Conectiva Local Security Checks : Conectiva Security Advisory CLA-2003:616

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.51402

Categoría: Conectiva Local Security Checks

Título: Conectiva Security Advisory CLA-2003:616

Resumen: NOSUMMARY

Descripción: Description:

The remote host is missing updates announced in
advisory CLA-2003:616.

The package dhcp provides a Dynamic Host Configuration Protocol[1]
server developed by ISC (ISC DHCPD).

Florian Lohoff discovered[2] a vulnerability[3,4] in the way dhcrelay
(part of the dhcp package) forwards malicious BOOTP packets it
receives to the dhcp servers it contacts. An attacker could exploit
this vulnerability to generate a storm of BOOTP packets, causing a
denial of service condition or a misbehavior by the part of the dhcp
server.

The Common Vulnerabilities and Exposures project (cve.mitre.org) is
tracking[5] this issue with the name CVE-2003-0039.

The packages provided with this announcement fix these
vulnerabilities with a patch, keeping the original version. Please
note that Conectiva Linux versions prior to 8 do not ship dhcp 3.0
and therefore are not vulnerable to this problem.

Solution:
The apt tool can be used to perform RPM package upgrades
by running 'apt-get update' followed by 'apt-get upgrade'

http://www.ietf.org/rfc/rfc2131.txt
http://online.securityfocus.com/archive/1/307451
http://online.securityfocus.com/bid/6628
http://www.kb.cert.org/vuls/id/149953
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0039
http://www.securityspace.com/smysecure/catid.html?in=CLA-2003:616
http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=002003

Risk factor : Medium

CVSS Score:
5.0

Referencia Cruzada: BugTraq ID: 6628
Common Vulnerability Exposure (CVE) ID: CVE-2003-0039
http://www.securityfocus.com/bid/6628
Bugtraq: 20030115 DoS against DHCP infrastructure with isc dhcrelay (Google Search)
http://marc.info/?l=bugtraq&m=104310927813830&w=2
Bugtraq: 20030219 [OpenPKG-SA-2003.012] OpenPKG Security Advisory (dhcpd) (Google Search)
http://www.openpkg.org/security/OpenPKG-SA-2003.012-dhcpd.html
CERT/CC vulnerability note: VU#149953
http://www.kb.cert.org/vuls/id/149953
Conectiva Linux advisory: CLSA-2003:616
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000616
Debian Security Information: DSA-245 (Google Search)
http://www.debian.org/security/2003/dsa-245
http://www.redhat.com/support/errata/RHSA-2003-034.html
TurboLinux Advisory: TLSA-2003-26
http://cc.turbolinux.com/security/TLSA-2003-26.txt
XForce ISS Database: dhcp-dhcrelay-dos(11187)
https://exchange.xforce.ibmcloud.com/vulnerabilities/11187

Copyright Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.51402
Categoría:	Conectiva Local Security Checks
Título:	Conectiva Security Advisory CLA-2003:616
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory CLA-2003:616. The package dhcp provides a Dynamic Host Configuration Protocol[1] server developed by ISC (ISC DHCPD). Florian Lohoff discovered[2] a vulnerability[3,4] in the way dhcrelay (part of the dhcp package) forwards malicious BOOTP packets it receives to the dhcp servers it contacts. An attacker could exploit this vulnerability to generate a storm of BOOTP packets, causing a denial of service condition or a misbehavior by the part of the dhcp server. The Common Vulnerabilities and Exposures project (cve.mitre.org) is tracking[5] this issue with the name CVE-2003-0039. The packages provided with this announcement fix these vulnerabilities with a patch, keeping the original version. Please note that Conectiva Linux versions prior to 8 do not ship dhcp 3.0 and therefore are not vulnerable to this problem. Solution: The apt tool can be used to perform RPM package upgrades by running 'apt-get update' followed by 'apt-get upgrade' http://www.ietf.org/rfc/rfc2131.txt http://online.securityfocus.com/archive/1/307451 http://online.securityfocus.com/bid/6628 http://www.kb.cert.org/vuls/id/149953 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0039 http://www.securityspace.com/smysecure/catid.html?in=CLA-2003:616 http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=002003 Risk factor : Medium CVSS Score: 5.0
Referencia Cruzada:	BugTraq ID: 6628 Common Vulnerability Exposure (CVE) ID: CVE-2003-0039 http://www.securityfocus.com/bid/6628 Bugtraq: 20030115 DoS against DHCP infrastructure with isc dhcrelay (Google Search) http://marc.info/?l=bugtraq&m=104310927813830&w=2 Bugtraq: 20030219 [OpenPKG-SA-2003.012] OpenPKG Security Advisory (dhcpd) (Google Search) http://www.openpkg.org/security/OpenPKG-SA-2003.012-dhcpd.html CERT/CC vulnerability note: VU#149953 http://www.kb.cert.org/vuls/id/149953 Conectiva Linux advisory: CLSA-2003:616 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000616 Debian Security Information: DSA-245 (Google Search) http://www.debian.org/security/2003/dsa-245 http://www.redhat.com/support/errata/RHSA-2003-034.html TurboLinux Advisory: TLSA-2003-26 http://cc.turbolinux.com/security/TLSA-2003-26.txt XForce ISS Database: dhcp-dhcrelay-dos(11187) https://exchange.xforce.ibmcloud.com/vulnerabilities/11187
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com