Mandrake Local Security Checks : Mandrake Security Advisory MDVSA-2009:056 (net-snmp)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.63451

Categoría: Mandrake Local Security Checks

Título: Mandrake Security Advisory MDVSA-2009:056 (net-snmp)

Resumen: The remote host is missing an update to net-snmp;announced via advisory MDVSA-2009:056.

Descripción: Summary:
The remote host is missing an update to net-snmp
announced via advisory MDVSA-2009:056.

Vulnerability Insight:
A vulnerability has been identified and corrected in net-snmp:

The netsnmp_udp_fmtaddr function (snmplib/snmpUDPDomain.c) in
net-snmp 5.0.9 through 5.4.2, when using TCP wrappers for client
authorization, does not properly parse hosts.allow rules, which
allows remote attackers to bypass intended access restrictions
and execute SNMP queries, related to source/destination IP address
confusion. (CVE-2008-6123)

The updated packages have been patched to prevent this.

Affected: 2009.0

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:N

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2008-6123
http://net-snmp.svn.sourceforge.net/viewvc/net-snmp/trunk/net-snmp/snmplib/snmpUDPDomain.c?r1=17325&r2=17367&pathrev=17367
http://www.openwall.com/lists/oss-security/2009/02/12/2
http://www.openwall.com/lists/oss-security/2009/02/12/7
http://www.openwall.com/lists/oss-security/2009/02/12/4
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10289
http://www.redhat.com/support/errata/RHSA-2009-0295.html
http://www.securitytracker.com/id?1021921
http://secunia.com/advisories/34499
http://secunia.com/advisories/35416
http://secunia.com/advisories/35685
SuSE Security Announcement: SUSE-SR:2009:011 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html
SuSE Security Announcement: SUSE-SR:2009:012 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html
SuSE Security Announcement: SUSE-SR:2010:003 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00003.html

Copyright Copyright (C) 2009 E-Soft Inc.

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.63451
Categoría:	Mandrake Local Security Checks
Título:	Mandrake Security Advisory MDVSA-2009:056 (net-snmp)
Resumen:	The remote host is missing an update to net-snmp;announced via advisory MDVSA-2009:056.
Descripción:	Summary: The remote host is missing an update to net-snmp announced via advisory MDVSA-2009:056. Vulnerability Insight: A vulnerability has been identified and corrected in net-snmp: The netsnmp_udp_fmtaddr function (snmplib/snmpUDPDomain.c) in net-snmp 5.0.9 through 5.4.2, when using TCP wrappers for client authorization, does not properly parse hosts.allow rules, which allows remote attackers to bypass intended access restrictions and execute SNMP queries, related to source/destination IP address confusion. (CVE-2008-6123) The updated packages have been patched to prevent this. Affected: 2009.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2008-6123 http://net-snmp.svn.sourceforge.net/viewvc/net-snmp/trunk/net-snmp/snmplib/snmpUDPDomain.c?r1=17325&r2=17367&pathrev=17367 http://www.openwall.com/lists/oss-security/2009/02/12/2 http://www.openwall.com/lists/oss-security/2009/02/12/7 http://www.openwall.com/lists/oss-security/2009/02/12/4 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10289 http://www.redhat.com/support/errata/RHSA-2009-0295.html http://www.securitytracker.com/id?1021921 http://secunia.com/advisories/34499 http://secunia.com/advisories/35416 http://secunia.com/advisories/35685 SuSE Security Announcement: SUSE-SR:2009:011 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html SuSE Security Announcement: SUSE-SR:2009:012 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html SuSE Security Announcement: SUSE-SR:2010:003 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00003.html
Copyright	Copyright (C) 2009 E-Soft Inc.