 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.0.51395 |
| Category: | Conectiva Local Security Checks |
| Title: | Conectiva Security Advisory CLA-2003:567 |
| Summary: | NOSUMMARY |
| Description: | Description: The remote host is missing updates announced in advisory CLA-2003:567. The mcrypt package contains libmcrypt, a decryption and encryption library with support for various algorithms. Ilia Alshanetsky found[1] several buffer overflows vulnerabilities[2] in libmcrypt. These vulnerabilities basically consist of improper or lack of validation for some input (which in some scenarios can came from a local user or from a network connection). Another vulnerability[3] exists in the way libmcrypt loads algorithms via libtool. When different algorithms are loaded dynamically a small part of memory is leaked. In a persistant environment, an attacker can exhaust all available memory by launching repeated requests to an application that utilizes the mcrypt library. These vulnerabilites are fixed in libmcrypt version 2.5.5, and the changes were backported to mcrypt-2.4.9 in Conectiva Linux 7.0 and mcrypt-2.4.18 in Conectiva Linux 8. Conectiva Linux 6.0 does not ship the mcrypt package. Solution: The apt tool can be used to perform RPM package upgrades by running 'apt-get update' followed by 'apt-get upgrade' http://marc.theaimsgroup.com/?l=bugtraq&m=104162752401212&w=2 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0031 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0032 http://www.securityspace.com/smysecure/catid.html?in=CLA-2003:567 http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=002003 Risk factor : High CVSS Score: 7.5 |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2003-0031 BugTraq ID: 6510 http://www.securityfocus.com/bid/6510 Bugtraq: 20030103 Multiple libmcrypt vulnerabilities (Google Search) http://marc.info/?l=bugtraq&m=104162752401212&w=2 Bugtraq: 20030105 GLSA: libmcrypt (Google Search) http://marc.info/?l=bugtraq&m=104188513728573&w=2 Conectiva Linux advisory: CLA-2003:567 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000567 Debian Security Information: DSA-228 (Google Search) http://www.debian.org/security/2003/dsa-228 http://www.securitytracker.com/id?1006181 SuSE Security Announcement: SuSE-SA:2003:0010 (Google Search) Common Vulnerability Exposure (CVE) ID: CVE-2003-0032 BugTraq ID: 6512 http://www.securityfocus.com/bid/6512 http://www.iss.net/security_center/static/10988.php |
| Copyright | Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com |
| This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |