 |
Startseite ▼ Bookkeeping
Online ▼ Sicherheits
Überprüfungs ▼
Verwaltetes
DNS ▼
Info
Bestellen/Erneuern
FAQ
AUP
Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password Netzwerk
Überwachung ▼
Enterprise
Erweiterte
Standard
Gratis Test
FAQ
Preis/Funktionszusammenfassung
Bestellen
Beispiele
Konfigurieren/Status Alarm Profile | ||
| Test Kennung: | 1.3.6.1.4.1.25623.1.0.831311 |
| Kategorie: | Mandrake Local Security Checks |
| Titel: | Mandriva Update for xfig MDVSA-2011:010 (xfig) |
| Zusammenfassung: | The remote host is missing an update for the 'xfig'; package(s) announced via the referenced advisory. |
| Beschreibung: | Summary: The remote host is missing an update for the 'xfig' package(s) announced via the referenced advisory. Vulnerability Insight: Multiple vulnerabilities has been found and corrected in xfig: Stack-based buffer overflow in the read_1_3_textobject function in f_readold.c in Xfig 3.2.5b and earlier, and in the read_textobject function in read1_3.c in fig2dev in Transfig 3.2.5a and earlier, allows remote attackers to execute arbitrary code via a long string in a malformed .fig file that uses the 1.3 file format. NOTE: some of these details are obtained from third party information (CVE-2009-4227). Stack consumption vulnerability in u_bound.c in Xfig 3.2.5b and earlier allows remote attackers to cause a denial of service (application crash) via a long string in a malformed .fig file that uses the 1.3 file format, possibly related to the readfp_fig function in f_read.c (CVE-2009-4228). Stack-based buffer overflow in Xfig 3.2.4 and 3.2.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a FIG image with a crafted color definition (CVE-2010-4262). Packages for 2009.0 are provided as of the Extended Maintenance Program. The updated packages have been patched to correct these issues. Affected Software/OS: xfig on Mandriva Linux 2009.0, Mandriva Linux 2009.0/X86_64, Mandriva Linux 2010.0, Mandriva Linux 2010.0/X86_64, Mandriva Linux 2010.1, Mandriva Linux 2010.1/X86_64 Solution: Please Install the Updated Packages. CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P |
| Querverweis: |
Common Vulnerability Exposure (CVE) ID: CVE-2009-4227 BugTraq ID: 37193 http://www.securityfocus.com/bid/37193 http://www.mandriva.com/security/advisories?name=MDVSA-2011:010 http://www.openwall.com/lists/oss-security/2009/12/03/2 http://secunia.com/advisories/37571 http://secunia.com/advisories/37577 http://www.vupen.com/english/advisories/2011/0108 XForce ISS Database: xfig-read13textobject-bo(54525) https://exchange.xforce.ibmcloud.com/vulnerabilities/54525 Common Vulnerability Exposure (CVE) ID: CVE-2009-4228 Common Vulnerability Exposure (CVE) ID: CVE-2010-4262 42579 http://secunia.com/advisories/42579 45177 http://www.securityfocus.com/bid/45177 ADV-2010-3232 http://www.vupen.com/english/advisories/2010/3232 ADV-2011-0108 FEDORA-2010-18589 http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052247.html MDVSA-2011:010 [oss-security] 20101203 CVE Request -- Xfig: Stack-based buffer overflow by processing FIG image with crafted color definition http://www.openwall.com/lists/oss-security/2010/12/03/2 [oss-security] 20101206 Re: CVE Request -- Xfig: Stack-based buffer overflow by processing FIG image with crafted color definition http://www.openwall.com/lists/oss-security/2010/12/06/8 https://bugzilla.redhat.com/show_bug.cgi?id=657981 https://bugzilla.redhat.com/show_bug.cgi?id=659676 |
| Copyright | Copyright (C) 2011 Greenbone AG |
| Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten. |