Test ID:	1.3.6.1.4.1.25623.1.0.50826
Category:	Mandrake Local Security Checks
Title:	Mandrake Security Advisory MDKSA-2002:050 (glibc)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing an update to glibc announced via advisory MDKSA-2002:050. A buffer overflow vulnerability was found in the way that the glibc resolver handles the resolution of network names and addresses via DNS in glibc versions 2.2.5 and earlier. Only systems using the dns entry in the networks database in /etc/nsswitch.conf are vulnerable to this issue. By default, Mandrake Linux has this database set to files and is not vulnerable. Likewise, a similar bug is in the glibc-compat packages which provide compatability for programs compiled against 2.0.x versions of glibc. Affected versions: 7.1, 7.2, 8.0, 8.1, 8.2, Corporate Server 1.0.1, Single Network Firewall 7.2 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. http://www.securityspace.com/smysecure/catid.html?in=MDKSA-2002:050 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0684 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0651 Risk factor : High CVSS Score: 7.5
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2002-0684 Bugtraq: 20020704 Re: Remote buffer overflow in resolver code of libc (Google Search) http://marc.info/?l=bugtraq&m=102581482511612&w=2 http://www.cert.org/advisories/CA-2002-19.html CERT/CC vulnerability note: VU#542971 http://www.kb.cert.org/vuls/id/542971 Conectiva Linux advisory: CLSA-2002:507 http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000507 http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-050.php RedHat Security Advisories: RHSA-2002:139 http://rhn.redhat.com/errata/RHSA-2002-139.html SuSE Security Announcement: SuSE-SA:2002:026 (Google Search) Common Vulnerability Exposure (CVE) ID: CVE-2002-0651 AIX APAR: IY32719 http://archives.neohapsis.com/archives/aix/2002-q3/0001.html AIX APAR: IY32746 BugTraq ID: 5100 http://www.securityfocus.com/bid/5100 Bugtraq: 20020626 Remote buffer overflow in resolver code of libc (Google Search) http://marc.info/?l=bugtraq&m=102513011311504&w=2 Bugtraq: 20020704 [OpenPKG-SA-2002.006] OpenPKG Security Advisory (bind) (Google Search) http://marc.info/?l=bugtraq&m=102579743329251&w=2 Caldera Security Advisory: CSSA-2002-SCO.37 ftp://ftp.caldera.com/pub/updates/UnixWare/CSSA-2002-SCO.37 Caldera Security Advisory: CSSA-2002-SCO.39 ftp://ftp.caldera.com/pub/updates/OpenServer/CSSA-2002-SCO.39 CERT/CC vulnerability note: VU#803539 http://www.kb.cert.org/vuls/id/803539 En Garde Linux Advisory: ESA-20020724-018 http://archives.neohapsis.com/archives/linux/engarde/2002-q3/0002.html FreeBSD Security Advisory: FreeBSD-SA-02:28 http://marc.info/?l=bugtraq&m=102520962320134&w=2 http://frontal2.mandriva.com/security/advisories?name=MDKSA-2002:038 http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-043.php http://www.pine.nl/advisories/pine-cert-20020601.txt NETBSD Security Advisory: NetBSD-SA2002-006 ftp://ftp.NetBSD.ORG/pub/NetBSD/security/advisories/NetBSD-SA2002-006.txt.asc http://archives.neohapsis.com/archives/ntbugtraq/2002-q3/0000.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4190 http://www.redhat.com/support/errata/RHSA-2002-119.html http://www.redhat.com/support/errata/RHSA-2002-133.html http://www.redhat.com/support/errata/RHSA-2002-167.html http://www.redhat.com/support/errata/RHSA-2003-154.html SGI Security Advisory: 20020701-01-I ftp://patches.sgi.com/support/free/security/advisories/20020701-01-I/ http://www.iss.net/security_center/static/9432.php
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.