Tagged: network Toggle Comment Threads | Keyboard Shortcuts

  • vulnerability management 3:15 pm on December 3, 2010 Permalink | Reply
    Tags: , dhcpv6, network, , , ,   

    Dynamic Host Configuration Protocol (DHCP): Moderate Security Update 

    Users of Dynamic Host Configuration Protocol (DHCP) please be advised of a Moderate Security Update that has been identified.
    To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)

    RHSA-2010:0923-01: [RHSA-2010:0923-01] Moderate: dhcp security update
    Product: Red Hat Enterprise Linux
    Synopsis: Moderate: dhcp security update
    Description:

    The Dynamic Host Configuration Protocol (DHCP) is a protocol that allows

    individual devices on an IP network to get their own network configuration

    information, including an IP address, a subnet mask, and a broadcast

    address. DHCPv6 is the DHCP protocol version for IPv6 networks.

    A NULL pointer dereference flaw was discovered in the way the dhcpd daemon

    parsed DHCPv6 packets. A remote attacker could use this flaw to crash dhcpd

    via a specially-crafted DHCPv6 packet, if dhcpd was running as a DHCPv6

    server. (CVE-2010-3611)

    Users running dhcpd as a DHCPv6 server should upgrade to these updated

    packages, which contain a backported patch to correct this issue. After

    installing this update, all DHCP servers will be restarted automatically.





    Read more at http://www.criticalwatch.com

     

    Advertisements
     
  • vulnerability management 3:09 pm on December 3, 2010 Permalink | Reply
    Tags: , network, , , , , ,   

    Wireshark: Moderate Security Update 

    Users of Wireshark please be advised of a Moderate security update that has been identified.
    To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)

    RHSA-2010:0924-01: [RHSA-2010:0924-01] Moderate: wireshark security update
    Product: Red Hat Enterprise Linux
    Description:

    Wireshark is a program for monitoring network traffic. Wireshark was

    previously known as Ethereal.

    A heap-based buffer overflow flaw was found in the Wireshark Local Download

    Sharing Service (LDSS) dissector. If Wireshark read a malformed packet off

    a network or opened a malicious dump file, it could crash or, possibly,

    execute arbitrary code as the user running Wireshark. (CVE-2010-4300)

    A denial of service flaw was found in Wireshark. Wireshark could crash or

    stop responding if it read a malformed packet off a network, or opened a

    malicious dump file. (CVE-2010-3445)

    Users of Wireshark should upgrade to these updated packages, which contain

    Wireshark version 1.2.13, and resolve these issues. All running instances

    of Wireshark must be restarted for the update to take effect.

    Read more at http://www.criticalwatch.com

     

     
  • vulnerability management 3:02 pm on December 3, 2010 Permalink | Reply
    Tags: , network, , ,   

    Wireshark: Moderate security update 

    RHSA-2010:0924-01: [RHSA-2010:0924-01] Moderate: wireshark security update
    Product: Red Hat Enterprise Linux
    Description:

    Wireshark is a program for monitoring network traffic. Wireshark was

    previously known as Ethereal.

    A heap-based buffer overflow flaw was found in the Wireshark Local Download

    Sharing Service (LDSS) dissector. If Wireshark read a malformed packet off

    a network or opened a malicious dump file, it could crash or, possibly,

    execute arbitrary code as the user running Wireshark. (CVE-2010-4300)

    A denial of service flaw was found in Wireshark. Wireshark could crash or

    stop responding if it read a malformed packet off a network, or opened a

    malicious dump file. (CVE-2010-3445)

    Users of Wireshark should upgrade to these updated packages, which contain

    Wireshark version 1.2.13, and resolve these issues. All running instances

    of Wireshark must be restarted for the update to take effect.

    Read more at http://www.criticalwatch.com

     

     
  • vulnerability management 8:30 pm on October 2, 2010 Permalink | Reply
    Tags: , network, , , , ,   

    Avahi: denial-of-service vulnerabilities 

    Users of Avahi please be advised of a denial-of-service vulnerabilities that has been identified.
    To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)

    USN-992-1: [USN-992-1] Avahi denial-of-service vulnerabilities
    Details follow:

    It was discovered that Avahi incorrectly handled certain mDNS query packets

    when the reflector feature is enabled, which is not the default

    configuration on Ubuntu. A remote attacker could send crafted mDNS queries

    and perform a denial of service on the server and on the network. This

    issue only affected Ubuntu 8.04 LTS and 9.04. (CVE-2009-0758)

    It was discovered that Avahi incorrectly handled mDNS packets with

    corrupted checksums. A remote attacker could send crafted mDNS packets and

    cause Avahi to crash, resulting in a denial of service. (CVE-2010-2244)
    Read more at http://www.criticalwatch.com

     

     
c
Compose new post
j
Next post/Next comment
k
Previous post/Previous comment
r
Reply
e
Edit
o
Show/Hide comments
t
Go to top
l
Go to login
h
Show/Hide help
shift + esc
Cancel