 |
Startseite ▼ Bookkeeping
Online ▼ Sicherheits
Überprüfungs ▼
Verwaltetes
DNS ▼
Info
Bestellen/Erneuern
FAQ
AUP
Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password Netzwerk
Überwachung ▼
Enterprise
Erweiterte
Standard
Gratis Test
FAQ
Preis/Funktionszusammenfassung
Bestellen
Beispiele
Konfigurieren/Status Alarm Profile | ||
| Test Kennung: | 1.3.6.1.4.1.25623.1.0.880609 |
| Kategorie: | CentOS Local Security Checks |
| Titel: | CentOS Update for NetworkManager CESA-2010:0616 centos5 i386 |
| Zusammenfassung: | The remote host is missing an update for the 'NetworkManager'; package(s) announced via the referenced advisory. |
| Beschreibung: | Summary: The remote host is missing an update for the 'NetworkManager' package(s) announced via the referenced advisory. Vulnerability Insight: dbus-glib is an add-on library to integrate the standard D-Bus library with the GLib main loop and threading model. NetworkManager is a network link manager that attempts to keep a wired or wireless network connection active at all times. It was discovered that dbus-glib did not enforce the 'access' flag on exported GObject properties. If such a property were read/write internally but specified as read-only externally, a malicious, local user could use this flaw to modify that property of an application. Such a change could impact the application's behavior (for example, if an IP address were changed the network may not come up properly after reboot) and possibly lead to a denial of service. (CVE-2010-1172) Due to the way dbus-glib translates an application's XML definitions of service interfaces and properties into C code at application build time, applications built against dbus-glib that use read-only properties needed to be rebuilt to fully fix the flaw. As such, this update provides NetworkManager packages that have been rebuilt against the updated dbus-glib packages. No other applications shipped with Red Hat Enterprise Linux 5 were affected. All dbus-glib and NetworkManager users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. Running instances of NetworkManager must be restarted (service NetworkManager restart) for this update to take effect. Affected Software/OS: NetworkManager on CentOS 5 Solution: Please install the updated packages. CVSS Score: 3.6 CVSS Vector: AV:L/AC:L/Au:N/C:N/I:P/A:P |
| Querverweis: |
Common Vulnerability Exposure (CVE) ID: CVE-2010-1172 40908 http://secunia.com/advisories/40908 40925 http://secunia.com/advisories/40925 42347 http://www.securityfocus.com/bid/42347 42397 http://secunia.com/advisories/42397 ADV-2010-2063 http://www.vupen.com/english/advisories/2010/2063 ADV-2010-3097 http://www.vupen.com/english/advisories/2010/3097 RHSA-2010:0616 http://www.redhat.com/support/errata/RHSA-2010-0616.html SUSE-SR:2010:019 http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html SUSE-SR:2010:020 http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00001.html SUSE-SR:2010:022 http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00006.html glib-property-security-bypass(61041) https://exchange.xforce.ibmcloud.com/vulnerabilities/61041 http://cgit.freedesktop.org/dbus/dbus-glib/commit/?h=rhel5&id=9a6bce9b615abca6068348c1606ba8eaf13d9ae0 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705 http://support.avaya.com/css/P8/documents/100113103 https://bugzilla.redhat.com/show_bug.cgi?id=585394 |
| Copyright | Copyright (C) 2011 Greenbone AG |
| Dies ist nur einer von 146377 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten. |