Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.50371
Category:Fedora Local Security Checks
Title:Fedora Core 2 FEDORA-2004-154 (net-tools)
Summary:NOSUMMARY
Description:Description:

The remote host is missing an update to net-tools
announced via advisory FEDORA-2004-154.

The net-tools package contains basic networking tools, including
ifconfig, netstat, route, and others.

The code in netlink.c is based in part on the code of iproute. It
was not updated when CVE-2003-0856 was announced. The code in
question is within the netlink_listen & netlink_receive_dump
functions. They should both check the source of the packets by
looking at nl_pid and ensuring that it is 0 before performing
any reconfiguration of network interfaces.

These updated packages now contain the latest netplug daemon which fixes
that problem. All users of netplug are strongly encouraged to upgrade to
these new packages.

This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/

4d37c3c4484a9d0efe3a3f726072454a SRPMS/net-tools-1.60-25.1.src.rpm
caa17b1b3a8a9639afdf2483068e0f12 i386/net-tools-1.60-25.1.i386.rpm
6b9bc4fd68b8c4d9f11403f4f10b9e6e i386/debug/net-tools-debuginfo-1.60-25.1.i386.rpm
1a9523abb0871c1c173d3c1c8ec297a1 x86_64/net-tools-1.60-25.1.x86_64.rpm
a1fce7c6d5a0eed37d825f70f89ec53c x86_64/debug/net-tools-debuginfo-1.60-25.1.x86_64.rpm

This update can also be installed with the Update Agent
you can
launch the Update Agent with the 'up2date' command.

Solution: Apply the appropriate updates.
http://www.fedoranews.org/updates/FEDORA-2004-154.shtml

Risk factor : Medium

CVSS Score:
4.9

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2003-0856
Debian Security Information: DSA-492 (Google Search)
http://www.debian.org/security/2004/dsa-492
http://www.redhat.com/archives/fedora-announce-list/2004-May/msg00004.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10912
http://www.redhat.com/support/errata/RHSA-2003-316.html
http://www.redhat.com/support/errata/RHSA-2003-317.html
SuSE Security Announcement: SUSE-SR:2005:001 (Google Search)
http://www.novell.com/linux/security/advisories/2005_01_sr.html
CopyrightCopyright (c) 2005 E-Soft Inc. http://www.securityspace.com

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2022 E-Soft Inc. All rights reserved.