Mageia Linux Local Security Checks : Mageia: Security Advisory (MGASA-2020-0219)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.1.10.2020.0219

Categoría: Mageia Linux Local Security Checks

Título: Mageia: Security Advisory (MGASA-2020-0219)

Resumen: The remote host is missing an update for the 'libntlm' package(s) announced via the MGASA-2020-0219 advisory.

Descripción: Summary:
The remote host is missing an update for the 'libntlm' package(s) announced via the MGASA-2020-0219 advisory.

Vulnerability Insight:
Updated libntlm packages fix security vulnerability:

It was discovered that libntlm through 1.5 relies on a fixed buffer size
for tSmbNtlmAuthRequest, tSmbNtlmAuthChallenge, and tSmbNtlmAuthResponse
read and write operations, as demonstrated by a stack-based buffer
over-read in buildSmbNtlmAuthRequest in smbutil.c for a crafted NTLM
request (CVE-2019-17455).

Affected Software/OS:
'libntlm' package(s) on Mageia 7.

Solution:
Please install the updated package(s).

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2019-17455
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YZ5YWYNOJ5HMCKAHWLTY4MXZQWJJCBI7/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3BVFO3OVJPMSGIXBKNOCVOJZ3UTGZQF5/
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=942145
https://gitlab.com/jas/libntlm/issues/2
https://lists.debian.org/debian-lts-announce/2020/05/msg00010.html
https://lists.debian.org/debian-lts-announce/2021/11/msg00026.html
SuSE Security Announcement: openSUSE-SU-2020:0806 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00032.html
SuSE Security Announcement: openSUSE-SU-2020:0816 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00029.html

Copyright Copyright (C) 2022 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.1.10.2020.0219
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2020-0219)
Resumen:	The remote host is missing an update for the 'libntlm' package(s) announced via the MGASA-2020-0219 advisory.
Descripción:	Summary: The remote host is missing an update for the 'libntlm' package(s) announced via the MGASA-2020-0219 advisory. Vulnerability Insight: Updated libntlm packages fix security vulnerability: It was discovered that libntlm through 1.5 relies on a fixed buffer size for tSmbNtlmAuthRequest, tSmbNtlmAuthChallenge, and tSmbNtlmAuthResponse read and write operations, as demonstrated by a stack-based buffer over-read in buildSmbNtlmAuthRequest in smbutil.c for a crafted NTLM request (CVE-2019-17455). Affected Software/OS: 'libntlm' package(s) on Mageia 7. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2019-17455 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YZ5YWYNOJ5HMCKAHWLTY4MXZQWJJCBI7/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3BVFO3OVJPMSGIXBKNOCVOJZ3UTGZQF5/ https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=942145 https://gitlab.com/jas/libntlm/issues/2 https://lists.debian.org/debian-lts-announce/2020/05/msg00010.html https://lists.debian.org/debian-lts-announce/2021/11/msg00026.html SuSE Security Announcement: openSUSE-SU-2020:0806 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00032.html SuSE Security Announcement: openSUSE-SU-2020:0816 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00029.html
Copyright	Copyright (C) 2022 Greenbone AG