 |
Inicial ▼ Bookkeeping
Online ▼ Auditorias ▼
DNS
Administrado ▼
Acerca de DNS
Ordenar/Renovar
Preguntas Frecuentes
AUP
Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password Monitoreo
de Redes ▼
Enterprise
Avanzado
Estándarr
Prueba
Preguntas Frecuentes
Resumen de Precio/Funciones
Ordenar
Muestras
Configure/Status Alert Profiles | ||
| ID de Prueba: | 1.3.6.1.4.1.25623.1.0.64387 |
| Categoría: | Red Hat Local Security Checks |
| Título: | RedHat Security Advisory RHSA-2009:1154 |
| Resumen: | The remote host is missing updates announced in;advisory RHSA-2009:1154.;;The Dynamic Host Configuration Protocol (DHCP) is a protocol that allows;individual devices on an IP network to get their own network configuration;information, including an IP address, a subnet mask, and a broadcast;address.;;The Mandriva Linux Engineering Team discovered a stack-based buffer;overflow flaw in the ISC DHCP client. If the DHCP client were to receive a;malicious DHCP response, it could crash or execute arbitrary code with the;permissions of the client (root). (CVE-2009-0692);;An insecure temporary file use flaw was discovered in the DHCP daemon's;init script (/etc/init.d/dhcpd). A local attacker could use this flaw to;overwrite an arbitrary file with the output of the dhcpd -t command via;a symbolic link attack, if a system administrator executed the DHCP init;script with the configtest, restart, or reload option.;(CVE-2009-1893);;Users of DHCP should upgrade to these updated packages, which contain;backported patches to correct these issues. |
| Descripción: | Summary: The remote host is missing updates announced in advisory RHSA-2009:1154. The Dynamic Host Configuration Protocol (DHCP) is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. The Mandriva Linux Engineering Team discovered a stack-based buffer overflow flaw in the ISC DHCP client. If the DHCP client were to receive a malicious DHCP response, it could crash or execute arbitrary code with the permissions of the client (root). (CVE-2009-0692) An insecure temporary file use flaw was discovered in the DHCP daemon's init script (/etc/init.d/dhcpd). A local attacker could use this flaw to overwrite an arbitrary file with the output of the dhcpd -t command via a symbolic link attack, if a system administrator executed the DHCP init script with the configtest, restart, or reload option. (CVE-2009-1893) Users of DHCP should upgrade to these updated packages, which contain backported patches to correct these issues. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C |
| Referencia Cruzada: |
Common Vulnerability Exposure (CVE) ID: CVE-2009-0692 BugTraq ID: 35668 http://www.securityfocus.com/bid/35668 CERT/CC vulnerability note: VU#410676 http://www.kb.cert.org/vuls/id/410676 Debian Security Information: DSA-1833 (Google Search) http://www.debian.org/security/2009/dsa-1833 https://www.redhat.com/archives/fedora-package-announce/2009-August/msg01177.html https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00340.html http://security.gentoo.org/glsa/glsa-200907-12.xml HPdes Security Advisory: HPSBMA02554 http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02286083 HPdes Security Advisory: SSRT100018 http://www.mandriva.com/security/advisories?name=MDVSA-2009:151 NETBSD Security Advisory: NetBSD-SA2009-010 http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-010.txt.asc http://www.osvdb.org/55819 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10758 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5941 http://www.redhat.com/support/errata/RHSA-2009-1136.html http://www.redhat.com/support/errata/RHSA-2009-1154.html http://www.securitytracker.com/id?1022548 http://secunia.com/advisories/35785 http://secunia.com/advisories/35829 http://secunia.com/advisories/35830 http://secunia.com/advisories/35831 http://secunia.com/advisories/35832 http://secunia.com/advisories/35841 http://secunia.com/advisories/35849 http://secunia.com/advisories/35850 http://secunia.com/advisories/35851 http://secunia.com/advisories/35880 http://secunia.com/advisories/36457 http://secunia.com/advisories/37342 http://secunia.com/advisories/40551 http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.561471 SuSE Security Announcement: SUSE-SA:2009:037 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00003.html http://www.ubuntu.com/usn/usn-803-1 http://www.vupen.com/english/advisories/2009/1891 http://www.vupen.com/english/advisories/2010/1796 Common Vulnerability Exposure (CVE) ID: CVE-2009-1893 1022554 http://securitytracker.com/id?1022554 35670 http://www.securityfocus.com/bid/35670 35831 RHSA-2009:1154 dhcp-dhcpdt-symlink(51718) https://exchange.xforce.ibmcloud.com/vulnerabilities/51718 https://bugzilla.redhat.com/show_bug.cgi?id=510024 oval:org.mitre.oval:def:11597 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11597 oval:org.mitre.oval:def:6440 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6440 |
| Copyright | Copyright (C) 2009 E-Soft Inc. |
| Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora. |