ID de Prueba:	1.3.6.1.4.1.25623.1.0.61137
Categoría:	Mandrake Local Security Checks
Título:	Mandrake Security Advisory MDVSA-2008:113 (kernel)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to kernel announced via advisory MDVSA-2008:113. A vulnerability was discovered and corrected in the Linux 2.6 kernel: The asn1 implementation in (a) the Linux kernel 2.4 before 2.4.36.6 and 2.6 before 2.6.25.5, as used in the cifs and ip_nat_snmp_basic modules and (b) the gxsnmp package does not properly validate length values during decoding of ASN.1 BER data, which allows remote attackers to cause a denial of service (crash) or execute arbitrary code via (1) a length greater than the working buffer, which can lead to an unspecified overflow (2) an oid length of zero, which can lead to an off-by-one error or (3) an indefinite length for a primitive encoding. To update your kernel, please follow the directions located at: http://www.mandriva.com/en/security/kernelupdate Affected: 2008.1 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. https://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2008:113 Risk factor : Critical CVSS Score: 10.0
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2008-1673 1020210 http://www.securitytracker.com/id?1020210 20080611 rPSA-2008-0189-1 kernel xen http://www.securityfocus.com/archive/1/493300/100/0/threaded 29589 http://www.securityfocus.com/bid/29589 30000 http://secunia.com/advisories/30000 30580 http://secunia.com/advisories/30580 30644 http://secunia.com/advisories/30644 30658 http://secunia.com/advisories/30658 30982 http://secunia.com/advisories/30982 31107 http://secunia.com/advisories/31107 31836 http://secunia.com/advisories/31836 32103 http://secunia.com/advisories/32103 32104 http://secunia.com/advisories/32104 32370 http://secunia.com/advisories/32370 32759 http://secunia.com/advisories/32759 ADV-2008-1770 http://www.vupen.com/english/advisories/2008/1770 DSA-1592 http://www.debian.org/security/2008/dsa-1592 FEDORA-2008-5308 https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00587.html MDVSA-2008:113 http://www.mandriva.com/security/advisories?name=MDVSA-2008:113 MDVSA-2008:174 http://www.mandriva.com/security/advisories?name=MDVSA-2008:174 SUSE-SA:2008:035 http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00007.html SUSE-SA:2008:038 http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00012.html SUSE-SA:2008:047 http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00000.html SUSE-SA:2008:048 http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00001.html SUSE-SA:2008:049 http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00003.html SUSE-SA:2008:052 http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00008.html SUSE-SR:2008:025 http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html USN-625-1 http://www.ubuntu.com/usn/usn-625-1 http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.25.y.git%3Ba=commit%3Bh=33afb8403f361919aa5c8fe1d0a4f5ddbfbbea3c http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=ddb2c43594f22843e9f3153da151deaba1a834c5 http://kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.36.6 http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.25.5 http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0189 https://bugzilla.redhat.com/show_bug.cgi?id=443962 linux-kernel-ber-decoder-bo(42921) https://exchange.xforce.ibmcloud.com/vulnerabilities/42921
Copyright	Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.