ID de Prueba:	1.3.6.1.4.1.25623.1.1.10.2020.0315
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2020-0315)
Resumen:	The remote host is missing an update for the 'mumble' package(s) announced via the MGASA-2020-0315 advisory.
Descripción:	Summary: The remote host is missing an update for the 'mumble' package(s) announced via the MGASA-2020-0315 advisory. Vulnerability Insight: Updated mumble package fixes security vulnerability: OCB2 is known to be broken under certain conditions: [link moved to references] To execute the universal attacks described in the paper, an attacker needs access to an encryption oracle that allows it to perform encryption queries with attacker-chosen nonce. Luckily in Mumble the encryption nonce is a fixed counter which is far too restrictive for the universal attacks to be feasible against Mumble. The basic attacks do not require an attacker-chosen nonce and as such are more applicable to Mumble. They are however of limited use and do require an en- and a decryption oracle which Mumble seemingly does not provide at the same time. To be on the safe side, this commit implements the counter-cryptanalysis measure described in the paper in section 9 for the sender and receiver side. This way if either server of client are patched, their communication is almost certainly (merely lacking formal proof) not susceptible to the attacks described in the paper. Fixed: Potential exploit in the OCB2 encryption (#4227) Affected Software/OS: 'mumble' package(s) on Mageia 7. Solution: Please install the updated package(s). CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Copyright	Copyright (C) 2022 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.