Mandrake Local Security Checks : Mandrake Security Advisory MDKSA-2006:218 (apache-mod_auth

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.57651

Categoría: Mandrake Local Security Checks

Título: Mandrake Security Advisory MDKSA-2006:218 (apache-mod_auth_kerb)

Resumen: NOSUMMARY

Descripción: Description:

The remote host is missing an update to apache-mod_auth_kerb
announced via advisory MDKSA-2006:218.

An off-by-one error in the der_get_oid function in mod_auth_kerb 5.0
allows remote attackers to cause a denial of service (crash) via a
crafted Kerberos message that triggers a heap-based buffer overflow in
the component array.

Packages have been patched to correct this issue.

Affected: Corporate 4.0

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

http://www.securityspace.com/smysecure/catid.html?in=MDKSA-2006:218

Risk factor : Medium

CVSS Score:
5.0

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2006-5989
1017348
http://securitytracker.com/id?1017348
21214
http://www.securityfocus.com/bid/21214
23023
http://secunia.com/advisories/23023
23251
http://secunia.com/advisories/23251
23681
http://secunia.com/advisories/23681
23820
http://secunia.com/advisories/23820
ADV-2006-4633
http://www.vupen.com/english/advisories/2006/4633
DSA-1247
http://www.debian.org/security/2007/dsa-1247
GLSA-200701-14
http://security.gentoo.org/glsa/glsa-200701-14.xml
MDKSA-2006:218
http://www.mandriva.com/security/advisories?name=MDKSA-2006:218
RHSA-2006:0746
http://www.redhat.com/support/errata/RHSA-2006-0746.html
apache-modauthkerb-offbyone-bo(30456)
https://exchange.xforce.ibmcloud.com/vulnerabilities/30456
https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=136650
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=206736
oval:org.mitre.oval:def:10051
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10051

Copyright Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.57651
Categoría:	Mandrake Local Security Checks
Título:	Mandrake Security Advisory MDKSA-2006:218 (apache-mod_auth_kerb)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to apache-mod_auth_kerb announced via advisory MDKSA-2006:218. An off-by-one error in the der_get_oid function in mod_auth_kerb 5.0 allows remote attackers to cause a denial of service (crash) via a crafted Kerberos message that triggers a heap-based buffer overflow in the component array. Packages have been patched to correct this issue. Affected: Corporate 4.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. http://www.securityspace.com/smysecure/catid.html?in=MDKSA-2006:218 Risk factor : Medium CVSS Score: 5.0
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2006-5989 1017348 http://securitytracker.com/id?1017348 21214 http://www.securityfocus.com/bid/21214 23023 http://secunia.com/advisories/23023 23251 http://secunia.com/advisories/23251 23681 http://secunia.com/advisories/23681 23820 http://secunia.com/advisories/23820 ADV-2006-4633 http://www.vupen.com/english/advisories/2006/4633 DSA-1247 http://www.debian.org/security/2007/dsa-1247 GLSA-200701-14 http://security.gentoo.org/glsa/glsa-200701-14.xml MDKSA-2006:218 http://www.mandriva.com/security/advisories?name=MDKSA-2006:218 RHSA-2006:0746 http://www.redhat.com/support/errata/RHSA-2006-0746.html apache-modauthkerb-offbyone-bo(30456) https://exchange.xforce.ibmcloud.com/vulnerabilities/30456 https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=136650 https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=206736 oval:org.mitre.oval:def:10051 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10051
Copyright	Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com