ID de Prueba:	1.3.6.1.4.1.25623.1.0.60557
Categoría:	Mandrake Local Security Checks
Título:	Mandrake Security Advisory MDVSA-2008:067 (nagios)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to nagios announced via advisory MDVSA-2008:067. A number of vulnerabities were found in Nagios and Nagios Plugins that are corrected with the latest version of both, as provided in this update, including: A buffer overflow in the redir function in the check_http plugin allowed remote web servers to execute arbitrary code via long Location header responses (CVE-2007-5198). A buffer overflow in the check_snmp plugin allowed remote attackers to cause a denial of service via crafted snmpget replies (CVE-2007-5623). Cross-site scripting vulnerabilities in Nagios allowed remote attackers to inject arbitrary web script or HTML via unknown vectors to unspecified CGI scripts (CVE-2007-5624, CVE-2008-1360). The updated packages provide Nagios 3.0 and Nagios Plugins 1.4.11 which are not vulnerable to these issues, and provide a number of other enhancements and bug fixes. In addition, the packaging has been optimized to reduce the number of extra dependencies that would have to be installed as a result you may have to install extra plugins independantly that were once part of the full nagios-plugins package. Affected: Corporate 4.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. https://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2008:067 Risk factor : High CVSS Score: 6.8
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2007-5198 25952 http://www.securityfocus.com/bid/25952 27124 http://secunia.com/advisories/27124 27362 http://secunia.com/advisories/27362 27609 http://secunia.com/advisories/27609 27965 http://secunia.com/advisories/27965 28930 http://secunia.com/advisories/28930 29862 http://secunia.com/advisories/29862 ADV-2007-3394 http://www.vupen.com/english/advisories/2007/3394 DSA-1495 http://www.debian.org/security/2008/dsa-1495 FEDORA-2008-3061 https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00249.html FEDORA-2008-3098 https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00282.html FEDORA-2008-3146 https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00320.html GLSA-200711-11 http://security.gentoo.org/glsa/glsa-200711-11.xml MDVSA-2008:067 http://www.mandriva.com/security/advisories?name=MDVSA-2008:067 SUSE-SR:2007:025 http://www.novell.com/linux/security/advisories/2007_25_sr.html USN-532-1 http://www.ubuntu.com/usn/usn-532-1 http://bugs.gentoo.org/show_bug.cgi?id=194178 http://sourceforge.net/forum/forum.php?forum_id=740172 http://sourceforge.net/tracker/index.php?func=detail&aid=1687867&group_id=29880&atid=397597 http://sourceforge.net/tracker/index.php?func=detail&aid=1813346&group_id=29880&atid=397597 Common Vulnerability Exposure (CVE) ID: CVE-2007-5623 BugTraq ID: 26215 http://www.securityfocus.com/bid/26215 Debian Security Information: DSA-1495 (Google Search) https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00010.html http://sourceforge.net/tracker/?func=detail&atid=397597&aid=1815362&group_id=29880 http://secunia.com/advisories/27419 http://secunia.com/advisories/27496 SuSE Security Announcement: SUSE-SR:2007:025 (Google Search) SuSE Security Announcement: openSUSE-SU-2019:1702 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00011.html http://www.vupen.com/english/advisories/2007/3629 Common Vulnerability Exposure (CVE) ID: CVE-2007-5624 BugTraq ID: 26152 http://www.securityfocus.com/bid/26152 https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00125.html https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00161.html https://bugzilla.redhat.com/show_bug.cgi?id=362791 https://bugzilla.redhat.com/show_bug.cgi?id=362801 http://secunia.com/advisories/27316 http://secunia.com/advisories/27980 SuSE Security Announcement: SUSE-SR:2008:011 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2008-05/msg00000.html http://www.vupen.com/english/advisories/2007/3567 XForce ISS Database: nagios-cgi-xss(37350) https://exchange.xforce.ibmcloud.com/vulnerabilities/37350 Common Vulnerability Exposure (CVE) ID: CVE-2008-1360 BugTraq ID: 28250 http://www.securityfocus.com/bid/28250 http://secunia.com/advisories/29363 http://www.vupen.com/english/advisories/2008/0900/references XForce ISS Database: nagios-unspecified-xss(41210) https://exchange.xforce.ibmcloud.com/vulnerabilities/41210
Copyright	Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.