[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244411

 
 

909

 
 

193363

 
 

277

Paid content will be excluded from the download.


Download | Alert*
OVAL

MDVSA-2012:129-1 -- Mandriva busybox

ID: oval:org.secpod.oval:def:302945Date: (C)2012-11-02   (M)2023-11-09
Class: PATCHFamily: unix




Multiple vulnerabilities was found and corrected in busybox: The decompress function in ncompress allows remote attackers to cause a denial of service , and possibly execute arbitrary code, via crafted data that leads to a buffer underflow . A missing DHCP option checking / sanitization flaw was reported for multiple DHCP clients. This flaw may allow DHCP server to trick DHCP clients to set e.g. system hostname to a specially crafted value containing shell special characters. Various scripts assume that hostname is trusted, which may lead to code execution when hostname is specially crafted . Additionally for Mandriva Enterprise Server 5 various problems in the ka-deploy and uClibc packages was discovered and fixed with this advisory. The updated packages have been patched to correct these issues. Update: The wrong set of packages was sent out with the MDVSA-2012:129 advisory that lacked the fix for CVE-2006-1168. This advisory provides the correct packages.

Platform:
Mandriva Linux 2011.0
Product:
busybox
Reference:
MDVSA-2012:129-1
CVE-2006-1168
CVE-2011-2716
CVE    2
CVE-2011-2716
CVE-2006-1168
CPE    1
cpe:/o:mandriva:linux:2011.0

© SecPod Technologies