Test Kennung:	1.3.6.1.4.1.25623.1.0.58610
Kategorie:	Red Hat Local Security Checks
Titel:	RedHat Security Advisory RHSA-2007:0913
Zusammenfassung:	NOSUMMARY
Beschreibung:	Description: The remote host is missing updates announced in advisory RHSA-2007:0913. The nfs-utils-lib package contains support libraries that are needed by the commands and daemons of the nfs-utils package. Tenable Network Security discovered a stack buffer overflow flaw in the RPC library used by nfs-utils-lib. A remote unauthenticated attacker who can access an application linked against nfs-utils-lib could trigger this flaw and cause the application to crash. On Red Hat Enterprise Linux 4 it is not possible to exploit this flaw to run arbitrary code as the overflow is blocked by FORTIFY_SOURCE. (CVE-2007-3999) Users of nfs-utils-lib are advised to upgrade to this updated package, which contains a backported patch that resolves this issue. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2007-0913.html http://www.redhat.com/security/updates/classification/#important Risk factor : Critical CVSS Score: 10.0
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2007-3999 http://lists.apple.com/archives/security-announce/2007/Nov/msg00002.html BugTraq ID: 25534 http://www.securityfocus.com/bid/25534 BugTraq ID: 26444 http://www.securityfocus.com/bid/26444 Bugtraq: 20070906 rPSA-2007-0179-1 krb5 krb5-server krb5-services krb5-test krb5-workstation (Google Search) http://www.securityfocus.com/archive/1/478748/100/0/threaded Bugtraq: 20070912 ZDI-07-052: Multiple Kerberos Implementations Authentication Context Stack Overflow Vulnerability (Google Search) http://www.securityfocus.com/archive/1/479251/100/0/threaded Cert/CC Advisory: TA07-319A http://www.us-cert.gov/cas/techalerts/TA07-319A.html CERT/CC vulnerability note: VU#883632 http://www.kb.cert.org/vuls/id/883632 Debian Security Information: DSA-1367 (Google Search) http://www.debian.org/security/2007/dsa-1367 Debian Security Information: DSA-1368 (Google Search) http://www.debian.org/security/2007/dsa-1368 https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00087.html https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00173.html http://www.gentoo.org/security/en/glsa/glsa-200709-01.xml http://security.gentoo.org/glsa/glsa-200710-01.xml http://www.mandriva.com/security/advisories?name=MDKSA-2007:174 http://www.mandriva.com/security/advisories?name=MDKSA-2007:181 http://www.zerodayinitiative.com/advisories/ZDI-07-052.html https://bugzilla.redhat.com/show_bug.cgi?id=250973 http://lists.rpath.com/pipermail/security-announce/2007-September/000237.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3162 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9379 http://www.redhat.com/support/errata/RHSA-2007-0858.html http://www.redhat.com/support/errata/RHSA-2007-0913.html http://www.redhat.com/support/errata/RHSA-2007-0951.html http://www.securitytracker.com/id?1018647 http://secunia.com/advisories/26676 http://secunia.com/advisories/26680 http://secunia.com/advisories/26684 http://secunia.com/advisories/26691 http://secunia.com/advisories/26697 http://secunia.com/advisories/26699 http://secunia.com/advisories/26700 http://secunia.com/advisories/26705 http://secunia.com/advisories/26713 http://secunia.com/advisories/26728 http://secunia.com/advisories/26783 http://secunia.com/advisories/26792 http://secunia.com/advisories/26822 http://secunia.com/advisories/26896 http://secunia.com/advisories/26987 http://secunia.com/advisories/27043 http://secunia.com/advisories/27081 http://secunia.com/advisories/27146 http://secunia.com/advisories/27643 http://secunia.com/advisories/27756 http://secunia.com/advisories/29247 http://secunia.com/advisories/29270 http://securityreason.com/securityalert/3092 http://sunsolve.sun.com/search/document.do?assetkey=1-26-103060-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-201319-1 SuSE Security Announcement: SUSE-SR:2007:019 (Google Search) http://www.novell.com/linux/security/advisories/2007_19_sr.html SuSE Security Announcement: SUSE-SR:2007:024 (Google Search) http://www.novell.com/linux/security/advisories/2007_24_sr.html http://www.trustix.org/errata/2007/0026/ http://www.ubuntu.com/usn/usn-511-1 http://www.vupen.com/english/advisories/2007/3051 http://www.vupen.com/english/advisories/2007/3052 http://www.vupen.com/english/advisories/2007/3060 http://www.vupen.com/english/advisories/2007/3868 http://www.vupen.com/english/advisories/2008/0803/references XForce ISS Database: kerberos-rpcsecgss-bo(36437) https://exchange.xforce.ibmcloud.com/vulnerabilities/36437
Copyright	Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.