Mandrake Local Security Checks : Mandrake Security Advisory MDVSA-2009:235 (silc-toolkit)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.64908

Categoría: Mandrake Local Security Checks

Título: Mandrake Security Advisory MDVSA-2009:235 (silc-toolkit)

Resumen: The remote host is missing an update to silc-toolkit;announced via advisory MDVSA-2009:235.

Descripción: Summary:
The remote host is missing an update to silc-toolkit
announced via advisory MDVSA-2009:235.

Vulnerability Insight:
Multiple vulnerabilities was discovered and corrected in silc-toolkit:

Multiple format string vulnerabilities in lib/silcclient/client_entry.c
in Secure Internet Live Conferencing (SILC) Toolkit before 1.1.10, and
SILC Client before 1.1.8, allow remote attackers to execute arbitrary
code via format string specifiers in a nickname field, related to the
(1) silc_client_add_client, (2) silc_client_update_client, and (3)
silc_client_nickname_format functions (CVE-2009-3051).

Multiple format string vulnerabilities in lib/silcclient/command.c
in Secure Internet Live Conferencing (SILC) Toolkit before 1.1.10,
and SILC Client 1.1.8 and earlier, allow remote attackers to execute
arbitrary code via format string specifiers in a channel name, related
to (1) silc_client_command_topic, (2) silc_client_command_kick,
(3) silc_client_command_leave, and (4) silc_client_command_users
(CVE-2009-3163).

This update provides a solution to these vulnerabilities.

Affected: 2009.1

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2009-3051
BugTraq ID: 35940
http://www.securityfocus.com/bid/35940
Debian Security Information: DSA-1879 (Google Search)
http://www.debian.org/security/2009/dsa-1879
http://www.mandriva.com/security/advisories?name=MDVSA-2009:234
http://www.mandriva.com/security/advisories?name=MDVSA-2009:235
http://www.openwall.com/lists/oss-security/2009/08/31/5
http://www.openwall.com/lists/oss-security/2009/09/03/5
http://secunia.com/advisories/36134
http://secunia.com/advisories/36614
SuSE Security Announcement: SUSE-SR:2009:016 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html
http://www.vupen.com/english/advisories/2009/2150
Common Vulnerability Exposure (CVE) ID: CVE-2009-3163
BugTraq ID: 36193
http://www.securityfocus.com/bid/36193

Copyright Copyright (C) 2009 E-Soft Inc.

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.64908
Categoría:	Mandrake Local Security Checks
Título:	Mandrake Security Advisory MDVSA-2009:235 (silc-toolkit)
Resumen:	The remote host is missing an update to silc-toolkit;announced via advisory MDVSA-2009:235.
Descripción:	Summary: The remote host is missing an update to silc-toolkit announced via advisory MDVSA-2009:235. Vulnerability Insight: Multiple vulnerabilities was discovered and corrected in silc-toolkit: Multiple format string vulnerabilities in lib/silcclient/client_entry.c in Secure Internet Live Conferencing (SILC) Toolkit before 1.1.10, and SILC Client before 1.1.8, allow remote attackers to execute arbitrary code via format string specifiers in a nickname field, related to the (1) silc_client_add_client, (2) silc_client_update_client, and (3) silc_client_nickname_format functions (CVE-2009-3051). Multiple format string vulnerabilities in lib/silcclient/command.c in Secure Internet Live Conferencing (SILC) Toolkit before 1.1.10, and SILC Client 1.1.8 and earlier, allow remote attackers to execute arbitrary code via format string specifiers in a channel name, related to (1) silc_client_command_topic, (2) silc_client_command_kick, (3) silc_client_command_leave, and (4) silc_client_command_users (CVE-2009-3163). This update provides a solution to these vulnerabilities. Affected: 2009.1 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2009-3051 BugTraq ID: 35940 http://www.securityfocus.com/bid/35940 Debian Security Information: DSA-1879 (Google Search) http://www.debian.org/security/2009/dsa-1879 http://www.mandriva.com/security/advisories?name=MDVSA-2009:234 http://www.mandriva.com/security/advisories?name=MDVSA-2009:235 http://www.openwall.com/lists/oss-security/2009/08/31/5 http://www.openwall.com/lists/oss-security/2009/09/03/5 http://secunia.com/advisories/36134 http://secunia.com/advisories/36614 SuSE Security Announcement: SUSE-SR:2009:016 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html http://www.vupen.com/english/advisories/2009/2150 Common Vulnerability Exposure (CVE) ID: CVE-2009-3163 BugTraq ID: 36193 http://www.securityfocus.com/bid/36193
Copyright	Copyright (C) 2009 E-Soft Inc.