|
Vulnerability Assessment & Network Security Forums |
|||||||||
If through a vulnerability assessment, a network security issue is detected for the vulnerability below, applying the appropriate security patches in a timely matter is very important. If you have detected that your system has already been compromised, following CERT's Network Security recovery document will assist with recommended steps for system recovery. Home >> Browse Vulnerability Assessment Database >> SuSE Local Security Checks >> SUSE-SA:2003:0010: libmcrypt Vulnerability Assessment Details
|
SUSE-SA:2003:0010: libmcrypt |
||
Check for the version of the libmcrypt package Detailed Explanation for this Vulnerability Assessment The remote host is missing the patch for the advisory SUSE-SA:2003:0010 (libmcrypt). Libmcrypt is a data encryption library that is able to load crypto- modules at run-time by using libltdl. Versions of libmcrypt prior to 2.5.5 include several buffer overflows that can be triggered by passing very long input to the mcrypt_* functions. The way libmcrypt handles dynamic crypto-modules via libltdl leads to memory-leaks that can cause a Denial-of-Service condition. This Problem can just be solved by linking modules static. This security update does not solve the memory-leak problem to avoid compatibility problems. Future releases of libmcrypt will be linked statically. To add the new library to the shared library cache you have to run ldconfig(8) as root. Additionally every program that is linked with libmcrypt needs to be restarted. ldd(1) can be used to find out which libraries are used by a program. Another way to acertain which process uses a shared library that had been deleted is: lsof -n 2>/dev/null | grep RPMDELETE | cut -d ' ' -f 1 | sort | uniq There is no temporary fix known. Please install the new packages from our FTP servers. Please download the update package for your distribution and verify its integrity by the methods listed in section 3) of this announcement. Then, install the package using the command 'rpm -Fhv file.rpm' to apply the update. Solution : http://www.suse.de/security/2003_010_libmcrypt.html Network Security Threat Level: Medium Networks Security ID: 6510, 6512 Vulnerability Assessment Copyright: This script is Copyright (C) 2004 Tenable Network Security |
||
Cables, Connectors |
SanDisk 128GB Ultra Flair USB 3.0 Flash Drive - SDCZ73-128G-G46
$12.99
512GB USB Flash Drive External Storage Memory Stick For iPhone iPad Android
$17.59
SanDisk 128GB Ultra Dual Drive USB Type-C, USB 3.1 Flash Drive - SDDDC2-032G-G46
$10.99
USB Flash Drive Memory Thumb Photo Sticks For iPhone iPad 128/256/512GB 1TB 2TB
$15.33
Sandisk 16GB 32GB 64GB 128GB Cruzer Blade Flash Drive Memory Stick USB Lot Pack
$4.99
Mechanical Style Flash Drive USB 3.0 High Speed 16TB Large Capacity Waterproof
$8.36
1TB/2TB USB 3.0 Flash Drive Thumb U Disk Memory Stick Pen PC Laptop Storage lot
$234.39
64GB USB 3.0 Flash Drive USB Memory Stick High Speed Retractable USB Thumb Drive
$5.99
USB 3.0 Flash Drive 32GB 64GB 128GB Memory Stick Thumb Stick Lot Pack
$379.99
USB Flash Drive Memory Stick Pendrive Thumb Drive 4GB, 8GB, 32GB, 64GB 128GB LOT
$259.34
|
||
No Discussions have been posted on this vulnerability. |