Mandrake Local Security Checks : Mandrake Security Advisory MDVSA-2008:145 (bluez)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.61310

Categoría: Mandrake Local Security Checks

Título: Mandrake Security Advisory MDVSA-2008:145 (bluez)

Resumen: NOSUMMARY

Descripción: Description:

The remote host is missing an update to bluez
announced via advisory MDVSA-2008:145.

An input validation flaw was found in the Bluetooth Session Description
Protocol (SDP) packet parser used in the Bluez bluetooth utilities.
A bluetooth device with an already-trusted relationship, or a local
user registering a service record via a UNIX socket or D-Bus interface,
could cause a crash and potentially execute arbitrary code with the
privileges of the hcid daemon (CVE-2008-2374).

The updated packages have been patched to correct this issue.

Affected: 2007.1, 2008.0, 2008.1

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

http://www.securityspace.com/smysecure/catid.html?in=MDVSA-2008:145

Risk factor : High

CVSS Score:
7.5

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2008-2374
1020479
http://www.securitytracker.com/id?1020479
30105
http://www.securityfocus.com/bid/30105
30957
http://secunia.com/advisories/30957
31057
http://secunia.com/advisories/31057
31833
http://secunia.com/advisories/31833
32099
http://secunia.com/advisories/32099
32279
http://secunia.com/advisories/32279
34280
http://secunia.com/advisories/34280
ADV-2008-2096
http://www.vupen.com/english/advisories/2008/2096/references
FEDORA-2008-6133
https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00233.html
FEDORA-2008-6140
https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00396.html
GLSA-200903-29
http://security.gentoo.org/glsa/glsa-200903-29.xml
MDVSA-2008:145
http://www.mandriva.com/security/advisories?name=MDVSA-2008:145
RHSA-2008:0581
http://www.redhat.com/support/errata/RHSA-2008-0581.html
SUSE-SR:2008:019
http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00005.html
[bluez-devel] 20080616 SDP payload processing vulnerability
http://sourceforge.net/mailarchive/message.php?msg_name=b32d44000806161327u680c290au54fd21f2fef1d58e%40mail.gmail.com
http://www.bluez.org/bluez-334/
oval:org.mitre.oval:def:9973
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9973

Copyright Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.61310
Categoría:	Mandrake Local Security Checks
Título:	Mandrake Security Advisory MDVSA-2008:145 (bluez)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to bluez announced via advisory MDVSA-2008:145. An input validation flaw was found in the Bluetooth Session Description Protocol (SDP) packet parser used in the Bluez bluetooth utilities. A bluetooth device with an already-trusted relationship, or a local user registering a service record via a UNIX socket or D-Bus interface, could cause a crash and potentially execute arbitrary code with the privileges of the hcid daemon (CVE-2008-2374). The updated packages have been patched to correct this issue. Affected: 2007.1, 2008.0, 2008.1 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. http://www.securityspace.com/smysecure/catid.html?in=MDVSA-2008:145 Risk factor : High CVSS Score: 7.5
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2008-2374 1020479 http://www.securitytracker.com/id?1020479 30105 http://www.securityfocus.com/bid/30105 30957 http://secunia.com/advisories/30957 31057 http://secunia.com/advisories/31057 31833 http://secunia.com/advisories/31833 32099 http://secunia.com/advisories/32099 32279 http://secunia.com/advisories/32279 34280 http://secunia.com/advisories/34280 ADV-2008-2096 http://www.vupen.com/english/advisories/2008/2096/references FEDORA-2008-6133 https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00233.html FEDORA-2008-6140 https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00396.html GLSA-200903-29 http://security.gentoo.org/glsa/glsa-200903-29.xml MDVSA-2008:145 http://www.mandriva.com/security/advisories?name=MDVSA-2008:145 RHSA-2008:0581 http://www.redhat.com/support/errata/RHSA-2008-0581.html SUSE-SR:2008:019 http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00005.html [bluez-devel] 20080616 SDP payload processing vulnerability http://sourceforge.net/mailarchive/message.php?msg_name=b32d44000806161327u680c290au54fd21f2fef1d58e%40mail.gmail.com http://www.bluez.org/bluez-334/ oval:org.mitre.oval:def:9973 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9973
Copyright	Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com