ID de Prueba:	1.3.6.1.4.1.25623.1.0.880710
Categoría:	CentOS Local Security Checks
Título:	CentOS Update for dhclient CESA-2009:1154 centos3 i386
Resumen:	The remote host is missing an update for the 'dhclient'; package(s) announced via the referenced advisory.
Descripción:	Summary: The remote host is missing an update for the 'dhclient' package(s) announced via the referenced advisory. Vulnerability Insight: The Dynamic Host Configuration Protocol (DHCP) is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. The Mandriva Linux Engineering Team discovered a stack-based buffer overflow flaw in the ISC DHCP client. If the DHCP client were to receive a malicious DHCP response, it could crash or execute arbitrary code with the permissions of the client (root). (CVE-2009-0692) An insecure temporary file use flaw was discovered in the DHCP daemon's init script ('/etc/init.d/dhcpd'). A local attacker could use this flaw to overwrite an arbitrary file with the output of the 'dhcpd -t' command via a symbolic link attack, if a system administrator executed the DHCP init script with the 'configtest', &'restart', or 'reload' option. (CVE-2009-1893) Users of DHCP should upgrade to these updated packages, which contain backported patches to correct these issues. Affected Software/OS: dhclient on CentOS 3 Solution: Please install the updated packages. CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2009-0692 BugTraq ID: 35668 http://www.securityfocus.com/bid/35668 CERT/CC vulnerability note: VU#410676 http://www.kb.cert.org/vuls/id/410676 Debian Security Information: DSA-1833 (Google Search) http://www.debian.org/security/2009/dsa-1833 https://www.redhat.com/archives/fedora-package-announce/2009-August/msg01177.html https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00340.html http://security.gentoo.org/glsa/glsa-200907-12.xml HPdes Security Advisory: HPSBMA02554 http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02286083 HPdes Security Advisory: SSRT100018 http://www.mandriva.com/security/advisories?name=MDVSA-2009:151 NETBSD Security Advisory: NetBSD-SA2009-010 http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-010.txt.asc http://www.osvdb.org/55819 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10758 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5941 http://www.redhat.com/support/errata/RHSA-2009-1136.html http://www.redhat.com/support/errata/RHSA-2009-1154.html http://www.securitytracker.com/id?1022548 http://secunia.com/advisories/35785 http://secunia.com/advisories/35829 http://secunia.com/advisories/35830 http://secunia.com/advisories/35831 http://secunia.com/advisories/35832 http://secunia.com/advisories/35841 http://secunia.com/advisories/35849 http://secunia.com/advisories/35850 http://secunia.com/advisories/35851 http://secunia.com/advisories/35880 http://secunia.com/advisories/36457 http://secunia.com/advisories/37342 http://secunia.com/advisories/40551 http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.561471 SuSE Security Announcement: SUSE-SA:2009:037 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00003.html http://www.ubuntu.com/usn/usn-803-1 http://www.vupen.com/english/advisories/2009/1891 http://www.vupen.com/english/advisories/2010/1796 Common Vulnerability Exposure (CVE) ID: CVE-2009-1893 1022554 http://securitytracker.com/id?1022554 35670 http://www.securityfocus.com/bid/35670 35831 RHSA-2009:1154 dhcp-dhcpdt-symlink(51718) https://exchange.xforce.ibmcloud.com/vulnerabilities/51718 https://bugzilla.redhat.com/show_bug.cgi?id=510024 oval:org.mitre.oval:def:11597 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11597 oval:org.mitre.oval:def:6440 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6440
Copyright	Copyright (C) 2011 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.