ID de Prueba:	1.3.6.1.4.1.25623.1.0.56590
Categoría:	Mandrake Local Security Checks
Título:	Mandrake Security Advisory MDKSA-2006:025 (net-snmp)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to net-snmp announced via advisory MDKSA-2006:025. The fixproc application in Net-SNMP creates temporary files with predictable file names which could allow a malicious local attacker to change the contents of the temporary file by exploiting a race condition, which could possibly lead to the execution of arbitrary code. As well, a local attacker could create symbolic links in the /tmp directory that point to a valid file that would then be overwritten when fixproc is executed (CVE-2005-1740). A remote Denial of Service vulnerability was also discovered in the SNMP library that could be exploited by a malicious SNMP server to crash the agent, if the agent uses TCP sockets for communication (CVE-2005-2177). The updated packages have been patched to correct these problems. Affected: 10.1, 10.2, Corporate 3.0, Multi Network Firewall 2.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. https://secure1.securityspace.com/smysecure/catid.html?in=MDKSA-2006:025 Risk factor : Critical CVSS Score: 10.0
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2005-1740 BugTraq ID: 13715 http://www.securityfocus.com/bid/13715 http://security.gentoo.org/glsa/glsa-200505-18.xml http://www.mandriva.com/security/advisories?name=MDKSA-2006:025 http://www.zataz.net/adviso/net-snmp-05182005.txt http://www.osvdb.org/16778 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11659 http://www.redhat.com/support/errata/RHSA-2005-373.html http://www.redhat.com/support/errata/RHSA-2005-395.html http://securitytracker.com/id?1014039 http://secunia.com/advisories/15471 http://secunia.com/advisories/16999 http://secunia.com/advisories/17135 http://secunia.com/advisories/18635 http://www.vupen.com/english/advisories/2005/0598 Common Vulnerability Exposure (CVE) ID: CVE-2005-2177 BugTraq ID: 14168 http://www.securityfocus.com/bid/14168 BugTraq ID: 21256 http://www.securityfocus.com/bid/21256 Bugtraq: 20061113 VMSA-2006-0005 - VMware ESX Server 2.5.4 Upgrade Patch 1 (Google Search) http://www.securityfocus.com/archive/1/451419/100/200/threaded Bugtraq: 20061113 VMSA-2006-0006 - VMware ESX Server 2.5.3 Upgrade Patch 4 (Google Search) http://www.securityfocus.com/archive/1/451404/100/0/threaded Bugtraq: 20061113 VMSA-2006-0007 - VMware ESX Server 2.1.3 Upgrade Patch 2 (Google Search) http://www.securityfocus.com/archive/1/451417/100/200/threaded Bugtraq: 20061113 VMSA-2006-0008 - VMware ESX Server 2.0.2 Upgrade Patch 2 (Google Search) http://www.securityfocus.com/archive/1/451426/100/200/threaded Debian Security Information: DSA-873 (Google Search) http://www.debian.org/security/2005/dsa-873 http://www.net-snmp.org/about/ChangeLog.html http://sourceforge.net/mailarchive/forum.php?thread_id=7659656&forum_id=12455 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9986 http://www.redhat.com/support/errata/RHSA-2005-720.html http://securitytracker.com/id?1017273 http://secunia.com/advisories/15930 http://secunia.com/advisories/17007 http://secunia.com/advisories/17217 http://secunia.com/advisories/17282 http://secunia.com/advisories/17343 http://secunia.com/advisories/22875 http://secunia.com/advisories/23058 http://secunia.com/advisories/25373 http://secunia.com/advisories/25432 http://secunia.com/advisories/25787 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102725-1 SuSE Security Announcement: SUSE-SR:2005:024 (Google Search) http://www.novell.com/linux/security/advisories/2005_24_sr.html SuSE Security Announcement: SUSE-SR:2007:012 (Google Search) http://www.novell.com/linux/security/advisories/2007_12_sr.html SuSE Security Announcement: SUSE-SR:2007:013 (Google Search) http://www.novell.com/linux/security/advisories/2007_13_sr.html http://www.trustix.org/errata/2005/0034/ http://www.ubuntu.com/usn/usn-190-1 http://www.vupen.com/english/advisories/2006/4502 http://www.vupen.com/english/advisories/2006/4677 http://www.vupen.com/english/advisories/2007/1883
Copyright	Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.