Mandrake Local Security Checks : Mandriva Security Advisory MDVSA-2011:037 (avahi)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.69063

Categoría: Mandrake Local Security Checks

Título: Mandriva Security Advisory MDVSA-2011:037 (avahi)

Resumen: NOSUMMARY

Descripción: Description:
The remote host is missing an update to avahi
announced via advisory MDVSA-2011:037.

A vulnerability has been found and corrected in avahi:

avahi-core/socket.c in avahi-daemon in Avahi before 0.6.29 allows
remote attackers to cause a denial of service (infinite loop) via
an empty (1) IPv4 or (2) IPv6 UDP packet to port 5353. NOTE: this
vulnerability exists because of an incorrect fix for CVE-2010-2244
(CVE-2011-1002).

Packages for 2009.0 are provided as of the Extended Maintenance
Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490

The updated packages have been patched to correct this issue.

Affected: 2009.0, 2010.0, 2010.1, Enterprise Server 5.0

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

https://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2011:037

Risk factor : Medium

CVSS Score:
5.0

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2010-2244
1024200
http://www.securitytracker.com/id?1024200
DSA-2086
http://www.debian.org/security/2010/dsa-2086
FEDORA-2010-10581
http://lists.fedoraproject.org/pipermail/package-announce/2010-July/043820.html
FEDORA-2010-10584
http://lists.fedoraproject.org/pipermail/package-announce/2010-July/043800.html
MDVSA-2010:204
http://www.mandriva.com/security/advisories?name=MDVSA-2010:204
[oss-security] 20100623 CVE Request: avahi DoS
http://www.openwall.com/lists/oss-security/2010/06/23/4
[oss-security] 20100625 Re: CVE Request: avahi DoS
http://marc.info/?l=oss-security&m=127748459505200&w=2
https://bugzilla.redhat.com/show_bug.cgi?id=607293
Common Vulnerability Exposure (CVE) ID: CVE-2011-1002
43361
http://secunia.com/advisories/43361
43465
http://secunia.com/advisories/43465
43605
http://secunia.com/advisories/43605
43673
http://secunia.com/advisories/43673
44131
http://secunia.com/advisories/44131
46446
http://www.securityfocus.com/bid/46446
70948
http://osvdb.org/70948
ADV-2011-0448
http://www.vupen.com/english/advisories/2011/0448
ADV-2011-0499
http://www.vupen.com/english/advisories/2011/0499
ADV-2011-0511
http://www.vupen.com/english/advisories/2011/0511
ADV-2011-0565
http://www.vupen.com/english/advisories/2011/0565
ADV-2011-0601
http://www.vupen.com/english/advisories/2011/0601
ADV-2011-0670
http://www.vupen.com/english/advisories/2011/0670
ADV-2011-0969
http://www.vupen.com/english/advisories/2011/0969
DSA-2174
http://www.debian.org/security/2011/dsa-2174
FEDORA-2011-3033
http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055858.html
MDVSA-2011:037
http://www.mandriva.com/security/advisories?name=MDVSA-2011:037
MDVSA-2011:040
http://www.mandriva.com/security/advisories?name=MDVSA-2011:040
RHSA-2011:0436
http://www.redhat.com/support/errata/RHSA-2011-0436.html
RHSA-2011:0779
http://www.redhat.com/support/errata/RHSA-2011-0779.html
SUSE-SR:2011:005
http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html
USN-1084-1
http://ubuntu.com/usn/usn-1084-1
[oss-security] 20110218 CVE request: avahi daemon remote denial of service by sending NULL UDP
http://openwall.com/lists/oss-security/2011/02/18/1
[oss-security] 20110218 Re: CVE request: avahi daemon remote denial of service by sending NULL UDP
http://openwall.com/lists/oss-security/2011/02/18/4
[oss-security] 20110222 Re: [oss-security] CVE request: avahi daemon remote denial of service by sending NULL UDP
http://www.openwall.com/lists/oss-security/2011/02/22/9
avahi-udp-dos(65524)
https://exchange.xforce.ibmcloud.com/vulnerabilities/65524
avahi-udp-packet-dos(65525)
https://exchange.xforce.ibmcloud.com/vulnerabilities/65525
http://avahi.org/ticket/325
http://git.0pointer.de/?p=avahi.git%3Ba=commit%3Bh=46109dfec75534fe270c0ab902576f685d5ab3a6
http://xorl.wordpress.com/2011/02/20/cve-2011-1002-avahi-daemon-remote-denial-of-service/
https://bugzilla.redhat.com/show_bug.cgi?id=667187

Copyright Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.69063
Categoría:	Mandrake Local Security Checks
Título:	Mandriva Security Advisory MDVSA-2011:037 (avahi)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to avahi announced via advisory MDVSA-2011:037. A vulnerability has been found and corrected in avahi: avahi-core/socket.c in avahi-daemon in Avahi before 0.6.29 allows remote attackers to cause a denial of service (infinite loop) via an empty (1) IPv4 or (2) IPv6 UDP packet to port 5353. NOTE: this vulnerability exists because of an incorrect fix for CVE-2010-2244 (CVE-2011-1002). Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&products_id=490 The updated packages have been patched to correct this issue. Affected: 2009.0, 2010.0, 2010.1, Enterprise Server 5.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. https://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2011:037 Risk factor : Medium CVSS Score: 5.0
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2010-2244 1024200 http://www.securitytracker.com/id?1024200 DSA-2086 http://www.debian.org/security/2010/dsa-2086 FEDORA-2010-10581 http://lists.fedoraproject.org/pipermail/package-announce/2010-July/043820.html FEDORA-2010-10584 http://lists.fedoraproject.org/pipermail/package-announce/2010-July/043800.html MDVSA-2010:204 http://www.mandriva.com/security/advisories?name=MDVSA-2010:204 [oss-security] 20100623 CVE Request: avahi DoS http://www.openwall.com/lists/oss-security/2010/06/23/4 [oss-security] 20100625 Re: CVE Request: avahi DoS http://marc.info/?l=oss-security&m=127748459505200&w=2 https://bugzilla.redhat.com/show_bug.cgi?id=607293 Common Vulnerability Exposure (CVE) ID: CVE-2011-1002 43361 http://secunia.com/advisories/43361 43465 http://secunia.com/advisories/43465 43605 http://secunia.com/advisories/43605 43673 http://secunia.com/advisories/43673 44131 http://secunia.com/advisories/44131 46446 http://www.securityfocus.com/bid/46446 70948 http://osvdb.org/70948 ADV-2011-0448 http://www.vupen.com/english/advisories/2011/0448 ADV-2011-0499 http://www.vupen.com/english/advisories/2011/0499 ADV-2011-0511 http://www.vupen.com/english/advisories/2011/0511 ADV-2011-0565 http://www.vupen.com/english/advisories/2011/0565 ADV-2011-0601 http://www.vupen.com/english/advisories/2011/0601 ADV-2011-0670 http://www.vupen.com/english/advisories/2011/0670 ADV-2011-0969 http://www.vupen.com/english/advisories/2011/0969 DSA-2174 http://www.debian.org/security/2011/dsa-2174 FEDORA-2011-3033 http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055858.html MDVSA-2011:037 http://www.mandriva.com/security/advisories?name=MDVSA-2011:037 MDVSA-2011:040 http://www.mandriva.com/security/advisories?name=MDVSA-2011:040 RHSA-2011:0436 http://www.redhat.com/support/errata/RHSA-2011-0436.html RHSA-2011:0779 http://www.redhat.com/support/errata/RHSA-2011-0779.html SUSE-SR:2011:005 http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html USN-1084-1 http://ubuntu.com/usn/usn-1084-1 [oss-security] 20110218 CVE request: avahi daemon remote denial of service by sending NULL UDP http://openwall.com/lists/oss-security/2011/02/18/1 [oss-security] 20110218 Re: CVE request: avahi daemon remote denial of service by sending NULL UDP http://openwall.com/lists/oss-security/2011/02/18/4 [oss-security] 20110222 Re: [oss-security] CVE request: avahi daemon remote denial of service by sending NULL UDP http://www.openwall.com/lists/oss-security/2011/02/22/9 avahi-udp-dos(65524) https://exchange.xforce.ibmcloud.com/vulnerabilities/65524 avahi-udp-packet-dos(65525) https://exchange.xforce.ibmcloud.com/vulnerabilities/65525 http://avahi.org/ticket/325 http://git.0pointer.de/?p=avahi.git%3Ba=commit%3Bh=46109dfec75534fe270c0ab902576f685d5ab3a6 http://xorl.wordpress.com/2011/02/20/cve-2011-1002-avahi-daemon-remote-denial-of-service/ https://bugzilla.redhat.com/show_bug.cgi?id=667187
Copyright	Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com