Mandrake Local Security Checks : Mandriva Security Advisory MDVSA-2010:209 (libsmi)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.68342

Categoría: Mandrake Local Security Checks

Título: Mandriva Security Advisory MDVSA-2010:209 (libsmi)

Resumen: NOSUMMARY

Descripción: Description:
The remote host is missing an update to libsmi
announced via advisory MDVSA-2010:209.

A buffer overflow was discovered in libsmi when long OID was given
in numerical form. This could lead to arbitraty code execution
(CVE-2010-2891).

Packages for 2009.0 are provided as of the Extended Maintenance
Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490

The updated packages have been patched to correct this issue.

Affected: 2009.0, 2009.1, 2010.0, 2010.1, Corporate 4.0,
Enterprise Server 5.0

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

https://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2010:209
http://www.coresecurity.com/content/libsmi-smigetnode-buffer-overflow

Risk factor : High

CVSS Score:
7.5

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2010-2891
BugTraq ID: 44276
http://www.securityfocus.com/bid/44276
Bugtraq: 20101020 [CORE-2010-0819] LibSMI smiGetNode Buffer Overflow When Long OID Is Given In Numerical Form (Google Search)
http://www.securityfocus.com/archive/1/514382/100/0/threaded
Debian Security Information: DSA-2145 (Google Search)
http://www.debian.org/security/2011/dsa-2145
http://www.exploit-db.com/exploits/15293
http://www.mandriva.com/security/advisories?name=MDVSA-2010:209
http://www.coresecurity.com/content/libsmi-smigetnode-buffer-overflow
http://secunia.com/advisories/41841
http://secunia.com/advisories/42877
http://secunia.com/advisories/42902
http://secunia.com/advisories/43068
SuSE Security Announcement: SUSE-SR:2011:001 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00003.html
SuSE Security Announcement: SUSE-SR:2011:002 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html
http://www.vupen.com/english/advisories/2010/2764
http://www.vupen.com/english/advisories/2011/0076
http://www.vupen.com/english/advisories/2011/0111
http://www.vupen.com/english/advisories/2011/0212
XForce ISS Database: libsmi-smigetnode-bo(62686)
https://exchange.xforce.ibmcloud.com/vulnerabilities/62686

Copyright Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.68342
Categoría:	Mandrake Local Security Checks
Título:	Mandriva Security Advisory MDVSA-2010:209 (libsmi)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to libsmi announced via advisory MDVSA-2010:209. A buffer overflow was discovered in libsmi when long OID was given in numerical form. This could lead to arbitraty code execution (CVE-2010-2891). Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&products_id=490 The updated packages have been patched to correct this issue. Affected: 2009.0, 2009.1, 2010.0, 2010.1, Corporate 4.0, Enterprise Server 5.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. https://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2010:209 http://www.coresecurity.com/content/libsmi-smigetnode-buffer-overflow Risk factor : High CVSS Score: 7.5
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2010-2891 BugTraq ID: 44276 http://www.securityfocus.com/bid/44276 Bugtraq: 20101020 [CORE-2010-0819] LibSMI smiGetNode Buffer Overflow When Long OID Is Given In Numerical Form (Google Search) http://www.securityfocus.com/archive/1/514382/100/0/threaded Debian Security Information: DSA-2145 (Google Search) http://www.debian.org/security/2011/dsa-2145 http://www.exploit-db.com/exploits/15293 http://www.mandriva.com/security/advisories?name=MDVSA-2010:209 http://www.coresecurity.com/content/libsmi-smigetnode-buffer-overflow http://secunia.com/advisories/41841 http://secunia.com/advisories/42877 http://secunia.com/advisories/42902 http://secunia.com/advisories/43068 SuSE Security Announcement: SUSE-SR:2011:001 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00003.html SuSE Security Announcement: SUSE-SR:2011:002 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html http://www.vupen.com/english/advisories/2010/2764 http://www.vupen.com/english/advisories/2011/0076 http://www.vupen.com/english/advisories/2011/0111 http://www.vupen.com/english/advisories/2011/0212 XForce ISS Database: libsmi-smigetnode-bo(62686) https://exchange.xforce.ibmcloud.com/vulnerabilities/62686
Copyright	Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com