Mageia Linux Local Security Checks : Mageia: Security Advisory (MGASA-2018-0413)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.1.10.2018.0413

Categoría: Mageia Linux Local Security Checks

Título: Mageia: Security Advisory (MGASA-2018-0413)

Resumen: The remote host is missing an update for the 'busybox' package(s) announced via the MGASA-2018-0413 advisory.

Descripción: Summary:
The remote host is missing an update for the 'busybox' package(s) announced via the MGASA-2018-0413 advisory.

Vulnerability Insight:
Unziping a specially crafted zip file results in a computation of an
invalid pointer and a crash reading an invalid address (CVE-2015-9261).

Affected Software/OS:
'busybox' package(s) on Mageia 6.

Solution:
Please install the updated package(s).

CVSS Score:
4.3

CVSS Vector:
AV:N/AC:M/Au:N/C:N/I:N/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2015-9261
Bugtraq: 20190613 SEC Consult SA-20190612-0 :: Multiple vulnerabilities in WAGO 852 Industrial Managed Switch Series (Google Search)
https://seclists.org/bugtraq/2019/Jun/14
Bugtraq: 20190904 SEC Consult SA-20190904-0 :: Multiple vulnerabilities in Cisco router series RV34X, RV26X and RV16X (Google Search)
https://seclists.org/bugtraq/2019/Sep/7
http://seclists.org/fulldisclosure/2019/Jun/18
http://seclists.org/fulldisclosure/2019/Sep/7
http://seclists.org/fulldisclosure/2020/Aug/20
http://seclists.org/fulldisclosure/2022/Jun/36
http://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html
http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html
http://packetstormsecurity.com/files/167552/Nexans-FTTO-GigaSwitch-Outdated-Components-Hardcoded-Backdoor.html
http://www.openwall.com/lists/oss-security/2015/10/25/3
https://bugs.debian.org/803097
https://git.busybox.net/busybox/commit/?id=1de25a6e87e0e627aa34298105a3d17c60a1f44e
https://lists.debian.org/debian-lts-announce/2018/07/msg00037.html
https://lists.debian.org/debian-lts-announce/2021/02/msg00020.html
https://usn.ubuntu.com/3935-1/

Copyright Copyright (C) 2022 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.1.10.2018.0413
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2018-0413)
Resumen:	The remote host is missing an update for the 'busybox' package(s) announced via the MGASA-2018-0413 advisory.
Descripción:	Summary: The remote host is missing an update for the 'busybox' package(s) announced via the MGASA-2018-0413 advisory. Vulnerability Insight: Unziping a specially crafted zip file results in a computation of an invalid pointer and a crash reading an invalid address (CVE-2015-9261). Affected Software/OS: 'busybox' package(s) on Mageia 6. Solution: Please install the updated package(s). CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2015-9261 Bugtraq: 20190613 SEC Consult SA-20190612-0 :: Multiple vulnerabilities in WAGO 852 Industrial Managed Switch Series (Google Search) https://seclists.org/bugtraq/2019/Jun/14 Bugtraq: 20190904 SEC Consult SA-20190904-0 :: Multiple vulnerabilities in Cisco router series RV34X, RV26X and RV16X (Google Search) https://seclists.org/bugtraq/2019/Sep/7 http://seclists.org/fulldisclosure/2019/Jun/18 http://seclists.org/fulldisclosure/2019/Sep/7 http://seclists.org/fulldisclosure/2020/Aug/20 http://seclists.org/fulldisclosure/2022/Jun/36 http://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html http://packetstormsecurity.com/files/167552/Nexans-FTTO-GigaSwitch-Outdated-Components-Hardcoded-Backdoor.html http://www.openwall.com/lists/oss-security/2015/10/25/3 https://bugs.debian.org/803097 https://git.busybox.net/busybox/commit/?id=1de25a6e87e0e627aa34298105a3d17c60a1f44e https://lists.debian.org/debian-lts-announce/2018/07/msg00037.html https://lists.debian.org/debian-lts-announce/2021/02/msg00020.html https://usn.ubuntu.com/3935-1/
Copyright	Copyright (C) 2022 Greenbone AG