Red Hat Local Security Checks : RedHat Security Advisory RHSA-2010:0756

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.68129

Categoría: Red Hat Local Security Checks

Título: RedHat Security Advisory RHSA-2010:0756

Resumen: NOSUMMARY

Descripción: Description:
The remote host is missing updates announced in
advisory RHSA-2010:0756.

Red Hat Enterprise MRG (Messaging, Realtime and Grid) is a real-time IT
infrastructure for enterprise computing. MRG Messaging implements the
Advanced Message Queuing Protocol (AMQP) standard, adding persistence
options, kernel optimizations, and operating system services.

A flaw was found in the way SSL connections to the MRG Messaging broker
were handled. A connection (from a user or client application) to the
broker's SSL port would prevent the broker from responding to any other
connections on that port, until the first connection's SSL handshake
completed or failed. A remote user could use this flaw to block connections
from legitimate clients. Note that this issue only affected connections to
the SSL port. The broker does not listen for SSL connections by default.
(CVE-2010-3083)

A flaw was found in the way the MRG Messaging broker handled the receipt of
large persistent messages. If a remote, authenticated user sent a very
large persistent message, the broker could exhaust stack memory, causing
the broker to crash. (CVE-2010-3701)

All Red Hat Enterprise MRG users are advised to upgrade to these updated
packages, which correct these issues. After installing the updated
packages, the qpidd service must be restarted (service qpidd restart) for
this update to take effect.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2010-0756.html
http://www.redhat.com/security/updates/classification/#moderate

Risk factor : Medium

CVSS Score:
4.3

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2010-3083
41710
http://secunia.com/advisories/41710
RHSA-2010:0756
http://www.redhat.com/support/errata/RHSA-2010-0756.html
RHSA-2010:0757
http://www.redhat.com/support/errata/RHSA-2010-0757.html
[oss-security] 20101007 qpidd SSL connection DoS (CVE-2010-3083)
http://www.openwall.com/lists/oss-security/2010/10/08/1
http://svn.apache.org/viewvc/qpid/trunk/qpid/cpp/src/qpid/sys/ssl/SslSocket.cpp?r1=790291&r2=790290&pathrev=790291&view=patch
https://bugzilla.redhat.com/show_bug.cgi?id=632657
Common Vulnerability Exposure (CVE) ID: CVE-2010-3701
https://bugzilla.redhat.com/show_bug.cgi?id=634014
https://bugzilla.redhat.com/show_bug.cgi?id=640006

Copyright Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.68129
Categoría:	Red Hat Local Security Checks
Título:	RedHat Security Advisory RHSA-2010:0756
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory RHSA-2010:0756. Red Hat Enterprise MRG (Messaging, Realtime and Grid) is a real-time IT infrastructure for enterprise computing. MRG Messaging implements the Advanced Message Queuing Protocol (AMQP) standard, adding persistence options, kernel optimizations, and operating system services. A flaw was found in the way SSL connections to the MRG Messaging broker were handled. A connection (from a user or client application) to the broker's SSL port would prevent the broker from responding to any other connections on that port, until the first connection's SSL handshake completed or failed. A remote user could use this flaw to block connections from legitimate clients. Note that this issue only affected connections to the SSL port. The broker does not listen for SSL connections by default. (CVE-2010-3083) A flaw was found in the way the MRG Messaging broker handled the receipt of large persistent messages. If a remote, authenticated user sent a very large persistent message, the broker could exhaust stack memory, causing the broker to crash. (CVE-2010-3701) All Red Hat Enterprise MRG users are advised to upgrade to these updated packages, which correct these issues. After installing the updated packages, the qpidd service must be restarted (service qpidd restart) for this update to take effect. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2010-0756.html http://www.redhat.com/security/updates/classification/#moderate Risk factor : Medium CVSS Score: 4.3
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2010-3083 41710 http://secunia.com/advisories/41710 RHSA-2010:0756 http://www.redhat.com/support/errata/RHSA-2010-0756.html RHSA-2010:0757 http://www.redhat.com/support/errata/RHSA-2010-0757.html [oss-security] 20101007 qpidd SSL connection DoS (CVE-2010-3083) http://www.openwall.com/lists/oss-security/2010/10/08/1 http://svn.apache.org/viewvc/qpid/trunk/qpid/cpp/src/qpid/sys/ssl/SslSocket.cpp?r1=790291&r2=790290&pathrev=790291&view=patch https://bugzilla.redhat.com/show_bug.cgi?id=632657 Common Vulnerability Exposure (CVE) ID: CVE-2010-3701 https://bugzilla.redhat.com/show_bug.cgi?id=634014 https://bugzilla.redhat.com/show_bug.cgi?id=640006
Copyright	Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com