 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.0.64993 |
| Category: | Red Hat Local Security Checks |
| Title: | RedHat Security Advisory RHSA-2009:1471 |
| Summary: | The remote host is missing updates announced in;advisory RHSA-2009:1471.;;ELinks is a text-based Web browser. ELinks does not display any images, but;it does support frames, tables, and most other HTML tags.;;An off-by-one buffer overflow flaw was discovered in the way ELinks handled;its internal cache of string representations for HTML special entities. A;remote attacker could use this flaw to create a specially-crafted HTML file;that would cause ELinks to crash or, possibly, execute arbitrary code when;rendered. (CVE-2008-7224);;It was discovered that ELinks tried to load translation files using;relative paths. A local attacker able to trick a victim into running ELinks;in a folder containing specially-crafted translation files could use this;flaw to confuse the victim via incorrect translations, or cause ELinks to;crash and possibly execute arbitrary code via embedded formatting sequences;in translated messages. (CVE-2007-2027);;All ELinks users are advised to upgrade to this updated package, which;contains backported patches to resolve these issues. |
| Description: | Summary: The remote host is missing updates announced in advisory RHSA-2009:1471. ELinks is a text-based Web browser. ELinks does not display any images, but it does support frames, tables, and most other HTML tags. An off-by-one buffer overflow flaw was discovered in the way ELinks handled its internal cache of string representations for HTML special entities. A remote attacker could use this flaw to create a specially-crafted HTML file that would cause ELinks to crash or, possibly, execute arbitrary code when rendered. (CVE-2008-7224) It was discovered that ELinks tried to load translation files using relative paths. A local attacker able to trick a victim into running ELinks in a folder containing specially-crafted translation files could use this flaw to confuse the victim via incorrect translations, or cause ELinks to crash and possibly execute arbitrary code via embedded formatting sequences in translated messages. (CVE-2007-2027) All ELinks users are advised to upgrade to this updated package, which contains backported patches to resolve these issues. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date CVSS Score: 7.8 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2007-2027 BugTraq ID: 23844 http://www.securityfocus.com/bid/23844 http://security.gentoo.org/glsa/glsa-200706-03.xml http://osvdb.org/35668 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9741 http://secunia.com/advisories/25169 http://secunia.com/advisories/25198 http://secunia.com/advisories/25255 http://secunia.com/advisories/25550 http://www.trustix.org/errata/2007/0017/ http://www.ubuntu.com/usn/usn-457-1 http://www.vupen.com/english/advisories/2007/1686 Common Vulnerability Exposure (CVE) ID: CVE-2008-7224 http://linuxfromscratch.org/pipermail/elinks-users/2008-February/001604.html http://osvdb.org/41949 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10126 |
| Copyright | Copyright (C) 2009 E-Soft Inc. |
| This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |