Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.53408
Category:Debian Local Security Checks
Title:Debian Security Advisory DSA 146-2 (dietlibc)
Summary:NOSUMMARY
Description:Description:
The remote host is missing an update to dietlibc
announced via advisory DSA 146-2.

The upstream author of dietlibc, Felix von Leitner, discovered a
potential division by zero chance in the fwrite and calloc integer
overflow checks, which are fixed in the version below.

The new version includes fixes from DSA 146-1. For completness we
enclose the text of the other advisory:

An integer overflow bug has been discovered in the RPC library
used by dietlibc, a libc optimized for small size, which is
derived from the SunRPC library. This bug could be exploited to
gain unauthorized root access to software linking to this code.
The packages below also fix integer overflows in the calloc, fread
and fwrite code. They are also more strict regarding hostile DNS
packets that could lead to a vulnerability otherwise.

This problem has been fixed in version 0.12-2.4 for the current stable
distribution (woody) and in version 0.20-0cvs20020808 for the unstable
distribution (sid). Debian 2.2 (potato) is not affected since it
doesn't contain dietlibc packages.

We recommend that you upgrade your dietlibc packages immediately.


Solution:
http://www.securityspace.com/smysecure/catid.html?in=DSA%20146-2

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Cross-Ref: BugTraq ID: 5356
Common Vulnerability Exposure (CVE) ID: CVE-2002-0391
AIX APAR: IY34194
http://archives.neohapsis.com/archives/aix/2002-q4/0002.html
http://www.securityfocus.com/bid/5356
Bugtraq: 20020731 Remote Buffer Overflow Vulnerability in Sun RPC (Google Search)
http://marc.info/?l=bugtraq&m=102813809232532&w=2
Bugtraq: 20020801 RPC analysis (Google Search)
http://marc.info/?l=bugtraq&m=102821785316087&w=2
Bugtraq: 20020802 MITKRB5-SA-2002-001: Remote root vulnerability in MIT krb5 admin (Google Search)
http://marc.info/?l=bugtraq&m=102831443208382&w=2
Bugtraq: 20020802 kerberos rpc xdr_array (Google Search)
http://online.securityfocus.com/archive/1/285740
Bugtraq: 20020803 OpenAFS Security Advisory 2002-001: Remote root vulnerability in OpenAFS servers (Google Search)
http://archives.neohapsis.com/archives/bugtraq/2002-07/0514.html
Bugtraq: 20020909 GLSA: glibc (Google Search)
http://marc.info/?l=bugtraq&m=103158632831416&w=2
Caldera Security Advisory: CSSA-2002-055.0
ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-055.0.txt
http://www.cert.org/advisories/CA-2002-25.html
CERT/CC vulnerability note: VU#192995
http://www.kb.cert.org/vuls/id/192995
Conectiva Linux advisory: CLA-2002:515
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000515
Conectiva Linux advisory: CLA-2002:535
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000535
Debian Security Information: DSA-142 (Google Search)
http://www.debian.org/security/2002/dsa-142
Debian Security Information: DSA-143 (Google Search)
http://www.debian.org/security/2002/dsa-143
Debian Security Information: DSA-146 (Google Search)
http://www.debian.org/security/2002/dsa-146
Debian Security Information: DSA-149 (Google Search)
http://www.debian.org/security/2002/dsa-149
Debian Security Information: DSA-333 (Google Search)
http://www.debian.org/security/2003/dsa-333
En Garde Linux Advisory: ESA-20021003-021
http://www.linuxsecurity.com/advisories/other_advisory-2399.html
FreeBSD Security Advisory: FreeBSD-SA-02:34.rpc
http://marc.info/?l=bugtraq&m=102821928418261&w=2
HPdes Security Advisory: HPSBTL0208-061
http://online.securityfocus.com/advisories/4402
HPdes Security Advisory: HPSBUX0209-215
http://archives.neohapsis.com/archives/hp/2002-q3/0077.html
ISS Security Advisory: 20020731 Remote Buffer Overflow Vulnerability in Sun RPC
http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=20823
http://www.mandrakesoft.com/security/advisories?name=MDKSA-2002:057
Microsoft Security Bulletin: MS02-057
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-057
NETBSD Security Advisory: NetBSD-SA2002-011
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-011.txt.asc
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A42
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4728
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9
RedHat Security Advisories: RHSA-2002:166
http://rhn.redhat.com/errata/RHSA-2002-166.html
http://www.redhat.com/support/errata/RHSA-2002-167.html
RedHat Security Advisories: RHSA-2002:172
http://rhn.redhat.com/errata/RHSA-2002-172.html
http://www.redhat.com/support/errata/RHSA-2002-173.html
http://www.redhat.com/support/errata/RHSA-2003-168.html
http://www.redhat.com/support/errata/RHSA-2003-212.html
SGI Security Advisory: 20020801-01-A
ftp://patches.sgi.com/support/free/security/advisories/20020801-01-A
SGI Security Advisory: 20020801-01-P
ftp://patches.sgi.com/support/free/security/advisories/20020801-01-P
SuSE Security Announcement: SuSE-SA:2002:031 (Google Search)
http://www.iss.net/security_center/static/9170.php
CopyrightCopyright (c) 2005 E-Soft Inc. http://www.securityspace.com

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2024 E-Soft Inc. All rights reserved.