Test ID:	1.3.6.1.4.1.25623.1.0.52046
Category:	Red Hat Local Security Checks
Title:	RedHat Security Advisory RHSA-2005:212
Summary:	NOSUMMARY
Description:	Description: The remote host is missing updates announced in advisory RHSA-2005:212. The dhcp package provides the ISC Dynamic Host Configuration Protocol (DHCP) server and relay agent, dhcpd. DHCP is a protocol that allows devices to get their own network configuration information from a server. A bug was found in the way dhcpd logs error messages. A malicious DNS server could send a carefully crafted DNS reply and cause dhcpd to crash or possibly execute arbitrary code. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0446 to this issue. All users of dhcp should upgrade to this updated package, which contains a backported patch and is not vulnerable to this issue. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2005-212.html Risk factor : Critical CVSS Score: 10.0
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2004-1006 BugTraq ID: 11591 http://www.securityfocus.com/bid/11591 Bugtraq: 20041025 debian dhcpd, old format string bug (Google Search) http://archives.neohapsis.com/archives/bugtraq/2004-10/0287.html Bugtraq: 20041105 Re: debian dhcpd, old format string bug (Google Search) http://archives.neohapsis.com/archives/bugtraq/2004-11/0037.html http://marc.info/?l=bugtraq&m=109968710822449&w=2 CERT/CC vulnerability note: VU#448384 http://www.kb.cert.org/vuls/id/448384 Debian Security Information: DSA-584 (Google Search) http://www.debian.org/security/2004/dsa-584 http://www.redhat.com/support/errata/RHSA-2005-212.html XForce ISS Database: dhcp-log-format-string(17963) https://exchange.xforce.ibmcloud.com/vulnerabilities/17963 Common Vulnerability Exposure (CVE) ID: CVE-2005-0446 BugTraq ID: 12551 http://www.securityfocus.com/bid/12551 Bugtraq: 20050221 [USN-84-1] Squid vulnerabilities (Google Search) http://marc.info/?l=bugtraq&m=110901183320453&w=2 Conectiva Linux advisory: CLA-2005:931 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000931 Debian Security Information: DSA-688 (Google Search) http://www.debian.org/security/2005/dsa-688 http://fedoranews.org/updates/FEDORA--.shtml http://www.gentoo.org/security/en/glsa/glsa-200502-25.xml http://www.mandriva.com/security/advisories?name=MDKSA-2005:047 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11264 http://www.redhat.com/support/errata/RHSA-2005-173.html http://www.redhat.com/support/errata/RHSA-2005-201.html http://secunia.com/advisories/14271 XForce ISS Database: squid-xstrndup-dos(19332) https://exchange.xforce.ibmcloud.com/vulnerabilities/19332
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.