.securityfocus.com/advisories/4605 http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-078.php http://www.redhat.com/support/errata/RHSA-2002-223.html http://www.redhat.com/support/errata/RHSA-2002-224.html http://www.redhat.com/support/errata/RHSA-2003-229.html http://www.iss.net/security_center/static/10423.php
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com