MDVSA-2010:138

41911

ADV-2010-1890

The remote host is affected by the vulnerability described in GLSA-201412-08 (Multiple packages, Multiple vulnerabilities fixed in 2010)

    Vulnerabilities have been discovered in the packages listed below.
      Please review the CVE identifiers in the Reference section for details.
      Insight       Perl Tk Module       Source-Navigator       Tk       Partimage       Mlmmj       acl       Xinit       gzip       ncompress       liblzw       splashutils       GNU M4       KDE Display Manager       GTK+       KGet       dvipng       Beanstalk       Policy Mount       pam_krb5       GNU gv       LFTP       Uzbl       Slim       Bitdefender Console       iputils       DVBStreamer   Impact :

    A context-dependent attacker may be able to gain escalated privileges,       execute arbitrary code, cause Denial of Service, obtain sensitive       information, or otherwise bypass security restrictions.
  Workaround :

    There are no known workarounds at this time.

Ovidiu Mara reported in 2010 a vulnerability in the ping util, commonly used by system and network administrators. By carefully crafting ICMP responses, an attacker could make the ping command hangs.

CVE-2010-2529 iputils: denial of service vulnerability in ping

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Ovidiu Mara reported a vulnerability in ping.c (iputils) that could cause ping to hang when responding to a malicious echo reply (CVE-2010-2529). The updated packages have been patched to correct these issues.

Packages for 2008.0 and 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&amp;products_id=4 90

ID	Name	Product	Family	Severity
79961	GLSA-201412-08 : Multiple packages, Multiple vulnerabilities fixed in 2010	Nessus	Gentoo Local Security Checks	critical
65558	Debian DSA-2645-1 : inetutils - denial of service	Nessus	Debian Local Security Checks	medium
48359	Fedora 12 : iputils-20071127-12.fc12 (2010-12252)	Nessus	Fedora Local Security Checks	medium
48308	Fedora 13 : iputils-20071127-12.fc13 (2010-12273)	Nessus	Fedora Local Security Checks	medium
48196	Mandriva Linux Security Advisory : iputils (MDVSA-2010:138)	Nessus	Mandriva Local Security Checks	medium

CVE-2010-2529

medium

New! CVE Severity Now Using CVSS v3

Description

References

Details

Risk Information

CVSS v2

Vulnerable Software

Configuration 1

Tenable Plugins

critical

medium

medium

medium

medium