Test Kennung:	1.3.6.1.4.1.25623.1.0.880557
Kategorie:	CentOS Local Security Checks
Titel:	CentOS Update for avahi CESA-2011:0436 centos5 i386
Zusammenfassung:	The remote host is missing an update for the 'avahi'; package(s) announced via the referenced advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'avahi' package(s) announced via the referenced advisory. Vulnerability Insight: Avahi is an implementation of the DNS Service Discovery and Multicast DNS specifications for Zero Configuration Networking. It facilitates service discovery on a local network. Avahi and Avahi-aware applications allow you to plug your computer into a network and, with no configuration, view other people to chat with, view printers to print to, and find shared files on other computers. A flaw was found in the way the Avahi daemon (avahi-daemon) processed Multicast DNS (mDNS) packets with an empty payload. An attacker on the local network could use this flaw to cause avahi-daemon on a target system to enter an infinite loop via an empty mDNS UDP packet. (CVE-2011-1002) All users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the update, avahi-daemon will be restarted automatically. Affected Software/OS: avahi on CentOS 5 Solution: Please install the updated packages. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2011-1002 BugTraq ID: 46446 http://www.securityfocus.com/bid/46446 Debian Security Information: DSA-2174 (Google Search) http://www.debian.org/security/2011/dsa-2174 http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055858.html http://www.mandriva.com/security/advisories?name=MDVSA-2011:037 http://www.mandriva.com/security/advisories?name=MDVSA-2011:040 http://xorl.wordpress.com/2011/02/20/cve-2011-1002-avahi-daemon-remote-denial-of-service/ http://openwall.com/lists/oss-security/2011/02/18/1 http://openwall.com/lists/oss-security/2011/02/18/4 http://www.openwall.com/lists/oss-security/2011/02/22/9 http://osvdb.org/70948 http://www.redhat.com/support/errata/RHSA-2011-0436.html http://www.redhat.com/support/errata/RHSA-2011-0779.html http://secunia.com/advisories/43361 http://secunia.com/advisories/43465 http://secunia.com/advisories/43605 http://secunia.com/advisories/43673 http://secunia.com/advisories/44131 SuSE Security Announcement: SUSE-SR:2011:005 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html http://ubuntu.com/usn/usn-1084-1 http://www.vupen.com/english/advisories/2011/0448 http://www.vupen.com/english/advisories/2011/0499 http://www.vupen.com/english/advisories/2011/0511 http://www.vupen.com/english/advisories/2011/0565 http://www.vupen.com/english/advisories/2011/0601 http://www.vupen.com/english/advisories/2011/0670 http://www.vupen.com/english/advisories/2011/0969 XForce ISS Database: avahi-udp-dos(65524) https://exchange.xforce.ibmcloud.com/vulnerabilities/65524 XForce ISS Database: avahi-udp-packet-dos(65525) https://exchange.xforce.ibmcloud.com/vulnerabilities/65525 Common Vulnerability Exposure (CVE) ID: CVE-2010-2244 Debian Security Information: DSA-2086 (Google Search) http://www.debian.org/security/2010/dsa-2086 http://lists.fedoraproject.org/pipermail/package-announce/2010-July/043820.html http://lists.fedoraproject.org/pipermail/package-announce/2010-July/043800.html http://www.mandriva.com/security/advisories?name=MDVSA-2010:204 http://www.openwall.com/lists/oss-security/2010/06/23/4 http://marc.info/?l=oss-security&m=127748459505200&w=2 http://www.securitytracker.com/id?1024200
Copyright	Copyright (c) 2011 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.