English | Deutsch | Español | Português
 UserID:
 Passwd:
 new user
 About:   Dedicated  | Advanced  | Standard  | Recurring  | No Risk  | Desktop  | Basic  | Single  | Security Seal  | FAQ
  Price/Feature Summary  | Order  | New Vulnerabilities  | Confidentiality  | Vulnerability Search
 Vulnerability   
Search   		     Search 61204 CVE descriptions
and 32582 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.61502
Category:Ubuntu Local Security Checks
Title:Ubuntu USN-627-1 (dnsmasq)
Summary:Ubuntu USN-627-1 (dnsmasq)
Description:
The remote host is missing an update to dnsmasq
announced via advisory USN-627-1.

A security issue affects the following Ubuntu releases:

Ubuntu 8.04 LTS

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

Details follow:

Dan Kaminsky discovered weaknesses in the DNS protocol as implemented
by Dnsmasq. A remote attacker could exploit this to spoof DNS entries
and poison DNS caches. Among other things, this could lead to
misdirected email and web traffic.

Solution:
The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 8.04 LTS:
dnsmasq-base 2.41-2ubuntu2.1

After a standard system upgrade you need to restart Dnsmasq to effect
the necessary changes.

http://www.securityspace.com/smysecure/catid.html?in=USN-627-1

Risk factor : High
Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2008-1447
Bugtraq: 20080830 VMSA-2008-0014 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX address information disclosure, privilege escalation and other security issues. (Google Search)
http://www.securityfocus.com/archive/1/archive/1/495869/100/0/threaded
Bugtraq: 20080808 New paper: An Illustrated Guide to the Kaminsky DNS Vulnerability (Google Search)
http://www.securityfocus.com/archive/1/archive/1/495289/100/0/threaded
http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html
http://www.milw0rm.com/exploits/6122
http://www.milw0rm.com/exploits/6123
http://www.milw0rm.com/exploits/6130
http://blog.invisibledenizen.org/2008/07/kaminskys-dns-issue-accidentally-leaked.html
http://www.caughq.org/exploits/CAU-EX-2008-0003.txt
http://www.doxpara.com/?p=1176
http://www.doxpara.com/DMK_BO2K8.ppt
http://www.nominum.com/asset_upload_file741_2661.pdf
http://www.unixwiz.net/techtips/iguide-kaminsky-dns-vuln.html
http://www.caughq.org/exploits/CAU-EX-2008-0002.txt
AIX APAR: IZ26667
http://www.ibm.com/support/docview.wss?uid=isg1IZ26667
AIX APAR: IZ26668
http://www.ibm.com/support/docview.wss?uid=isg1IZ26668
AIX APAR: IZ26669
http://www.ibm.com/support/docview.wss?uid=isg1IZ26669
AIX APAR: IZ26670
http://www.ibm.com/support/docview.wss?uid=isg1IZ26670
AIX APAR: IZ26671
http://www.ibm.com/support/docview.wss?uid=isg1IZ26671
AIX APAR: IZ26672
http://www.ibm.com/support/docview.wss?uid=isg1IZ26672
http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html
http://lists.apple.com/archives/security-announce//2008/Sep/msg00003.html
http://lists.apple.com/archives/security-announce//2008/Sep/msg00004.html
http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html
Cisco Security Advisory: 20080708 Multiple Cisco Products Vulnerable to DNS Cache Poisoning Attacks
http://www.cisco.com/en/US/products/products_security_advisory09186a00809c2168.shtml
Cisco Security Advisory: 20080708 Multiple Cisco Product Vulnerable to DNS Cache Poisoning Attacks
Debian Security Information: DSA-1603 (Google Search)
http://www.debian.org/security/2008/dsa-1603
Debian Security Information: DSA-1604 (Google Search)
http://www.debian.org/security/2008/dsa-1604
Debian Security Information: DSA-1605 (Google Search)
http://www.debian.org/security/2008/dsa-1605
Debian Security Information: DSA-1619 (Google Search)
http://www.debian.org/security/2008/dsa-1619
Debian Security Information: DSA-1623 (Google Search)
http://www.debian.org/security/2008/dsa-1623
https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00402.html
https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00458.html
FreeBSD Security Advisory: FreeBSD-SA-08:06
http://security.freebsd.org/advisories/FreeBSD-SA-08:06.bind.asc
http://security.gentoo.org/glsa/glsa-200807-08.xml
http://security.gentoo.org/glsa/glsa-200812-17.xml
HPdes Security Advisory: HPSBUX02351
http://marc.info/?l=bugtraq&m=121630706004256&w=2
HPdes Security Advisory: SSRT080058
HPdes Security Advisory: HPSBOV02357
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01523520
HPdes Security Advisory: HPSBTU02358
http://marc.info/?l=bugtraq&m=121866517322103&w=2
HPdes Security Advisory: HPSBMP02404
http://marc.info/?l=bugtraq&m=123324863916385&w=2
HPdes Security Advisory: SSRT090014
HPdes Security Advisory: HPSBNS02405
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01662368
HPdes Security Advisory: SSRT071449
http://www.mandriva.com/security/advisories?name=MDVSA-2008:139
Microsoft Security Bulletin: MS08-037
http://www.microsoft.com/technet/security/bulletin/ms08-037.mspx
NETBSD Security Advisory: NetBSD-SA2008-009
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-009.txt.asc
OpenBSD Security Advisory: [4.2] 013: SECURITY FIX: July 23, 2008
http://www.openbsd.org/errata42.html#013_bind
OpenBSD Security Advisory: [4.3] 004: SECURITY FIX: July 23, 2008
http://www.openbsd.org/errata43.html#004_bind
RedHat Security Advisories: RHSA-2008:0533
http://rhn.redhat.com/errata/RHSA-2008-0533.html
http://www.redhat.com/support/errata/RHSA-2008-0789.html
http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.452680
http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.539239
http://sunsolve.sun.com/search/document.do?assetkey=1-26-239392-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-240048-1
SuSE Security Announcement: SUSE-SA:2008:033 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00003.html
SuSE Security Announcement: SUSE-SR:2008:017 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html
http://www.ubuntu.com/usn/usn-622-1
http://www.ubuntu.com/usn/usn-627-1
Cert/CC Advisory: TA08-190B
http://www.us-cert.gov/cas/techalerts/TA08-190B.html
Cert/CC Advisory: TA08-190A
http://www.us-cert.gov/cas/techalerts/TA08-190A.html
Cert/CC Advisory: TA08-260A
http://www.us-cert.gov/cas/techalerts/TA08-260A.html
CERT/CC vulnerability note: VU#800113
http://www.kb.cert.org/vuls/id/800113
BugTraq ID: 30131
http://www.securityfocus.com/bid/30131
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5725
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5761
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5917
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9627
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:12117
http://www.vupen.com/english/advisories/2008/2019/references
http://www.vupen.com/english/advisories/2008/2023/references
http://www.vupen.com/english/advisories/2008/2025/references
http://www.vupen.com/english/advisories/2008/2029/references
http://www.vupen.com/english/advisories/2008/2030/references
http://www.vupen.com/english/advisories/2008/2113/references
http://www.vupen.com/english/advisories/2008/2114/references
http://www.vupen.com/english/advisories/2008/2123/references
http://www.vupen.com/english/advisories/2008/2139/references
http://www.vupen.com/english/advisories/2008/2166/references
http://www.vupen.com/english/advisories/2008/2195/references
http://www.vupen.com/english/advisories/2008/2196/references
http://www.vupen.com/english/advisories/2008/2197/references
http://www.vupen.com/english/advisories/2008/2268
http://www.vupen.com/english/advisories/2008/2291
http://www.vupen.com/english/advisories/2008/2342
http://www.vupen.com/english/advisories/2008/2466
http://www.vupen.com/english/advisories/2008/2467
http://www.vupen.com/english/advisories/2008/2558
http://www.vupen.com/english/advisories/2008/2584
http://www.vupen.com/english/advisories/2008/2525
http://www.vupen.com/english/advisories/2008/2582
http://www.vupen.com/english/advisories/2008/2549
http://www.vupen.com/english/advisories/2008/2050/references
http://www.vupen.com/english/advisories/2008/2051/references
http://www.vupen.com/english/advisories/2008/2052/references
http://www.vupen.com/english/advisories/2008/2055/references
http://www.vupen.com/english/advisories/2008/2092/references
http://www.vupen.com/english/advisories/2008/2384
http://www.vupen.com/english/advisories/2008/2482
http://www.vupen.com/english/advisories/2008/2334
http://www.vupen.com/english/advisories/2008/2377
http://www.vupen.com/english/advisories/2008/2383
http://www.vupen.com/english/advisories/2009/0297
http://www.vupen.com/english/advisories/2009/0311
http://www.securitytracker.com/id?1020438
http://www.securitytracker.com/id?1020440
http://www.securitytracker.com/id?1020437
http://www.securitytracker.com/id?1020558
http://www.securitytracker.com/id?1020560
http://www.securitytracker.com/id?1020561
http://www.securitytracker.com/id?1020575
http://www.securitytracker.com/id?1020576
http://www.securitytracker.com/id?1020577
http://www.securitytracker.com/id?1020578
http://www.securitytracker.com/id?1020579
http://www.securitytracker.com/id?1020802
http://www.securitytracker.com/id?1020651
http://www.securitytracker.com/id?1020653
http://www.securitytracker.com/id?1020448
http://www.securitytracker.com/id?1020449
http://www.securitytracker.com/id?1020548
http://www.securitytracker.com/id?1020702
http://www.securitytracker.com/id?1020804
http://secunia.com/advisories/31019
http://secunia.com/advisories/30925
http://secunia.com/advisories/30973
http://secunia.com/advisories/30977
http://secunia.com/advisories/30979
http://secunia.com/advisories/30980
http://secunia.com/advisories/30988
http://secunia.com/advisories/30989
http://secunia.com/advisories/30998
http://secunia.com/advisories/31011
http://secunia.com/advisories/31014
http://secunia.com/advisories/31031
http://secunia.com/advisories/31052
http://secunia.com/advisories/31033
http://secunia.com/advisories/31094
http://secunia.com/advisories/31072
http://secunia.com/advisories/31093
http://secunia.com/advisories/31143
http://secunia.com/advisories/31137
http://secunia.com/advisories/31151
http://secunia.com/advisories/31152
http://secunia.com/advisories/31153
http://secunia.com/advisories/31169
http://secunia.com/advisories/31209
http://secunia.com/advisories/31212
http://secunia.com/advisories/31199
http://secunia.com/advisories/31197
http://secunia.com/advisories/31213
http://secunia.com/advisories/31221
http://secunia.com/advisories/31207
http://secunia.com/advisories/31236
http://secunia.com/advisories/31254
http://secunia.com/advisories/31204
http://secunia.com/advisories/31326
http://secunia.com/advisories/31237
http://secunia.com/advisories/31354
http://secunia.com/advisories/31451
http://secunia.com/advisories/31588
http://secunia.com/advisories/31687
http://secunia.com/advisories/31900
http://secunia.com/advisories/31882
http://secunia.com/advisories/31823
http://secunia.com/advisories/31422
http://secunia.com/advisories/31012
http://secunia.com/advisories/31022
http://secunia.com/advisories/31030
http://secunia.com/advisories/31065
http://secunia.com/advisories/33178
http://secunia.com/advisories/31430
http://secunia.com/advisories/31482
http://secunia.com/advisories/31495
http://secunia.com/advisories/33714
http://secunia.com/advisories/33786
http://www.vupen.com/english/advisories/2010/0622
XForce ISS Database: win-dns-client-server-spoofing(43334)
http://xforce.iss.net/xforce/xfdb/43334
XForce ISS Database: cisco-multiple-dns-cache-poisoning(43637)
http://xforce.iss.net/xforce/xfdb/43637
CopyrightCopyright (c) 2008 E-Soft Inc. http://www.securityspace.com

This is only one of 32582 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

New User Registration
Email:
UserID:
Passwd:
Please email me your monthly newsletters, informing the latest services, improvements & surveys.
Please email me a vulnerability test announcement whenever a new test is added.
   Privacy
Registered User Login
 
UserID:   
Passwd:  
 Forgot userid or passwd?
Email/Userid:



Home | About Us | Contact Us | Partner Programs | Privacy | Mailing Lists | Abuse
Security Audits | Managed DNS | Network Monitoring | Site Analyzer | Internet Research Reports
Web Probe | Whois

© 1998-2013 E-Soft Inc. All rights reserved.