FreeBSD Local Security Checks : mozilla -- heap overflow in NNTP handler

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 145615 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.52235

Kategorie: FreeBSD Local Security Checks

Titel: mozilla -- heap overflow in NNTP handler

Zusammenfassung: The remote host is missing an update to the system; as announced in the referenced advisory.

Beschreibung: Summary:
The remote host is missing an update to the system
as announced in the referenced advisory.

Vulnerability Insight:
The following packages are affected:

de-netscape7, fr-netscape7, ja-netscape7, netscape7, pt_BR-netscape7, mozilla-gtk1
linux-mozilla, linux-mozilla-devel, mozilla, de-linux-netscape, fr-linux-netscape,
ja-linux-netscape, linux-netscape, mozilla+ipv6, mozilla-embedded, mozilla-gtk2, mozilla-gtk

CVE-2004-1316
Heap-based buffer overflow in MSG_UnEscapeSearchUrl in
nsNNTPProtocol.cpp for Mozilla 1.7.3 and earlier allows remote
attackers to cause a denial of service (application crash) via an NNTP
URL (news:) with a trailing '\' (backslash) character, which prevents
a string from being NULL terminated.

Solution:
Update your system with the appropriate patches or
software upgrades.

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2004-1316
BugTraq ID: 12131
http://www.securityfocus.com/bid/12131
Bugtraq: 20041229 Heap overflow in Mozilla Browser <= 1.7.3 NNTP code. (Google Search)
http://marc.info/?l=bugtraq&m=110436284718949&w=2
HPdes Security Advisory: HPSBTU01114
http://marc.info/?l=bugtraq&m=110780717916478&w=2
HPdes Security Advisory: HPSBUX01133
HPdes Security Advisory: SSRT5940
http://isec.pl/vulnerabilities/isec-0020-mozilla.txt
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100052
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9808
http://www.redhat.com/support/errata/RHSA-2005-038.html
http://secunia.com/advisories/19823
SuSE Security Announcement: SUSE-SA:2006:022 (Google Search)
http://www.novell.com/linux/security/advisories/2006_04_25.html
XForce ISS Database: mozilla-nntp-bo(18711)
https://exchange.xforce.ibmcloud.com/vulnerabilities/18711

Copyright Copyright (C) 2008 E-Soft Inc.

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.52235
Kategorie:	FreeBSD Local Security Checks
Titel:	mozilla -- heap overflow in NNTP handler
Zusammenfassung:	The remote host is missing an update to the system; as announced in the referenced advisory.
Beschreibung:	Summary: The remote host is missing an update to the system as announced in the referenced advisory. Vulnerability Insight: The following packages are affected: de-netscape7, fr-netscape7, ja-netscape7, netscape7, pt_BR-netscape7, mozilla-gtk1 linux-mozilla, linux-mozilla-devel, mozilla, de-linux-netscape, fr-linux-netscape, ja-linux-netscape, linux-netscape, mozilla+ipv6, mozilla-embedded, mozilla-gtk2, mozilla-gtk CVE-2004-1316 Heap-based buffer overflow in MSG_UnEscapeSearchUrl in nsNNTPProtocol.cpp for Mozilla 1.7.3 and earlier allows remote attackers to cause a denial of service (application crash) via an NNTP URL (news:) with a trailing '\' (backslash) character, which prevents a string from being NULL terminated. Solution: Update your system with the appropriate patches or software upgrades. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2004-1316 BugTraq ID: 12131 http://www.securityfocus.com/bid/12131 Bugtraq: 20041229 Heap overflow in Mozilla Browser <= 1.7.3 NNTP code. (Google Search) http://marc.info/?l=bugtraq&m=110436284718949&w=2 HPdes Security Advisory: HPSBTU01114 http://marc.info/?l=bugtraq&m=110780717916478&w=2 HPdes Security Advisory: HPSBUX01133 HPdes Security Advisory: SSRT5940 http://isec.pl/vulnerabilities/isec-0020-mozilla.txt https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100052 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9808 http://www.redhat.com/support/errata/RHSA-2005-038.html http://secunia.com/advisories/19823 SuSE Security Announcement: SUSE-SA:2006:022 (Google Search) http://www.novell.com/linux/security/advisories/2006_04_25.html XForce ISS Database: mozilla-nntp-bo(18711) https://exchange.xforce.ibmcloud.com/vulnerabilities/18711
Copyright	Copyright (C) 2008 E-Soft Inc.