Conectiva Local Security Checks : Conectiva Security Advisory CLA-2002:483

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.51515

Categoría: Conectiva Local Security Checks

Título: Conectiva Security Advisory CLA-2002:483

Resumen: NOSUMMARY

Descripción: Description:

The remote host is missing updates announced in
advisory CLA-2002:483.

dhcp is a Dynamic Host Configuration Protocol Server and Client.

Versions ranging from 3 to 3.0.1rc8 (inclusive) have a format string
vulnerability[1] that could be exploited remotely. Considering the
usage of the DHCP service, this usually means the local area network
in this case.

By default, these versions of DHCP are compiled with the dns update
feature enabled. This feature allows the DHCP service to update dns
records. The code in DHCP that logs this update has a format string
vulnerability that could be exploited, since the update message
contains data provided by the attacker, such as a hostname. A
successful exploitation would give an attacker the same privileges
the DHCP daemon has, tipically root.

This vulnerability was discovered and researched by Fermín J. Serna
from Next Generation Security Technologies[2] and
published in coordination with CERT.

Solution:
The apt tool can be used to perform RPM package upgrades
by running 'apt-get update' followed by 'apt-get upgrade'

https://secure1.securityspace.com/smysecure/catid.html?in=CLA-2002:483
http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=002002

Risk factor : High

Copyright Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.51515
Categoría:	Conectiva Local Security Checks
Título:	Conectiva Security Advisory CLA-2002:483
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory CLA-2002:483. dhcp is a Dynamic Host Configuration Protocol Server and Client. Versions ranging from 3 to 3.0.1rc8 (inclusive) have a format string vulnerability[1] that could be exploited remotely. Considering the usage of the DHCP service, this usually means the local area network in this case. By default, these versions of DHCP are compiled with the dns update feature enabled. This feature allows the DHCP service to update dns records. The code in DHCP that logs this update has a format string vulnerability that could be exploited, since the update message contains data provided by the attacker, such as a hostname. A successful exploitation would give an attacker the same privileges the DHCP daemon has, tipically root. This vulnerability was discovered and researched by Fermín J. Serna from Next Generation Security Technologies[2] and published in coordination with CERT. Solution: The apt tool can be used to perform RPM package upgrades by running 'apt-get update' followed by 'apt-get upgrade' https://secure1.securityspace.com/smysecure/catid.html?in=CLA-2002:483 http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=002002 Risk factor : High
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com