Test Kennung:	1.3.6.1.4.1.25623.1.0.61141
Kategorie:	Mandrake Local Security Checks
Titel:	Mandrake Security Advisory MDVSA-2008:118 (net-snmp)
Zusammenfassung:	NOSUMMARY
Beschreibung:	Description: The remote host is missing an update to net-snmp announced via advisory MDVSA-2008:118. A vulnerability was found in how Net-SNMP checked an SNMPv3 packet's Keyed-Hash Message Authentication Code (HMAC). An attacker could exploit this flaw to spoof an authenticated SNMPv3 packet (CVE-2008-0960). A buffer overflow was found in the perl bindings for Net-SNMP that could be exploited if an attacker could convince an application using the Net-SNMP perl modules to connect to a malicious SNMP agent (CVE-2008-2292). The updated packages have been patched to prevent these issues. Affected: 2007.1, 2008.0, 2008.1, Corporate 3.0, Corporate 4.0, Multi Network Firewall 2.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. http://www.securityspace.com/smysecure/catid.html?in=MDVSA-2008:118 Risk factor : Critical CVSS Score: 10.0
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2008-0960 http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html BugTraq ID: 29623 http://www.securityfocus.com/bid/29623 Bugtraq: 20080609 [oCERT-2008-006] multiple SNMP implementations HMAC authentication spoofing (Google Search) http://www.securityfocus.com/archive/1/493218/100/0/threaded Bugtraq: 20081031 VMSA-2008-0017 Updated ESX packages for libxml2, ucd-snmp, libtiff (Google Search) http://www.securityfocus.com/archive/1/497962/100/0/threaded Cert/CC Advisory: TA08-162A http://www.us-cert.gov/cas/techalerts/TA08-162A.html CERT/CC vulnerability note: VU#878044 http://www.kb.cert.org/vuls/id/878044 Cisco Security Advisory: 20080610 SNMP Version 3 Authentication Vulnerabilities http://www.cisco.com/warp/public/707/cisco-sa-20080610-snmpv3.shtml Debian Security Information: DSA-1663 (Google Search) http://www.debian.org/security/2008/dsa-1663 https://www.exploit-db.com/exploits/5790 https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00363.html https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00459.html https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00380.html http://security.gentoo.org/glsa/glsa-200808-02.xml HPdes Security Advisory: HPSBMA02439 http://marc.info/?l=bugtraq&m=127730470825399&w=2 HPdes Security Advisory: SSRT080082 http://www.mandriva.com/security/advisories?name=MDVSA-2008:118 http://www.ocert.org/advisories/ocert-2008-006.html http://www.vmware.com/security/advisories/VMSA-2008-0017.html http://www.openwall.com/lists/oss-security/2008/06/09/1 http://lists.ingate.com/pipermail/productinfo/2008/000021.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10820 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5785 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6414 RedHat Security Advisories: RHSA-2008:0528 http://rhn.redhat.com/errata/RHSA-2008-0528.html http://www.redhat.com/support/errata/RHSA-2008-0529.html http://www.securitytracker.com/id?1020218 http://secunia.com/advisories/30574 http://secunia.com/advisories/30596 http://secunia.com/advisories/30612 http://secunia.com/advisories/30615 http://secunia.com/advisories/30626 http://secunia.com/advisories/30647 http://secunia.com/advisories/30648 http://secunia.com/advisories/30665 http://secunia.com/advisories/30802 http://secunia.com/advisories/31334 http://secunia.com/advisories/31351 http://secunia.com/advisories/31467 http://secunia.com/advisories/31568 http://secunia.com/advisories/32664 http://secunia.com/advisories/33003 http://secunia.com/advisories/35463 http://securityreason.com/securityalert/3933 http://sunsolve.sun.com/search/document.do?assetkey=1-26-238865-1 SuSE Security Announcement: SUSE-SA:2008:039 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00000.html http://www.ubuntu.com/usn/usn-685-1 http://www.vupen.com/english/advisories/2008/1787/references http://www.vupen.com/english/advisories/2008/1788/references http://www.vupen.com/english/advisories/2008/1797/references http://www.vupen.com/english/advisories/2008/1800/references http://www.vupen.com/english/advisories/2008/1801/references http://www.vupen.com/english/advisories/2008/1836/references http://www.vupen.com/english/advisories/2008/1981/references http://www.vupen.com/english/advisories/2008/2361 http://www.vupen.com/english/advisories/2008/2971 http://www.vupen.com/english/advisories/2009/1612 Common Vulnerability Exposure (CVE) ID: CVE-2008-2292 BugTraq ID: 29212 http://www.securityfocus.com/bid/29212 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11261 http://www.securitytracker.com/id?1020527 http://secunia.com/advisories/30187 http://secunia.com/advisories/31155 http://sunsolve.sun.com/search/document.do?assetkey=1-26-239785-1 http://www.vupen.com/english/advisories/2008/1528/references http://www.vupen.com/english/advisories/2008/2141/references XForce ISS Database: netsnmp-snprintvalue-bo(42430) https://exchange.xforce.ibmcloud.com/vulnerabilities/42430
Copyright	Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.