ID de Prueba:	1.3.6.1.4.1.25623.1.0.881281
Categoría:	CentOS Local Security Checks
Título:	CentOS Update for dhclient CESA-2011:0428 centos4 x86_64
Resumen:	The remote host is missing an update for the 'dhclient'; package(s) announced via the referenced advisory.
Descripción:	Summary: The remote host is missing an update for the 'dhclient' package(s) announced via the referenced advisory. Vulnerability Insight: The Dynamic Host Configuration Protocol (DHCP) is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. It was discovered that the DHCP client daemon, dhclient, did not sufficiently sanitize certain options provided in DHCP server replies, such as the client hostname. A malicious DHCP server could send such an option with a specially-crafted value to a DHCP client. If this option's value was saved on the client system, and then later insecurely evaluated by a process that assumes the option is trusted, it could lead to arbitrary code execution with the privileges of that process. (CVE-2011-0997) Red Hat would like to thank Sebastian Krahmer of the SuSE Security Team for reporting this issue. All dhclient users should upgrade to these updated packages, which contain a backported patch to correct this issue. Affected Software/OS: dhclient on CentOS 4 Solution: Please install the updated packages. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2011-0997 BugTraq ID: 47176 http://www.securityfocus.com/bid/47176 CERT/CC vulnerability note: VU#107886 http://www.kb.cert.org/vuls/id/107886 Debian Security Information: DSA-2216 (Google Search) http://www.debian.org/security/2011/dsa-2216 Debian Security Information: DSA-2217 (Google Search) http://www.debian.org/security/2011/dsa-2217 https://www.exploit-db.com/exploits/37623/ http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057888.html http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058279.html http://security.gentoo.org/glsa/glsa-201301-06.xml HPdes Security Advisory: HPSBMU02752 http://marc.info/?l=bugtraq&m=133226187115472&w=2 HPdes Security Advisory: SSRT100802 http://www.mandriva.com/security/advisories?name=MDVSA-2011:073 http://www.osvdb.org/71493 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12812 http://www.redhat.com/support/errata/RHSA-2011-0428.html http://www.redhat.com/support/errata/RHSA-2011-0840.html http://securitytracker.com/id?1025300 http://secunia.com/advisories/44037 http://secunia.com/advisories/44048 http://secunia.com/advisories/44089 http://secunia.com/advisories/44090 http://secunia.com/advisories/44103 http://secunia.com/advisories/44127 http://secunia.com/advisories/44180 http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.593345 http://www.ubuntu.com/usn/USN-1108-1 http://www.vupen.com/english/advisories/2011/0879 http://www.vupen.com/english/advisories/2011/0886 http://www.vupen.com/english/advisories/2011/0909 http://www.vupen.com/english/advisories/2011/0915 http://www.vupen.com/english/advisories/2011/0926 http://www.vupen.com/english/advisories/2011/0965 http://www.vupen.com/english/advisories/2011/1000 XForce ISS Database: iscdhcp-dhclient-command-execution(66580) https://exchange.xforce.ibmcloud.com/vulnerabilities/66580
Copyright	Copyright (c) 2012 Greenbone Networks GmbH

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.