ID de Prueba:	1.3.6.1.4.1.25623.1.0.50645
Categoría:	Mandrake Local Security Checks
Título:	Mandrake Security Advisory MDKSA-2004:008 (tcpdump)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to tcpdump announced via advisory MDKSA-2004:008. A number of vulnerabilities were discovered in tcpdump versions prior to 3.8.1 that, if fed a maliciously crafted packet, could be exploited to crash tcpdump or potentially execute arbitrary code with the privileges of the user running tcpdump. These vulnerabilities include: An infinite loop and memory consumption processing L2TP packets (CVE-2003-1029). Infinite loops in processing ISAKMP packets (CVE-2003-0989, CVE-2004-0057). A segmentation fault caused by a RADIUS attribute with a large length value (CVE-2004-0055). The updated packages are patched to correct these problem. Affected versions: 9.1, 9.2, Corporate Server 2.1, Multi Network Firewall 8.2 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. http://www.securityspace.com/smysecure/catid.html?in=MDKSA-2004:008 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0989 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-1029 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0055 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0057 Risk factor : High CVSS Score: 7.5
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2003-1029 Bugtraq: 20031220 Remote crash in tcpdump from OpenBSD (Google Search) http://marc.info/?l=bugtraq&m=107193841728533&w=2 Bugtraq: 20031221 Re: Remote crash in tcpdump from OpenBSD (Google Search) http://marc.info/?l=bugtraq&m=107213553214985&w=2 Bugtraq: 20040119 [ESA-20040119-002] 'tcpdump' multiple vulnerabilities. (Google Search) http://www.securityfocus.com/archive/1/350238/30/21640/threaded Debian Security Information: DSA-425 (Google Search) http://www.debian.org/security/2004/dsa-425 En Garde Linux Advisory: ESA-20040119-002 http://lwn.net/Alerts/66805/ http://www.mandriva.com/security/advisories?name=MDKSA-2004:008 http://marc.info/?l=tcpdump-workers&m=107228187124962&w=2 http://www.securitytracker.com/id?1008748 http://secunia.com/advisories/10636 http://secunia.com/advisories/10652 http://secunia.com/advisories/10668 http://secunia.com/advisories/10718 Common Vulnerability Exposure (CVE) ID: CVE-2003-0989 http://lists.apple.com/archives/security-announce/2004/Feb/msg00000.html BugTraq ID: 9507 http://www.securityfocus.com/bid/9507 Bugtraq: 20040131 [FLSA-2004:1222] Updated tcpdump resolves security vulnerabilites (resend with correct paths) (Google Search) http://marc.info/?l=bugtraq&m=107577418225627&w=2 Caldera Security Advisory: CSSA-2004-008.0 ftp://ftp.sco.com/pub/security/OpenLinux/CSSA-2004-008.0.txt CERT/CC vulnerability note: VU#738518 http://www.kb.cert.org/vuls/id/738518 http://www.redhat.com/archives/fedora-announce-list/2004-March/msg00006.html http://www.redhat.com/archives/fedora-announce-list/2004-March/msg00009.html http://www.redhat.com/archives/fedora-legacy-list/2004-January/msg00726.html http://www.redhat.com/archives/fedora-announce-list/2004-March/msg00015.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10599 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A847 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A852 http://www.redhat.com/support/errata/RHSA-2004-007.html http://www.redhat.com/support/errata/RHSA-2004-008.html SCO Security Bulletin: SCOSA-2004.9 ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2004.9/SCOSA-2004.9.txt http://www.securitytracker.com/id?1008716 http://secunia.com/advisories/10637 http://secunia.com/advisories/10639 http://secunia.com/advisories/10644 http://secunia.com/advisories/11022 http://secunia.com/advisories/11032/ http://secunia.com/advisories/12179/ SGI Security Advisory: 20040103-01-U ftp://patches.sgi.com/support/free/security/advisories/20040103-01-U.asc SGI Security Advisory: 20040202-01-U ftp://patches.sgi.com/support/free/security/advisories/20040202-01-U.asc SuSE Security Announcement: SuSE-SA:2004:002 (Google Search) http://lwn.net/Alerts/66445/ Common Vulnerability Exposure (CVE) ID: CVE-2004-0057 BugTraq ID: 9423 http://www.securityfocus.com/bid/9423 CERT/CC vulnerability note: VU#174086 http://www.kb.cert.org/vuls/id/174086 http://marc.info/?l=tcpdump-workers&m=107325073018070&w=2 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11197 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A851 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A854 XForce ISS Database: tcpdump-rawprint-isakmp-dos(14837) https://exchange.xforce.ibmcloud.com/vulnerabilities/14837 Common Vulnerability Exposure (CVE) ID: CVE-2004-0055 BugTraq ID: 7090 http://www.securityfocus.com/bid/7090 CERT/CC vulnerability note: VU#955526 http://www.kb.cert.org/vuls/id/955526 Conectiva Linux advisory: CLSA-2003:832 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000832 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A850 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A853 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9989 http://www.securitytracker.com/id?1008735
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.