Mageia Linux Local Security Checks : Mageia: Security Advisory (MGASA-2020-0139)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.1.10.2020.0139

Categoría: Mageia Linux Local Security Checks

Título: Mageia: Security Advisory (MGASA-2020-0139)

Resumen: The remote host is missing an update for the 'ppp' package(s) announced via the MGASA-2020-0139 advisory.

Descripción: Summary:
The remote host is missing an update for the 'ppp' package(s) announced via the MGASA-2020-0139 advisory.

Vulnerability Insight:
Updated ppp packages fix security vulnerability:

Ilja Van Sprundel discovered a buffer overflow vulnerability in ppp.
When receiving an EAP Request message in client mode, an attacker was
able to overflow the rhostname array by providing a very long name
(CVE-2020-8597).

Affected Software/OS:
'ppp' package(s) on Mageia 7.

Solution:
Please install the updated package(s).

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2020-8597
CERT/CC vulnerability note: VU#782301
https://www.kb.cert.org/vuls/id/782301
Debian Security Information: DSA-4632 (Google Search)
https://www.debian.org/security/2020/dsa-4632
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YOFDAIOWSWPG732ASYUZNINMXDHY4APE/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UNJNHWOO4XF73M2W56ILZUY4JQG3JXIR/
http://seclists.org/fulldisclosure/2020/Mar/6
https://security.gentoo.org/glsa/202003-19
http://packetstormsecurity.com/files/156662/pppd-2.4.8-Buffer-Overflow.html
http://packetstormsecurity.com/files/156802/pppd-2.4.8-Buffer-Overflow.html
https://cert-portal.siemens.com/productcert/pdf/ssa-809841.pdf
https://github.com/paulusmack/ppp/commit/8d7970b8f3db727fe798b65f3377fe6787575426
https://us-cert.cisa.gov/ics/advisories/icsa-20-224-04
https://lists.debian.org/debian-lts-announce/2020/02/msg00005.html
RedHat Security Advisories: RHSA-2020:0630
https://access.redhat.com/errata/RHSA-2020:0630
RedHat Security Advisories: RHSA-2020:0631
https://access.redhat.com/errata/RHSA-2020:0631
RedHat Security Advisories: RHSA-2020:0633
https://access.redhat.com/errata/RHSA-2020:0633
RedHat Security Advisories: RHSA-2020:0634
https://access.redhat.com/errata/RHSA-2020:0634
SuSE Security Announcement: openSUSE-SU-2020:0286 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00006.html
https://usn.ubuntu.com/4288-1/
https://usn.ubuntu.com/4288-2/

Copyright Copyright (C) 2022 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.1.10.2020.0139
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2020-0139)
Resumen:	The remote host is missing an update for the 'ppp' package(s) announced via the MGASA-2020-0139 advisory.
Descripción:	Summary: The remote host is missing an update for the 'ppp' package(s) announced via the MGASA-2020-0139 advisory. Vulnerability Insight: Updated ppp packages fix security vulnerability: Ilja Van Sprundel discovered a buffer overflow vulnerability in ppp. When receiving an EAP Request message in client mode, an attacker was able to overflow the rhostname array by providing a very long name (CVE-2020-8597). Affected Software/OS: 'ppp' package(s) on Mageia 7. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2020-8597 CERT/CC vulnerability note: VU#782301 https://www.kb.cert.org/vuls/id/782301 Debian Security Information: DSA-4632 (Google Search) https://www.debian.org/security/2020/dsa-4632 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YOFDAIOWSWPG732ASYUZNINMXDHY4APE/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UNJNHWOO4XF73M2W56ILZUY4JQG3JXIR/ http://seclists.org/fulldisclosure/2020/Mar/6 https://security.gentoo.org/glsa/202003-19 http://packetstormsecurity.com/files/156662/pppd-2.4.8-Buffer-Overflow.html http://packetstormsecurity.com/files/156802/pppd-2.4.8-Buffer-Overflow.html https://cert-portal.siemens.com/productcert/pdf/ssa-809841.pdf https://github.com/paulusmack/ppp/commit/8d7970b8f3db727fe798b65f3377fe6787575426 https://us-cert.cisa.gov/ics/advisories/icsa-20-224-04 https://lists.debian.org/debian-lts-announce/2020/02/msg00005.html RedHat Security Advisories: RHSA-2020:0630 https://access.redhat.com/errata/RHSA-2020:0630 RedHat Security Advisories: RHSA-2020:0631 https://access.redhat.com/errata/RHSA-2020:0631 RedHat Security Advisories: RHSA-2020:0633 https://access.redhat.com/errata/RHSA-2020:0633 RedHat Security Advisories: RHSA-2020:0634 https://access.redhat.com/errata/RHSA-2020:0634 SuSE Security Announcement: openSUSE-SU-2020:0286 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00006.html https://usn.ubuntu.com/4288-1/ https://usn.ubuntu.com/4288-2/
Copyright	Copyright (C) 2022 Greenbone AG