Mageia Linux Local Security Checks : Mageia: Security Advisory (MGASA-2014-0018)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.1.10.2014.0018

Categoría: Mageia Linux Local Security Checks

Título: Mageia: Security Advisory (MGASA-2014-0018)

Resumen: The remote host is missing an update for the 'memcached' package(s) announced via the MGASA-2014-0018 advisory.

Descripción: Summary:
The remote host is missing an update for the 'memcached' package(s) announced via the MGASA-2014-0018 advisory.

Vulnerability Insight:
Updated memcached packages fix security vulnerability:

It was reported that SASL authentication could be bypassed due to a flaw
related to the management of the SASL authentication state. With a specially
crafted request, a remote attacker may be able to authenticate with invalid
SASL credentials (CVE-2013-7239).

Multiple issues in memcached before 1.4.17 which allow remote attackers to
cause a denial of service by sending a request that causes a crash when
memcached is running in verbose mode (CVE-2013-0179, CVE-2013-7290,
CVE-2013-7291).

Affected Software/OS:
'memcached' package(s) on Mageia 3.

Solution:
Please install the updated package(s).

CVSS Score:
4.8

CVSS Vector:
AV:A/AC:L/Au:N/C:P/I:P/A:N

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2013-0179
56183
http://secunia.com/advisories/56183
64978
http://www.securityfocus.com/bid/64978
USN-2080-1
http://www.ubuntu.com/usn/USN-2080-1
[oss-security] 20130114 CVE request: memcached DoS when printing out keys to be deleted in verbose mode
http://www.openwall.com/lists/oss-security/2013/01/14/4
[oss-security] 20130114 Re: CVE request: memcached DoS when printing out keys to be deleted in verbose mode
http://www.openwall.com/lists/oss-security/2013/01/14/6
https://bugzilla.redhat.com/show_bug.cgi?id=895054
https://code.google.com/p/memcached/issues/attachmentText?id=306&aid=3060004000&name=0001-Fix-buffer-overrun-when-logging-key-to-delete-in-bin.patch&token=3GEzHThBL5cxmUrsYANkW03RrNY%3A1358179503096
https://code.google.com/p/memcached/issues/detail?id=306
https://code.google.com/p/memcached/wiki/ReleaseNotes1417
Common Vulnerability Exposure (CVE) ID: CVE-2013-7239
BugTraq ID: 64559
http://www.securityfocus.com/bid/64559
Debian Security Information: DSA-2832 (Google Search)
http://www.debian.org/security/2014/dsa-2832
http://seclists.org/oss-sec/2013/q4/572
Common Vulnerability Exposure (CVE) ID: CVE-2013-7290
BugTraq ID: 64988
http://www.securityfocus.com/bid/64988
Common Vulnerability Exposure (CVE) ID: CVE-2013-7291
BugTraq ID: 64989
http://www.securityfocus.com/bid/64989

Copyright Copyright (C) 2022 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.1.10.2014.0018
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2014-0018)
Resumen:	The remote host is missing an update for the 'memcached' package(s) announced via the MGASA-2014-0018 advisory.
Descripción:	Summary: The remote host is missing an update for the 'memcached' package(s) announced via the MGASA-2014-0018 advisory. Vulnerability Insight: Updated memcached packages fix security vulnerability: It was reported that SASL authentication could be bypassed due to a flaw related to the management of the SASL authentication state. With a specially crafted request, a remote attacker may be able to authenticate with invalid SASL credentials (CVE-2013-7239). Multiple issues in memcached before 1.4.17 which allow remote attackers to cause a denial of service by sending a request that causes a crash when memcached is running in verbose mode (CVE-2013-0179, CVE-2013-7290, CVE-2013-7291). Affected Software/OS: 'memcached' package(s) on Mageia 3. Solution: Please install the updated package(s). CVSS Score: 4.8 CVSS Vector: AV:A/AC:L/Au:N/C:P/I:P/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2013-0179 56183 http://secunia.com/advisories/56183 64978 http://www.securityfocus.com/bid/64978 USN-2080-1 http://www.ubuntu.com/usn/USN-2080-1 [oss-security] 20130114 CVE request: memcached DoS when printing out keys to be deleted in verbose mode http://www.openwall.com/lists/oss-security/2013/01/14/4 [oss-security] 20130114 Re: CVE request: memcached DoS when printing out keys to be deleted in verbose mode http://www.openwall.com/lists/oss-security/2013/01/14/6 https://bugzilla.redhat.com/show_bug.cgi?id=895054 https://code.google.com/p/memcached/issues/attachmentText?id=306&aid=3060004000&name=0001-Fix-buffer-overrun-when-logging-key-to-delete-in-bin.patch&token=3GEzHThBL5cxmUrsYANkW03RrNY%3A1358179503096 https://code.google.com/p/memcached/issues/detail?id=306 https://code.google.com/p/memcached/wiki/ReleaseNotes1417 Common Vulnerability Exposure (CVE) ID: CVE-2013-7239 BugTraq ID: 64559 http://www.securityfocus.com/bid/64559 Debian Security Information: DSA-2832 (Google Search) http://www.debian.org/security/2014/dsa-2832 http://seclists.org/oss-sec/2013/q4/572 Common Vulnerability Exposure (CVE) ID: CVE-2013-7290 BugTraq ID: 64988 http://www.securityfocus.com/bid/64988 Common Vulnerability Exposure (CVE) ID: CVE-2013-7291 BugTraq ID: 64989 http://www.securityfocus.com/bid/64989
Copyright	Copyright (C) 2022 Greenbone AG