Conectiva Local Security Checks : Conectiva Security Advisory CLA-2003:786

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.51487

Categoría: Conectiva Local Security Checks

Título: Conectiva Security Advisory CLA-2003:786

Resumen: NOSUMMARY

Descripción: Description:

The remote host is missing updates announced in
advisory CLA-2003:786.

Zebra[1] is a multi-server routing software package which provides
TCP/IP based routing protocols also with IPv6 support such as RIP,
OSPF, BGP and so on.

This update fixes the following vulnerabilities:

1) Denial of service via telnet CLI interface (CVE-2003-0795)[2][3]
Remote attackers can cause a denial of service via a malformed telnet
command to the telnet CLI port.

2) Denial of service via netlink messages (CVE-2003-0858)[4]
Local users to cause a denial of service by sending spoofed messages
to zebra as other users via the kernel netlink interface.

Solution:
The apt tool can be used to perform RPM package upgrades
by running 'apt-get update' followed by 'apt-get upgrade'

http://www.securityspace.com/smysecure/catid.html?in=CLA-2003:786
http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=002003

Risk factor : Medium

CVSS Score:
5.0

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2003-0795
Bugtraq: 20031114 Quagga remote vulnerability (Google Search)
http://marc.info/?l=bugtraq&m=106883387304266&w=2
Debian Security Information: DSA-415 (Google Search)
http://www.debian.org/security/2004/dsa-415
http://www.redhat.com/support/errata/RHSA-2003-305.html
http://www.redhat.com/support/errata/RHSA-2003-307.html
http://secunia.com/advisories/10563
Common Vulnerability Exposure (CVE) ID: CVE-2003-0858
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10169
http://www.redhat.com/support/errata/RHSA-2003-315.html

Copyright Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.51487
Categoría:	Conectiva Local Security Checks
Título:	Conectiva Security Advisory CLA-2003:786
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory CLA-2003:786. Zebra[1] is a multi-server routing software package which provides TCP/IP based routing protocols also with IPv6 support such as RIP, OSPF, BGP and so on. This update fixes the following vulnerabilities: 1) Denial of service via telnet CLI interface (CVE-2003-0795)[2][3] Remote attackers can cause a denial of service via a malformed telnet command to the telnet CLI port. 2) Denial of service via netlink messages (CVE-2003-0858)[4] Local users to cause a denial of service by sending spoofed messages to zebra as other users via the kernel netlink interface. Solution: The apt tool can be used to perform RPM package upgrades by running 'apt-get update' followed by 'apt-get upgrade' http://www.securityspace.com/smysecure/catid.html?in=CLA-2003:786 http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=002003 Risk factor : Medium CVSS Score: 5.0
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2003-0795 Bugtraq: 20031114 Quagga remote vulnerability (Google Search) http://marc.info/?l=bugtraq&m=106883387304266&w=2 Debian Security Information: DSA-415 (Google Search) http://www.debian.org/security/2004/dsa-415 http://www.redhat.com/support/errata/RHSA-2003-305.html http://www.redhat.com/support/errata/RHSA-2003-307.html http://secunia.com/advisories/10563 Common Vulnerability Exposure (CVE) ID: CVE-2003-0858 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10169 http://www.redhat.com/support/errata/RHSA-2003-315.html
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com