ID de Prueba:	1.3.6.1.4.1.25623.1.0.882781
Categoría:	CentOS Local Security Checks
Título:	CentOS Update for dnsmasq CESA-2017:2838 centos6
Resumen:	Check the version of dnsmasq
Descripción:	Summary: Check the version of dnsmasq Vulnerability Insight: The dnsmasq packages contain Dnsmasq, a lightweight DNS (Domain Name Server) forwarder and DHCP (Dynamic Host Configuration Protocol) server. Security Fix(es): * A heap buffer overflow was found in dnsmasq in the code responsible for building DNS replies. An attacker could send crafted DNS packets to dnsmasq which would cause it to crash or, potentially, execute arbitrary code. (CVE-2017-14491) Red Hat would like to thank Felix Wilhelm (Google Security Team), Fermin J. Serna (Google Security Team), Gabriel Campana (Google Security Team), Kevin Hamacher (Google Security Team), and Ron Bowes (Google Security Team) for reporting this issue. Affected Software/OS: dnsmasq on CentOS 6 Solution: Please Install the Updated Packages. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2017-14491 BugTraq ID: 101085 http://www.securityfocus.com/bid/101085 BugTraq ID: 101977 http://www.securityfocus.com/bid/101977 CERT/CC vulnerability note: VU#973527 https://www.kb.cert.org/vuls/id/973527 Debian Security Information: DSA-3989 (Google Search) http://www.debian.org/security/2017/dsa-3989 https://www.debian.org/security/2017/dsa-3989 https://www.exploit-db.com/exploits/42941/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YXRZ2W6TV6NLUJC5NOFBSG6PZSMDTYPV/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5MMPCJOYPPL4B5RBY4U425PWG7EETDTD/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/527KNN34RN2SB6MBJG7CKSEBWYE3TJEB/ https://security.gentoo.org/glsa/201710-27 http://packetstormsecurity.com/files/144480/Dnsmasq-2-Byte-Heap-Based-Overflow.html https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html https://www.arista.com/en/support/advisories-notices/security-advisories/3577-security-advisory-30 https://www.mail-archive.com/dnsmasq-discuss@lists.thekelleys.org.uk/msg11665.html https://www.mail-archive.com/dnsmasq-discuss@lists.thekelleys.org.uk/msg11664.html RedHat Security Advisories: RHSA-2017:2836 https://access.redhat.com/errata/RHSA-2017:2836 RedHat Security Advisories: RHSA-2017:2837 https://access.redhat.com/errata/RHSA-2017:2837 RedHat Security Advisories: RHSA-2017:2838 https://access.redhat.com/errata/RHSA-2017:2838 RedHat Security Advisories: RHSA-2017:2839 https://access.redhat.com/errata/RHSA-2017:2839 RedHat Security Advisories: RHSA-2017:2840 https://access.redhat.com/errata/RHSA-2017:2840 RedHat Security Advisories: RHSA-2017:2841 https://access.redhat.com/errata/RHSA-2017:2841 http://www.securitytracker.com/id/1039474 SuSE Security Announcement: SUSE-SU-2017:2616 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00003.html SuSE Security Announcement: SUSE-SU-2017:2617 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00004.html SuSE Security Announcement: SUSE-SU-2017:2619 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00005.html SuSE Security Announcement: openSUSE-SU-2017:2633 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00006.html http://www.ubuntu.com/usn/USN-3430-1 http://www.ubuntu.com/usn/USN-3430-2 http://www.ubuntu.com/usn/USN-3430-3
Copyright	Copyright (C) 2017 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.