Test ID:	1.3.6.1.4.1.25623.1.0.53408
Category:	Debian Local Security Checks
Title:	Debian Security Advisory DSA 146-2 (dietlibc)
Summary:	The remote host is missing an update to dietlibc;announced via advisory DSA 146-2.
Description:	Summary: The remote host is missing an update to dietlibc announced via advisory DSA 146-2. Vulnerability Insight: The upstream author of dietlibc, Felix von Leitner, discovered a potential division by zero chance in the fwrite and calloc integer overflow checks, which are fixed in the version below. The new version includes fixes from DSA 146-1. For completeness we enclose the text of the other advisory: An integer overflow bug has been discovered in the RPC library used by dietlibc, a libc optimized for small size, which is derived from the SunRPC library. This bug could be exploited to gain unauthorized root access to software linking to this code. The packages below also fix integer overflows in the calloc, fread and fwrite code. They are also more strict regarding hostile DNS packets that could lead to a vulnerability otherwise. This problem has been fixed in version 0.12-2.4 for the current stable distribution (woody) and in version 0.20-0cvs20020808 for the unstable distribution (sid). Debian 2.2 (potato) is not affected since it doesn't contain dietlibc packages. Solution: We recommend that you upgrade your dietlibc packages immediately. CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2002-0391 AIX APAR: IY34194 http://archives.neohapsis.com/archives/aix/2002-q4/0002.html BugTraq ID: 5356 http://www.securityfocus.com/bid/5356 Bugtraq: 20020731 Remote Buffer Overflow Vulnerability in Sun RPC (Google Search) http://marc.info/?l=bugtraq&m=102813809232532&w=2 Bugtraq: 20020801 RPC analysis (Google Search) http://marc.info/?l=bugtraq&m=102821785316087&w=2 Bugtraq: 20020802 MITKRB5-SA-2002-001: Remote root vulnerability in MIT krb5 admin (Google Search) http://marc.info/?l=bugtraq&m=102831443208382&w=2 Bugtraq: 20020802 kerberos rpc xdr_array (Google Search) http://online.securityfocus.com/archive/1/285740 Bugtraq: 20020803 OpenAFS Security Advisory 2002-001: Remote root vulnerability in OpenAFS servers (Google Search) http://archives.neohapsis.com/archives/bugtraq/2002-07/0514.html Bugtraq: 20020909 GLSA: glibc (Google Search) http://marc.info/?l=bugtraq&m=103158632831416&w=2 Caldera Security Advisory: CSSA-2002-055.0 ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-055.0.txt http://www.cert.org/advisories/CA-2002-25.html CERT/CC vulnerability note: VU#192995 http://www.kb.cert.org/vuls/id/192995 Conectiva Linux advisory: CLA-2002:515 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000515 Conectiva Linux advisory: CLA-2002:535 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000535 Debian Security Information: DSA-142 (Google Search) http://www.debian.org/security/2002/dsa-142 Debian Security Information: DSA-143 (Google Search) http://www.debian.org/security/2002/dsa-143 Debian Security Information: DSA-146 (Google Search) http://www.debian.org/security/2002/dsa-146 Debian Security Information: DSA-149 (Google Search) http://www.debian.org/security/2002/dsa-149 Debian Security Information: DSA-333 (Google Search) http://www.debian.org/security/2003/dsa-333 En Garde Linux Advisory: ESA-20021003-021 http://www.linuxsecurity.com/advisories/other_advisory-2399.html FreeBSD Security Advisory: FreeBSD-SA-02:34.rpc http://marc.info/?l=bugtraq&m=102821928418261&w=2 HPdes Security Advisory: HPSBTL0208-061 http://online.securityfocus.com/advisories/4402 HPdes Security Advisory: HPSBUX0209-215 http://archives.neohapsis.com/archives/hp/2002-q3/0077.html ISS Security Advisory: 20020731 Remote Buffer Overflow Vulnerability in Sun RPC http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=20823 http://www.mandrakesoft.com/security/advisories?name=MDKSA-2002:057 Microsoft Security Bulletin: MS02-057 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-057 NETBSD Security Advisory: NetBSD-SA2002-011 ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-011.txt.asc https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A42 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4728 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9 RedHat Security Advisories: RHSA-2002:166 http://rhn.redhat.com/errata/RHSA-2002-166.html http://www.redhat.com/support/errata/RHSA-2002-167.html RedHat Security Advisories: RHSA-2002:172 http://rhn.redhat.com/errata/RHSA-2002-172.html http://www.redhat.com/support/errata/RHSA-2002-173.html http://www.redhat.com/support/errata/RHSA-2003-168.html http://www.redhat.com/support/errata/RHSA-2003-212.html SGI Security Advisory: 20020801-01-A ftp://patches.sgi.com/support/free/security/advisories/20020801-01-A SGI Security Advisory: 20020801-01-P ftp://patches.sgi.com/support/free/security/advisories/20020801-01-P SuSE Security Announcement: SuSE-SA:2002:031 (Google Search) http://www.iss.net/security_center/static/9170.php
Copyright	Copyright (C) 2008 E-Soft Inc.

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.