Mandrake Local Security Checks : Mandrake Security Advisory MDVSA-2009:009 (kvm)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.63196

Categoría: Mandrake Local Security Checks

Título: Mandrake Security Advisory MDVSA-2009:009 (kvm)

Resumen: The remote host is missing an update to kvm;announced via advisory MDVSA-2009:009.

Descripción: Summary:
The remote host is missing an update to kvm
announced via advisory MDVSA-2009:009.

Vulnerability Insight:
Security vulnerabilities have been discovered and corrected in
VNC server of kvm version 79 and earlier, which could lead to
denial-of-service attacks (CVE-2008-2382), and make it easier for
remote attackers to guess the VNC password (CVE-2008-5714).

The updated packages have been patched to prevent this.

Affected: 2009.0

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

CVSS Score:
7.8

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:N/A:N

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2008-2382
BugTraq ID: 32910
http://www.securityfocus.com/bid/32910
Bugtraq: 20081222 CORE-2008-1210: Qemu and KVM VNC server remote DoS (Google Search)
http://www.securityfocus.com/archive/1/499502/100/0/threaded
https://www.redhat.com/archives/fedora-package-announce/2008-December/msg01223.html
http://www.coresecurity.com/content/vnc-remote-dos
http://securitytracker.com/id?1021488
http://securitytracker.com/id?1021489
http://secunia.com/advisories/33293
http://secunia.com/advisories/33303
http://secunia.com/advisories/33350
http://secunia.com/advisories/33568
http://secunia.com/advisories/34642
http://secunia.com/advisories/35062
http://securityreason.com/securityalert/4803
SuSE Security Announcement: SUSE-SR:2009:002 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00004.html
SuSE Security Announcement: SUSE-SR:2009:008 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html
http://www.ubuntu.com/usn/usn-776-1
http://www.vupen.com/english/advisories/2008/3488
http://www.vupen.com/english/advisories/2008/3489
XForce ISS Database: qemu-kvm-protocolclientmsg-dos(47561)
https://exchange.xforce.ibmcloud.com/vulnerabilities/47561
Common Vulnerability Exposure (CVE) ID: CVE-2008-5714
BugTraq ID: 33020
http://www.securityfocus.com/bid/33020
http://lists.gnu.org/archive/html/qemu-devel/2008-11/msg01224.html
http://lists.gnu.org/archive/html/qemu-devel/2008-12/msg00498.html
XForce ISS Database: qemu-monitor-weak-security(47683)
https://exchange.xforce.ibmcloud.com/vulnerabilities/47683

Copyright Copyright (C) 2009 E-Soft Inc.

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.63196
Categoría:	Mandrake Local Security Checks
Título:	Mandrake Security Advisory MDVSA-2009:009 (kvm)
Resumen:	The remote host is missing an update to kvm;announced via advisory MDVSA-2009:009.
Descripción:	Summary: The remote host is missing an update to kvm announced via advisory MDVSA-2009:009. Vulnerability Insight: Security vulnerabilities have been discovered and corrected in VNC server of kvm version 79 and earlier, which could lead to denial-of-service attacks (CVE-2008-2382), and make it easier for remote attackers to guess the VNC password (CVE-2008-5714). The updated packages have been patched to prevent this. Affected: 2009.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. CVSS Score: 7.8 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:N/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2008-2382 BugTraq ID: 32910 http://www.securityfocus.com/bid/32910 Bugtraq: 20081222 CORE-2008-1210: Qemu and KVM VNC server remote DoS (Google Search) http://www.securityfocus.com/archive/1/499502/100/0/threaded https://www.redhat.com/archives/fedora-package-announce/2008-December/msg01223.html http://www.coresecurity.com/content/vnc-remote-dos http://securitytracker.com/id?1021488 http://securitytracker.com/id?1021489 http://secunia.com/advisories/33293 http://secunia.com/advisories/33303 http://secunia.com/advisories/33350 http://secunia.com/advisories/33568 http://secunia.com/advisories/34642 http://secunia.com/advisories/35062 http://securityreason.com/securityalert/4803 SuSE Security Announcement: SUSE-SR:2009:002 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00004.html SuSE Security Announcement: SUSE-SR:2009:008 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html http://www.ubuntu.com/usn/usn-776-1 http://www.vupen.com/english/advisories/2008/3488 http://www.vupen.com/english/advisories/2008/3489 XForce ISS Database: qemu-kvm-protocolclientmsg-dos(47561) https://exchange.xforce.ibmcloud.com/vulnerabilities/47561 Common Vulnerability Exposure (CVE) ID: CVE-2008-5714 BugTraq ID: 33020 http://www.securityfocus.com/bid/33020 http://lists.gnu.org/archive/html/qemu-devel/2008-11/msg01224.html http://lists.gnu.org/archive/html/qemu-devel/2008-12/msg00498.html XForce ISS Database: qemu-monitor-weak-security(47683) https://exchange.xforce.ibmcloud.com/vulnerabilities/47683
Copyright	Copyright (C) 2009 E-Soft Inc.