Turbolinux Local Security Tests : Turbolinux TLSA-2003-44 (nfs-utils)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.52951

Categoría: Turbolinux Local Security Tests

Título: Turbolinux TLSA-2003-44 (nfs-utils)

Resumen: NOSUMMARY

Descripción: Description:

The remote host is missing an update to nfs-utils
announced via advisory TLSA-2003-44.

The nfs-utils package provides a daemon for the kernel NFS server and related tools.
The logging code in nfs-utils contains an off-by-one buffer overrun
when adding a newline to the string being logged.

This vulnerability may allow an attacker to execute arbitrary code or
cause a denial of service condition by sending certain RPC requests.

Solution: Please use the turbopkg (zabom) tool to apply the update.
https://secure1.securityspace.com/smysecure/catid.html?in=TLSA-2003-44

Risk factor : Critical

CVSS Score:
10.0

Referencia Cruzada: BugTraq ID: 8179
Common Vulnerability Exposure (CVE) ID: CVE-2003-0252
http://www.securityfocus.com/bid/8179
Bugtraq: 20030714 Linux nfs-utils xlog() off-by-one bug (Google Search)
http://marc.info/?l=bugtraq&m=105820223707191&w=2
Bugtraq: 20030715 [slackware-security] nfs-utils packages replaced (SSA:2003-195-01b) (Google Search)
http://marc.info/?l=bugtraq&m=105830921519513&w=2
Bugtraq: 20030716 Immunix Secured OS 7+ nfs-utils update -- bugtraq (Google Search)
http://marc.info/?l=bugtraq&m=105839032403325&w=2
CERT/CC vulnerability note: VU#258564
http://www.kb.cert.org/vuls/id/258564
Debian Security Information: DSA-349 (Google Search)
http://www.debian.org/security/2003/dsa-349
http://www.mandriva.com/security/advisories?name=MDKSA-2003:076
http://isec.pl/vulnerabilities/isec-0010-linux-nfs-utils.txt
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A443
http://www.redhat.com/support/errata/RHSA-2003-206.html
http://www.redhat.com/support/errata/RHSA-2003-207.html
SCO Security Bulletin: CSSA-2003-037.0
http://securitytracker.com/id?1007187
http://secunia.com/advisories/9259
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1001262.1-1
SuSE Security Announcement: SuSE-SA:2003:031 (Google Search)
http://www.novell.com/linux/security/advisories/2003_031_nfs_utils.html
TurboLinux Advisory: TLSA-2003-44
http://www.turbolinux.com/security/TLSA-2003-44.txt
http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0023.html
http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0024.html
XForce ISS Database: nfs-utils-offbyone-bo(12600)
https://exchange.xforce.ibmcloud.com/vulnerabilities/12600

Copyright Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.52951
Categoría:	Turbolinux Local Security Tests
Título:	Turbolinux TLSA-2003-44 (nfs-utils)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to nfs-utils announced via advisory TLSA-2003-44. The nfs-utils package provides a daemon for the kernel NFS server and related tools. The logging code in nfs-utils contains an off-by-one buffer overrun when adding a newline to the string being logged. This vulnerability may allow an attacker to execute arbitrary code or cause a denial of service condition by sending certain RPC requests. Solution: Please use the turbopkg (zabom) tool to apply the update. https://secure1.securityspace.com/smysecure/catid.html?in=TLSA-2003-44 Risk factor : Critical CVSS Score: 10.0
Referencia Cruzada:	BugTraq ID: 8179 Common Vulnerability Exposure (CVE) ID: CVE-2003-0252 http://www.securityfocus.com/bid/8179 Bugtraq: 20030714 Linux nfs-utils xlog() off-by-one bug (Google Search) http://marc.info/?l=bugtraq&m=105820223707191&w=2 Bugtraq: 20030715 [slackware-security] nfs-utils packages replaced (SSA:2003-195-01b) (Google Search) http://marc.info/?l=bugtraq&m=105830921519513&w=2 Bugtraq: 20030716 Immunix Secured OS 7+ nfs-utils update -- bugtraq (Google Search) http://marc.info/?l=bugtraq&m=105839032403325&w=2 CERT/CC vulnerability note: VU#258564 http://www.kb.cert.org/vuls/id/258564 Debian Security Information: DSA-349 (Google Search) http://www.debian.org/security/2003/dsa-349 http://www.mandriva.com/security/advisories?name=MDKSA-2003:076 http://isec.pl/vulnerabilities/isec-0010-linux-nfs-utils.txt https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A443 http://www.redhat.com/support/errata/RHSA-2003-206.html http://www.redhat.com/support/errata/RHSA-2003-207.html SCO Security Bulletin: CSSA-2003-037.0 http://securitytracker.com/id?1007187 http://secunia.com/advisories/9259 http://sunsolve.sun.com/search/document.do?assetkey=1-77-1001262.1-1 SuSE Security Announcement: SuSE-SA:2003:031 (Google Search) http://www.novell.com/linux/security/advisories/2003_031_nfs_utils.html TurboLinux Advisory: TLSA-2003-44 http://www.turbolinux.com/security/TLSA-2003-44.txt http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0023.html http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0024.html XForce ISS Database: nfs-utils-offbyone-bo(12600) https://exchange.xforce.ibmcloud.com/vulnerabilities/12600
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com