Red Hat Local Security Checks : RedHat Security Advisory RHSA-2008:0581

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.61259

Categoría: Red Hat Local Security Checks

Título: RedHat Security Advisory RHSA-2008:0581

Resumen: NOSUMMARY

Descripción: Description:

The remote host is missing updates announced in
advisory RHSA-2008:0581.

The bluez-libs package contains libraries for use in Bluetooth
applications. The bluez-utils package contains Bluetooth daemons and utilities.

An input validation flaw was found in the Bluetooth Session Description
Protocol (SDP) packet parser used by the Bluez Bluetooth utilities. A
Bluetooth device with an already-established trust relationship, or a local
user registering a service record via a UNIXÂ® socket or D-Bus interface,
could cause a crash, or possibly execute arbitrary code with privileges of
the hcid daemon. (CVE-2008-2374)

Users of bluez-libs and bluez-utils are advised to upgrade to these updated
packages, which contains a backported patch to correct this issue.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2008-0581.html
http://www.redhat.com/security/updates/classification/#moderate

Risk factor : High

CVSS Score:
7.5

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2008-2374
1020479
http://www.securitytracker.com/id?1020479
30105
http://www.securityfocus.com/bid/30105
30957
http://secunia.com/advisories/30957
31057
http://secunia.com/advisories/31057
31833
http://secunia.com/advisories/31833
32099
http://secunia.com/advisories/32099
32279
http://secunia.com/advisories/32279
34280
http://secunia.com/advisories/34280
ADV-2008-2096
http://www.vupen.com/english/advisories/2008/2096/references
FEDORA-2008-6133
https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00233.html
FEDORA-2008-6140
https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00396.html
GLSA-200903-29
http://security.gentoo.org/glsa/glsa-200903-29.xml
MDVSA-2008:145
http://www.mandriva.com/security/advisories?name=MDVSA-2008:145
RHSA-2008:0581
http://www.redhat.com/support/errata/RHSA-2008-0581.html
SUSE-SR:2008:019
http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00005.html
[bluez-devel] 20080616 SDP payload processing vulnerability
http://sourceforge.net/mailarchive/message.php?msg_name=b32d44000806161327u680c290au54fd21f2fef1d58e%40mail.gmail.com
http://www.bluez.org/bluez-334/
oval:org.mitre.oval:def:9973
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9973

Copyright Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.61259
Categoría:	Red Hat Local Security Checks
Título:	RedHat Security Advisory RHSA-2008:0581
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory RHSA-2008:0581. The bluez-libs package contains libraries for use in Bluetooth applications. The bluez-utils package contains Bluetooth daemons and utilities. An input validation flaw was found in the Bluetooth Session Description Protocol (SDP) packet parser used by the Bluez Bluetooth utilities. A Bluetooth device with an already-established trust relationship, or a local user registering a service record via a UNIXÂ® socket or D-Bus interface, could cause a crash, or possibly execute arbitrary code with privileges of the hcid daemon. (CVE-2008-2374) Users of bluez-libs and bluez-utils are advised to upgrade to these updated packages, which contains a backported patch to correct this issue. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2008-0581.html http://www.redhat.com/security/updates/classification/#moderate Risk factor : High CVSS Score: 7.5
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2008-2374 1020479 http://www.securitytracker.com/id?1020479 30105 http://www.securityfocus.com/bid/30105 30957 http://secunia.com/advisories/30957 31057 http://secunia.com/advisories/31057 31833 http://secunia.com/advisories/31833 32099 http://secunia.com/advisories/32099 32279 http://secunia.com/advisories/32279 34280 http://secunia.com/advisories/34280 ADV-2008-2096 http://www.vupen.com/english/advisories/2008/2096/references FEDORA-2008-6133 https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00233.html FEDORA-2008-6140 https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00396.html GLSA-200903-29 http://security.gentoo.org/glsa/glsa-200903-29.xml MDVSA-2008:145 http://www.mandriva.com/security/advisories?name=MDVSA-2008:145 RHSA-2008:0581 http://www.redhat.com/support/errata/RHSA-2008-0581.html SUSE-SR:2008:019 http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00005.html [bluez-devel] 20080616 SDP payload processing vulnerability http://sourceforge.net/mailarchive/message.php?msg_name=b32d44000806161327u680c290au54fd21f2fef1d58e%40mail.gmail.com http://www.bluez.org/bluez-334/ oval:org.mitre.oval:def:9973 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9973
Copyright	Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com