Mandrake Local Security Checks : Mandriva Update for dhcp MDVSA-2012:115 (dhcp)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.831703

Categoría: Mandrake Local Security Checks

Título: Mandriva Update for dhcp MDVSA-2012:115 (dhcp)

Resumen: The remote host is missing an update for the 'dhcp'; package(s) announced via the referenced advisory.

Descripción: Summary:
The remote host is missing an update for the 'dhcp'
package(s) announced via the referenced advisory.

Vulnerability Insight:
Multiple vulnerabilities has been discovered and corrected in ISC DHCP:

An unexpected client identifier parameter can cause the ISC DHCP
daemon to segmentation fault when running in DHCPv6 mode, resulting
in a denial of service to further client requests. In order to exploit
this condition, an attacker must be able to send requests to the DHCP
server (CVE-2012-3570)

Two memory leaks have been found and fixed in ISC DHCP. Both are
reproducible when running in DHCPv6 mode (with the -6 command-line
argument.) The first leak is confirmed to only affect servers
operating in DHCPv6 mode, but based on initial code analysis the
second may theoretically affect DHCPv4 servers (though this has not
been demonstrated.) (CVE-2012-3954).

The updated packages have been upgraded to the latest version
(4.2.4-P1) which is not affected by these issues.

Affected Software/OS:
dhcp on Mandriva Linux 2011.0

Solution:
Please Install the Updated Packages.

CVSS Score:
6.1

CVSS Vector:
AV:A/AC:L/Au:N/C:N/I:N/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2012-3570
BugTraq ID: 54665
http://www.securityfocus.com/bid/54665
http://security.gentoo.org/glsa/glsa-201301-06.xml
http://www.mandriva.com/security/advisories?name=MDVSA-2012:115
SuSE Security Announcement: openSUSE-SU-2012:1006 (Google Search)
http://lists.opensuse.org/opensuse-updates/2012-08/msg00030.html
Common Vulnerability Exposure (CVE) ID: CVE-2012-3571
Debian Security Information: DSA-2516 (Google Search)
http://www.debian.org/security/2012/dsa-2516
Debian Security Information: DSA-2519 (Google Search)
http://www.debian.org/security/2012/dsa-2519
http://www.mandriva.com/security/advisories?name=MDVSA-2012:116
RedHat Security Advisories: RHSA-2012:1140
http://rhn.redhat.com/errata/RHSA-2012-1140.html
RedHat Security Advisories: RHSA-2012:1141
http://rhn.redhat.com/errata/RHSA-2012-1141.html
http://www.ubuntu.com/usn/USN-1519-1
Common Vulnerability Exposure (CVE) ID: CVE-2012-3954
http://www.securitytracker.com/id?1027300

Copyright Copyright (C) 2012 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.831703
Categoría:	Mandrake Local Security Checks
Título:	Mandriva Update for dhcp MDVSA-2012:115 (dhcp)
Resumen:	The remote host is missing an update for the 'dhcp'; package(s) announced via the referenced advisory.
Descripción:	Summary: The remote host is missing an update for the 'dhcp' package(s) announced via the referenced advisory. Vulnerability Insight: Multiple vulnerabilities has been discovered and corrected in ISC DHCP: An unexpected client identifier parameter can cause the ISC DHCP daemon to segmentation fault when running in DHCPv6 mode, resulting in a denial of service to further client requests. In order to exploit this condition, an attacker must be able to send requests to the DHCP server (CVE-2012-3570) Two memory leaks have been found and fixed in ISC DHCP. Both are reproducible when running in DHCPv6 mode (with the -6 command-line argument.) The first leak is confirmed to only affect servers operating in DHCPv6 mode, but based on initial code analysis the second may theoretically affect DHCPv4 servers (though this has not been demonstrated.) (CVE-2012-3954). The updated packages have been upgraded to the latest version (4.2.4-P1) which is not affected by these issues. Affected Software/OS: dhcp on Mandriva Linux 2011.0 Solution: Please Install the Updated Packages. CVSS Score: 6.1 CVSS Vector: AV:A/AC:L/Au:N/C:N/I:N/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2012-3570 BugTraq ID: 54665 http://www.securityfocus.com/bid/54665 http://security.gentoo.org/glsa/glsa-201301-06.xml http://www.mandriva.com/security/advisories?name=MDVSA-2012:115 SuSE Security Announcement: openSUSE-SU-2012:1006 (Google Search) http://lists.opensuse.org/opensuse-updates/2012-08/msg00030.html Common Vulnerability Exposure (CVE) ID: CVE-2012-3571 Debian Security Information: DSA-2516 (Google Search) http://www.debian.org/security/2012/dsa-2516 Debian Security Information: DSA-2519 (Google Search) http://www.debian.org/security/2012/dsa-2519 http://www.mandriva.com/security/advisories?name=MDVSA-2012:116 RedHat Security Advisories: RHSA-2012:1140 http://rhn.redhat.com/errata/RHSA-2012-1140.html RedHat Security Advisories: RHSA-2012:1141 http://rhn.redhat.com/errata/RHSA-2012-1141.html http://www.ubuntu.com/usn/USN-1519-1 Common Vulnerability Exposure (CVE) ID: CVE-2012-3954 http://www.securitytracker.com/id?1027300
Copyright	Copyright (C) 2012 Greenbone AG