 |
Inicial ▼ Bookkeeping
Online ▼ Auditorias ▼
DNS
Administrado ▼
Acerca de DNS
Ordenar/Renovar
Preguntas Frecuentes
AUP
Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password Monitoreo
de Redes ▼
Enterprise
Avanzado
Estándarr
Prueba
Preguntas Frecuentes
Resumen de Precio/Funciones
Ordenar
Muestras
Configure/Status Alert Profiles | ||
| ID de Prueba: | 1.3.6.1.4.1.25623.1.0.51395 |
| Categoría: | Conectiva Local Security Checks |
| Título: | Conectiva Security Advisory CLA-2003:567 |
| Resumen: | NOSUMMARY |
| Descripción: | Description: The remote host is missing updates announced in advisory CLA-2003:567. The mcrypt package contains libmcrypt, a decryption and encryption library with support for various algorithms. Ilia Alshanetsky found[1] several buffer overflows vulnerabilities[2] in libmcrypt. These vulnerabilities basically consist of improper or lack of validation for some input (which in some scenarios can came from a local user or from a network connection). Another vulnerability[3] exists in the way libmcrypt loads algorithms via libtool. When different algorithms are loaded dynamically a small part of memory is leaked. In a persistant environment, an attacker can exhaust all available memory by launching repeated requests to an application that utilizes the mcrypt library. These vulnerabilites are fixed in libmcrypt version 2.5.5, and the changes were backported to mcrypt-2.4.9 in Conectiva Linux 7.0 and mcrypt-2.4.18 in Conectiva Linux 8. Conectiva Linux 6.0 does not ship the mcrypt package. Solution: The apt tool can be used to perform RPM package upgrades by running 'apt-get update' followed by 'apt-get upgrade' http://marc.theaimsgroup.com/?l=bugtraq&m=104162752401212&w=2 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0031 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0032 http://www.securityspace.com/smysecure/catid.html?in=CLA-2003:567 http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=002003 Risk factor : High CVSS Score: 7.5 |
| Referencia Cruzada: |
Common Vulnerability Exposure (CVE) ID: CVE-2003-0031 BugTraq ID: 6510 http://www.securityfocus.com/bid/6510 Bugtraq: 20030103 Multiple libmcrypt vulnerabilities (Google Search) http://marc.info/?l=bugtraq&m=104162752401212&w=2 Bugtraq: 20030105 GLSA: libmcrypt (Google Search) http://marc.info/?l=bugtraq&m=104188513728573&w=2 Conectiva Linux advisory: CLA-2003:567 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000567 Debian Security Information: DSA-228 (Google Search) http://www.debian.org/security/2003/dsa-228 http://www.securitytracker.com/id?1006181 SuSE Security Announcement: SuSE-SA:2003:0010 (Google Search) Common Vulnerability Exposure (CVE) ID: CVE-2003-0032 BugTraq ID: 6512 http://www.securityfocus.com/bid/6512 http://www.iss.net/security_center/static/10988.php |
| Copyright | Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com |
| Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora. |