Test Kennung:	1.3.6.1.4.1.25623.1.0.120538
Kategorie:	Amazon Linux Local Security Checks
Titel:	Amazon Linux: Security Advisory (ALAS-2015-513)
Zusammenfassung:	The remote host is missing an update announced via the referenced Security Advisory.
Beschreibung:	Summary: The remote host is missing an update announced via the referenced Security Advisory. Vulnerability Insight: A buffer overflow flaw was found in the way glibc's gethostbyname_r() and other related functions computed the size of a buffer when passed a misaligned buffer as input. An attacker able to make an application call any of these functions with a misaligned buffer could use this flaw to crash the application or, potentially, execute arbitrary code with the permissions of the user running the application. (CVE-2015-1781 )It was discovered that, under certain circumstances, glibc's getaddrinfo() function would send DNS queries to random file descriptors. An attacker could potentially use this flaw to send DNS queries to unintended recipients, resulting in information disclosure or data loss due to the application encountering corrupted data. (CVE-2013-7423 ) Solution: Run yum update glibc to update your system. CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2015-1781 BugTraq ID: 74255 http://www.securityfocus.com/bid/74255 Debian Security Information: DSA-3480 (Google Search) http://www.debian.org/security/2016/dsa-3480 http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177404.html https://security.gentoo.org/glsa/201602-02 https://www.sourceware.org/ml/libc-alpha/2015-08/msg00609.html RedHat Security Advisories: RHSA-2015:0863 https://rhn.redhat.com/errata/RHSA-2015-0863.html http://www.securitytracker.com/id/1032178 SuSE Security Announcement: SUSE-SU-2015:1424 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00019.html SuSE Security Announcement: SUSE-SU-2016:0470 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00036.html http://www.ubuntu.com/usn/USN-2985-1 http://www.ubuntu.com/usn/USN-2985-2 Common Vulnerability Exposure (CVE) ID: CVE-2013-7423 BugTraq ID: 72844 http://www.securityfocus.com/bid/72844 http://seclists.org/fulldisclosure/2021/Sep/0 http://packetstormsecurity.com/files/164014/Moxa-Command-Injection-Cross-Site-Scripting-Vulnerable-Software.html http://www.openwall.com/lists/oss-security/2015/01/28/20 http://rhn.redhat.com/errata/RHSA-2015-0863.html RedHat Security Advisories: RHSA-2016:1207 https://access.redhat.com/errata/RHSA-2016:1207 SuSE Security Announcement: openSUSE-SU-2015:0351 (Google Search) http://lists.opensuse.org/opensuse-updates/2015-02/msg00089.html http://www.ubuntu.com/usn/USN-2519-1
Copyright	Copyright (C) 2015 Eero Volotinen

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.