Conectiva Local Security Checks : Conectiva Security Advisory CLA-2002:548

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 145615 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.51555

Kategorie: Conectiva Local Security Checks

Titel: Conectiva Security Advisory CLA-2002:548

Zusammenfassung: NOSUMMARY

Beschreibung: Description:

The remote host is missing updates announced in
advisory CLA-2002:548.

Window Maker[1] is a very popular window manager.

Al Viro reported a vulnerability[2] in a function that is used when
Window Maker loads images. This function is used, for example, when a
new background image is configured, and when previewing themes.

This function calculates the ammount of memory necessary to load the
image by doing a multiplication. It does not, however, check the
result of this multiplication, which could suffer an integer overflow
and not fit into the destination variable. Given a sufficiently large
height and/or width parameter, a less than needed ammount of memory
would be allocated, which would result in a buffer overflow later on
when the image is actually loaded.

A possible scenario for this vulnerability could be that of an
attacker making a specially crafted image available and convincing an
unsuspecting user to set it as a background image.

Solution:
The apt tool can be used to perform RPM package upgrades
by running 'apt-get update' followed by 'apt-get upgrade'

http://www.securityspace.com/smysecure/catid.html?in=CLA-2002:548
http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=002002

Risk factor : High

CVSS Score:
7.5

Querverweis: BugTraq ID: 6119
Common Vulnerability Exposure (CVE) ID: CVE-2002-1277
http://www.securityfocus.com/bid/6119
Conectiva Linux advisory: CLA-2002:548
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000548
Debian Security Information: DSA-190 (Google Search)
http://www.debian.org/security/2002/dsa-190
http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-085.php
http://www.redhat.com/support/errata/RHSA-2003-009.html
http://www.redhat.com/support/errata/RHSA-2003-043.html
http://www.iss.net/security_center/static/10560.php

Copyright Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.51555
Kategorie:	Conectiva Local Security Checks
Titel:	Conectiva Security Advisory CLA-2002:548
Zusammenfassung:	NOSUMMARY
Beschreibung:	Description: The remote host is missing updates announced in advisory CLA-2002:548. Window Maker[1] is a very popular window manager. Al Viro reported a vulnerability[2] in a function that is used when Window Maker loads images. This function is used, for example, when a new background image is configured, and when previewing themes. This function calculates the ammount of memory necessary to load the image by doing a multiplication. It does not, however, check the result of this multiplication, which could suffer an integer overflow and not fit into the destination variable. Given a sufficiently large height and/or width parameter, a less than needed ammount of memory would be allocated, which would result in a buffer overflow later on when the image is actually loaded. A possible scenario for this vulnerability could be that of an attacker making a specially crafted image available and convincing an unsuspecting user to set it as a background image. Solution: The apt tool can be used to perform RPM package upgrades by running 'apt-get update' followed by 'apt-get upgrade' http://www.securityspace.com/smysecure/catid.html?in=CLA-2002:548 http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=002002 Risk factor : High CVSS Score: 7.5
Querverweis:	BugTraq ID: 6119 Common Vulnerability Exposure (CVE) ID: CVE-2002-1277 http://www.securityfocus.com/bid/6119 Conectiva Linux advisory: CLA-2002:548 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000548 Debian Security Information: DSA-190 (Google Search) http://www.debian.org/security/2002/dsa-190 http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-085.php http://www.redhat.com/support/errata/RHSA-2003-009.html http://www.redhat.com/support/errata/RHSA-2003-043.html http://www.iss.net/security_center/static/10560.php
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com