ID de Prueba:	1.3.6.1.4.1.25623.1.0.69455
Categoría:	Mandrake Local Security Checks
Título:	Mandriva Security Advisory MDVSA-2011:073 (dhcp)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to dhcp announced via advisory MDVSA-2011:073. A vulnerability has been found and corrected in ISC DHCP: dhclient in ISC DHCP 3.0.x through 4.2.x before 4.2.1-P1, 3.1-ESV before 3.1-ESV-R1, and 4.1-ESV before 4.1-ESV-R2 allows remote attackers to execute arbitrary commands via shell metacharacters in a hostname obtained from a DHCP message (CVE-2011-0997). Additionally for Corporate Server 4 and Enterprise Server 5 ISC DHCP has been upgraded from the 3.0.7 version to the 4.1.2-P1 version which brings many enhancements such as better ipv6 support. Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&products_id=490 The updated packages have upgraded to the 4.1.2-P1 version and patched to correct this issue. Affected: 2009.0, 2010.0, 2010.1, Corporate 4.0, Enterprise Server 5.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. http://www.securityspace.com/smysecure/catid.html?in=MDVSA-2011:073 http://ftp.isc.org/isc/dhcp/dhcp-4.1.2-P1-RELNOTES Risk factor : High CVSS Score: 7.5
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2011-0997 BugTraq ID: 47176 http://www.securityfocus.com/bid/47176 CERT/CC vulnerability note: VU#107886 http://www.kb.cert.org/vuls/id/107886 Debian Security Information: DSA-2216 (Google Search) http://www.debian.org/security/2011/dsa-2216 Debian Security Information: DSA-2217 (Google Search) http://www.debian.org/security/2011/dsa-2217 https://www.exploit-db.com/exploits/37623/ http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057888.html http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058279.html http://security.gentoo.org/glsa/glsa-201301-06.xml HPdes Security Advisory: HPSBMU02752 http://marc.info/?l=bugtraq&m=133226187115472&w=2 HPdes Security Advisory: SSRT100802 http://www.mandriva.com/security/advisories?name=MDVSA-2011:073 http://www.osvdb.org/71493 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12812 http://www.redhat.com/support/errata/RHSA-2011-0428.html http://www.redhat.com/support/errata/RHSA-2011-0840.html http://securitytracker.com/id?1025300 http://secunia.com/advisories/44037 http://secunia.com/advisories/44048 http://secunia.com/advisories/44089 http://secunia.com/advisories/44090 http://secunia.com/advisories/44103 http://secunia.com/advisories/44127 http://secunia.com/advisories/44180 http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.593345 http://www.ubuntu.com/usn/USN-1108-1 http://www.vupen.com/english/advisories/2011/0879 http://www.vupen.com/english/advisories/2011/0886 http://www.vupen.com/english/advisories/2011/0909 http://www.vupen.com/english/advisories/2011/0915 http://www.vupen.com/english/advisories/2011/0926 http://www.vupen.com/english/advisories/2011/0965 http://www.vupen.com/english/advisories/2011/1000 XForce ISS Database: iscdhcp-dhclient-command-execution(66580) https://exchange.xforce.ibmcloud.com/vulnerabilities/66580
Copyright	Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.