|
Vulnerability Assessment & Network Security Forums |
|||||||||
If through a vulnerability assessment, a network security issue is detected for the vulnerability below, applying the appropriate security patches in a timely matter is very important. If you have detected that your system has already been compromised, following CERT's Network Security recovery document will assist with recommended steps for system recovery. Home >> Browse Vulnerability Assessment Database >> Debian Local Security Checks >> [DSA228] DSA-228-1 libmcrypt Vulnerability Assessment Details
|
[DSA228] DSA-228-1 libmcrypt |
||
DSA-228-1 libmcrypt Detailed Explanation for this Vulnerability Assessment Ilia Alshanetsky discovered several buffer overflows in libmcrypt, a decryption and encryption library, that originates from improper or lacking input validation. By passing input which is longer than expected to a number of functions (multiple functions are affected) the user can successfully make libmcrypt crash and may be able to insert arbitrary, malicious code which will be executed under the user libmcrypt runs as, e.g. inside a web server. Another vulnerability exists in the way libmcrypt loads algorithms via libtool. When different algorithms are loaded dynamically, each time an algorithm is loaded a small part of memory is leaked. In a persistent environment (web server) this could lead to a memory exhaustion attack that will exhaust all available memory by launching repeated requests at an application utilizing the mcrypt library. For the current stable distribution (woody) these problems have been fixed in version 2.5.0-1woody1. The old stable distribution (potato) does not contain libmcrypt packages. For the unstable distribution (sid) these problems have been fixed in version 2.5.5-1. We recommend that you upgrade your libmcrypt packages. Solution : http://www.debian.org/security/2003/dsa-228 Network Security Threat Level: High Networks Security ID: 6510, 6512 Vulnerability Assessment Copyright: This script is (C) 2005 Michel Arboi |
||
Cables, Connectors |
Cisco ASA 5520 Adaptive Security Appliance
$42.56
Check Point L-71 6 Port Gigabit Enterprise Firewall
$34.99
Fortinet FortiGate-40C Network Security Firewall
$37.50
Fortinet Fortigate FG-61E | Firewall Network Security Appliance
$49.99
Fortinet FortiGate FG-40F Network Security Firewall
$100.00
OPNsense six-port Gigabit router/firewall on Lanner FW-7535 hardware
$69.00
Fortinet Fortigate 70D Firewall Adapter Network Security Appliance
$52.00
Fortinet Fortiwifi 60D FWF-60D Security Appliance Firewall Wifi VPN
$29.99
Fortinet Fortiwifi 60D FG-60D Security Appliance Firewall / VPN w/ AC Adapter
$999.97
FORTINET FG-500D FortiGate 500D, 10xGE RJ45 ports, 8xGE SFP slots Firewall
$126.00
|
||
No Discussions have been posted on this vulnerability. |