Test ID:	1.3.6.1.4.1.25623.1.0.53404
Category:	Debian Local Security Checks
Title:	Debian: Security Advisory (DSA-142)
Summary:	The remote host is missing an update for the Debian 'openafs' package(s) announced via the DSA-142 advisory.
Description:	Summary: The remote host is missing an update for the Debian 'openafs' package(s) announced via the DSA-142 advisory. Vulnerability Insight: An integer overflow bug has been discovered in the RPC library used by the OpenAFS database server, which is derived from the SunRPC library. This bug could be exploited to crash certain OpenAFS servers (volserver, vlserver, ptserver, buserver) or to obtain unauthorized root access to a host running one of these processes. No exploits are known to exist yet. This problem has been fixed in version 1.2.3final2-6 for the current stable distribution (woody) and in version 1.2.6-1 for the unstable distribution (sid). Debian 2.2 (potato) is not affected since it doesn't contain OpenAFS packages. OpenAFS is only available for the architectures alpha, i386, powerpc, s390, sparc. Hence, we only provide fixed packages for these architectures. We recommend that you upgrade your openafs packages. Affected Software/OS: 'openafs' package(s) on Debian 3.0. Solution: Please install the updated package(s). CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2002-0391 AIX APAR: IY34194 http://archives.neohapsis.com/archives/aix/2002-q4/0002.html BugTraq ID: 5356 http://www.securityfocus.com/bid/5356 Bugtraq: 20020731 Remote Buffer Overflow Vulnerability in Sun RPC (Google Search) http://marc.info/?l=bugtraq&m=102813809232532&w=2 Bugtraq: 20020801 RPC analysis (Google Search) http://marc.info/?l=bugtraq&m=102821785316087&w=2 Bugtraq: 20020802 MITKRB5-SA-2002-001: Remote root vulnerability in MIT krb5 admin (Google Search) http://marc.info/?l=bugtraq&m=102831443208382&w=2 Bugtraq: 20020802 kerberos rpc xdr_array (Google Search) http://online.securityfocus.com/archive/1/285740 Bugtraq: 20020803 OpenAFS Security Advisory 2002-001: Remote root vulnerability in OpenAFS servers (Google Search) http://archives.neohapsis.com/archives/bugtraq/2002-07/0514.html Bugtraq: 20020909 GLSA: glibc (Google Search) http://marc.info/?l=bugtraq&m=103158632831416&w=2 Caldera Security Advisory: CSSA-2002-055.0 ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-055.0.txt http://www.cert.org/advisories/CA-2002-25.html CERT/CC vulnerability note: VU#192995 http://www.kb.cert.org/vuls/id/192995 Conectiva Linux advisory: CLA-2002:515 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000515 Conectiva Linux advisory: CLA-2002:535 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000535 Debian Security Information: DSA-142 (Google Search) http://www.debian.org/security/2002/dsa-142 Debian Security Information: DSA-143 (Google Search) http://www.debian.org/security/2002/dsa-143 Debian Security Information: DSA-146 (Google Search) http://www.debian.org/security/2002/dsa-146 Debian Security Information: DSA-149 (Google Search) http://www.debian.org/security/2002/dsa-149 Debian Security Information: DSA-333 (Google Search) http://www.debian.org/security/2003/dsa-333 En Garde Linux Advisory: ESA-20021003-021 http://www.linuxsecurity.com/advisories/other_advisory-2399.html FreeBSD Security Advisory: FreeBSD-SA-02:34.rpc http://marc.info/?l=bugtraq&m=102821928418261&w=2 HPdes Security Advisory: HPSBTL0208-061 http://online.securityfocus.com/advisories/4402 HPdes Security Advisory: HPSBUX0209-215 http://archives.neohapsis.com/archives/hp/2002-q3/0077.html ISS Security Advisory: 20020731 Remote Buffer Overflow Vulnerability in Sun RPC http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=20823 http://www.mandrakesoft.com/security/advisories?name=MDKSA-2002:057 Microsoft Security Bulletin: MS02-057 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-057 NETBSD Security Advisory: NetBSD-SA2002-011 ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-011.txt.asc https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A42 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4728 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9 RedHat Security Advisories: RHSA-2002:166 http://rhn.redhat.com/errata/RHSA-2002-166.html http://www.redhat.com/support/errata/RHSA-2002-167.html RedHat Security Advisories: RHSA-2002:172 http://rhn.redhat.com/errata/RHSA-2002-172.html http://www.redhat.com/support/errata/RHSA-2002-173.html http://www.redhat.com/support/errata/RHSA-2003-168.html http://www.redhat.com/support/errata/RHSA-2003-212.html SGI Security Advisory: 20020801-01-A ftp://patches.sgi.com/support/free/security/advisories/20020801-01-A SGI Security Advisory: 20020801-01-P ftp://patches.sgi.com/support/free/security/advisories/20020801-01-P SuSE Security Announcement: SuSE-SA:2002:031 (Google Search) http://www.iss.net/security_center/static/9170.php
Copyright	Copyright (C) 2008 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.