English | Deutsch | Español
 
Inicial ▼
Página inicial Acerca Nuestro Contáctenos Privacidad Programas de Asociados Testimonios En la Prensa Listas de Correos Abuso Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
 
Auditorias ▼
Inicial Dedicada Avanzada Estándar Periódica Sin Riesgo Escritorio Básica Sello FAQ Resumen de Precio/Funciones Ordenar Nuevas Pruebas Todas las Pruebas Confidencialidad Búsqueda de Vulnerabilidad Ejecutar Auditoría Programador IP Permissions Auditorías Personalizadas Cola Recordatorio Sellos Informes Estilos de Informes
DNS
Administrado ▼
Acerca de DNS Ordenar/Renovar Preguntas Frecuentes AUP Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password
Monitoreo
de Redes ▼
Enterprise Avanzado Estándarr Prueba Preguntas Frecuentes Resumen de Precio/Funciones Ordenar Muestras
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Iniciar sesión/Registrarse 
 
 Búsqueda de    
Vulnerabilidad   		     Buscar 324607 Descripciones CVE y
145615 Descripciones de Pruebas,
accesos 10,000+ referencias cruzadas.
Pruebas   CVE   Todos  

ID de Prueba:1.3.6.1.4.1.25623.1.0.120594
Categoría:Amazon Linux Local Security Checks
Título:Amazon Linux: Security Advisory (ALAS-2015-604)
Resumen:The remote host is missing an update for the 'libwmf' package(s) announced via the ALAS-2015-604 advisory.
Descripción:Summary:
The remote host is missing an update for the 'libwmf' package(s) announced via the ALAS-2015-604 advisory.

Vulnerability Insight:
It was discovered that libwmf did not correctly process certain WMF (Windows Metafiles) with embedded BMP images. By tricking a victim into opening a specially crafted WMF file in an application using libwmf, a remote attacker could possibly use this flaw to execute arbitrary code with the privileges of the user running the application. (CVE-2015-0848, CVE-2015-4588)

It was discovered that libwmf did not properly process certain WMF files. By tricking a victim into opening a specially crafted WMF file in an application using libwmf, a remote attacker could possibly exploit this flaw to cause a crash or execute arbitrary code with the privileges of the user running the application. (CVE-2015-4696)

It was discovered that libwmf did not properly process certain WMF files. By tricking a victim into opening a specially crafted WMF file in an application using libwmf, a remote attacker could possibly exploit this flaw to cause a crash. (CVE-2015-4695)

The gdPngReadData function in libgd 2.0.34 allows user-assisted attackers to cause a denial of service (CPU consumption) via a crafted PNG image with truncated data, which causes an infinite loop in the png_read_info function in libpng. (CVE-2007-2756)

Buffer overflow in the gdImageStringFTEx function in gdft.c in GD Graphics Library 2.0.33 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted string with a JIS encoded font. (CVE-2007-0455)

The _gdGetColors function in gd_gd.c in PHP 5.2.11 and 5.3.x before 5.3.1, and the GD Graphics Library 2.x, does not properly verify a certain colorsTotal structure member, which might allow remote attackers to conduct buffer overflow or buffer over-read attacks via a crafted GD file, a different vulnerability than CVE-2009-3293. NOTE: some of these details are obtained from third party information. (CVE-2009-3546)

Integer overflow in gdImageCreateTrueColor function in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to have unspecified attack vectors and impact. (CVE-2007-3472)

The gdImageCreateXbm function in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash) via unspecified vectors involving a gdImageCreate failure. (CVE-2007-3473)

Affected Software/OS:
'libwmf' package(s) on Amazon Linux.

Solution:
Please install the updated package(s).

CVSS Score:
9.3

CVSS Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2007-0455
2007-0007
http://www.trustix.org/errata/2007/0007
20070418 rPSA-2007-0073-1 php php-mysql php-pgsql
http://www.securityfocus.com/archive/1/466166/100/0/threaded
22289
http://www.securityfocus.com/bid/22289
23916
http://secunia.com/advisories/23916
24022
http://secunia.com/advisories/24022
24052
http://secunia.com/advisories/24052
24053
http://secunia.com/advisories/24053
24107
http://secunia.com/advisories/24107
24143
http://secunia.com/advisories/24143
24151
http://secunia.com/advisories/24151
24924
http://secunia.com/advisories/24924
24945
http://secunia.com/advisories/24945
24965
http://secunia.com/advisories/24965
25575
http://secunia.com/advisories/25575
29157
http://secunia.com/advisories/29157
42813
http://secunia.com/advisories/42813
ADV-2007-0400
http://www.vupen.com/english/advisories/2007/0400
ADV-2011-0022
http://www.vupen.com/english/advisories/2011/0022
FEDORA-2007-150
http://fedoranews.org/cms/node/2631
FEDORA-2010-19022
http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052854.html
FEDORA-2010-19033
http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052848.html
MDKSA-2007:035
http://www.mandriva.com/security/advisories?name=MDKSA-2007:035
MDKSA-2007:036
http://www.mandriva.com/security/advisories?name=MDKSA-2007:036
MDKSA-2007:038
http://www.mandriva.com/security/advisories?name=MDKSA-2007:038
MDKSA-2007:109
http://www.mandriva.com/security/advisories?name=MDKSA-2007:109
RHSA-2007:0153
http://www.redhat.com/support/errata/RHSA-2007-0153.html
RHSA-2007:0155
http://rhn.redhat.com/errata/RHSA-2007-0155.html
RHSA-2007:0162
http://www.redhat.com/support/errata/RHSA-2007-0162.html
RHSA-2008:0146
http://www.redhat.com/support/errata/RHSA-2008-0146.html
USN-473-1
http://www.ubuntu.com/usn/usn-473-1
[security-announce] 20070208 rPSA-2007-0028-1 gd
http://lists.rpath.com/pipermail/security-announce/2007-February/000145.html
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=224607
https://issues.rpath.com/browse/RPL-1030
https://issues.rpath.com/browse/RPL-1268
oval:org.mitre.oval:def:11303
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11303
Common Vulnerability Exposure (CVE) ID: CVE-2007-2756
BugTraq ID: 24089
http://www.securityfocus.com/bid/24089
https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00397.html
https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00354.html
http://security.gentoo.org/glsa/glsa-200708-05.xml
http://www.gentoo.org/security/en/glsa/glsa-200710-02.xml
http://security.gentoo.org/glsa/glsa-200711-34.xml
http://security.gentoo.org/glsa/glsa-200805-13.xml
HPdes Security Advisory: HPSBUX02262
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795
HPdes Security Advisory: SSRT071447
http://www.mandriva.com/security/advisories?name=MDKSA-2007:122
http://www.mandriva.com/security/advisories?name=MDKSA-2007:123
http://www.mandriva.com/security/advisories?name=MDKSA-2007:124
http://www.mandriva.com/security/advisories?name=MDKSA-2007:187
http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.020.html
http://osvdb.org/35788
http://osvdb.org/36643
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10779
RedHat Security Advisories: RHSA-2007:0889
http://rhn.redhat.com/errata/RHSA-2007-0889.html
http://www.redhat.com/support/errata/RHSA-2007-0890.html
http://www.redhat.com/support/errata/RHSA-2007-0891.html
http://www.securitytracker.com/id?1018187
http://secunia.com/advisories/25353
http://secunia.com/advisories/25362
http://secunia.com/advisories/25378
http://secunia.com/advisories/25535
http://secunia.com/advisories/25590
http://secunia.com/advisories/25646
http://secunia.com/advisories/25657
http://secunia.com/advisories/25658
http://secunia.com/advisories/25787
http://secunia.com/advisories/25855
http://secunia.com/advisories/26048
http://secunia.com/advisories/26231
http://secunia.com/advisories/26390
http://secunia.com/advisories/26871
http://secunia.com/advisories/26895
http://secunia.com/advisories/26930
http://secunia.com/advisories/26967
http://secunia.com/advisories/27037
http://secunia.com/advisories/27102
http://secunia.com/advisories/27110
http://secunia.com/advisories/27545
http://secunia.com/advisories/30168
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.482863
SuSE Security Announcement: SUSE-SA:2007:044 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2007-07/msg00006.html
SuSE Security Announcement: SUSE-SR:2007:013 (Google Search)
http://www.novell.com/linux/security/advisories/2007_13_sr.html
http://www.trustix.org/errata/2007/0019/
http://www.trustix.org/errata/2007/0023/
http://www.vupen.com/english/advisories/2007/1904
http://www.vupen.com/english/advisories/2007/1905
http://www.vupen.com/english/advisories/2007/2016
http://www.vupen.com/english/advisories/2007/2336
http://www.vupen.com/english/advisories/2007/3386
XForce ISS Database: gd-gdpngreaddata-dos(34420)
https://exchange.xforce.ibmcloud.com/vulnerabilities/34420
Common Vulnerability Exposure (CVE) ID: CVE-2007-3472
BugTraq ID: 24651
http://www.securityfocus.com/bid/24651
Bugtraq: 20070907 FLEA-2007-0052-1 gd (Google Search)
http://www.securityfocus.com/archive/1/478796/100/0/threaded
http://fedoranews.org/updates/FEDORA-2007-205.shtml
http://www.redhat.com/archives/fedora-package-announce/2007-September/msg00311.html
http://www.mandriva.com/security/advisories?name=MDKSA-2007:153
http://www.mandriva.com/security/advisories?name=MDKSA-2007:164
http://bugs.libgd.org/?do=details&task_id=89
http://www.secweb.se/en/advisories/gd-gdimagecreatetruecolor-integer-overflow/
http://osvdb.org/37745
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11067
http://secunia.com/advisories/25860
http://secunia.com/advisories/26272
http://secunia.com/advisories/26415
http://secunia.com/advisories/26467
http://secunia.com/advisories/26663
http://secunia.com/advisories/26766
http://secunia.com/advisories/26856
SuSE Security Announcement: SUSE-SR:2007:015 (Google Search)
http://www.novell.com/linux/security/advisories/2007_15_sr.html
http://www.trustix.org/errata/2007/0024/
XForce ISS Database: gd-imagecreatetruecolor-code-execution(35108)
https://exchange.xforce.ibmcloud.com/vulnerabilities/35108
Common Vulnerability Exposure (CVE) ID: CVE-2007-3473
http://bugs.libgd.org/?do=details&task_id=94
http://osvdb.org/37744
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11806
XForce ISS Database: gd-imagecreatexbm-dos(35109)
https://exchange.xforce.ibmcloud.com/vulnerabilities/35109
Common Vulnerability Exposure (CVE) ID: CVE-2009-3546
36712
http://www.securityfocus.com/bid/36712
37069
http://secunia.com/advisories/37069
37080
http://secunia.com/advisories/37080
38055
http://secunia.com/advisories/38055
ADV-2009-2929
http://www.vupen.com/english/advisories/2009/2929
ADV-2009-2930
http://www.vupen.com/english/advisories/2009/2930
MDVSA-2009:285
http://www.mandriva.com/security/advisories?name=MDVSA-2009:285
RHSA-2010:0003
http://www.redhat.com/support/errata/RHSA-2010-0003.html
[oss-security] 20091015 Re: CVE Request -- PHP 5 - 5.2.11
http://marc.info/?l=oss-security&m=125562113503923&w=2
[oss-security] 20091120 Re: CVE request: php 5.3.1 update
http://www.openwall.com/lists/oss-security/2009/11/20/5
http://svn.php.net/viewvc?view=revision&revision=289557
oval:org.mitre.oval:def:11199
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11199
Common Vulnerability Exposure (CVE) ID: CVE-2015-0848
BugTraq ID: 74923
http://www.securityfocus.com/bid/74923
Debian Security Information: DSA-3302 (Google Search)
http://www.debian.org/security/2015/dsa-3302
http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165547.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168507.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160668.html
https://security.gentoo.org/glsa/201602-03
http://www.openwall.com/lists/oss-security/2015/06/01/2
RedHat Security Advisories: RHSA-2015:1917
http://rhn.redhat.com/errata/RHSA-2015-1917.html
http://www.securitytracker.com/id/1032771
SuSE Security Announcement: openSUSE-SU-2015:1132 (Google Search)
http://lists.opensuse.org/opensuse-updates/2015-06/msg00051.html
SuSE Security Announcement: openSUSE-SU-2015:1134 (Google Search)
http://lists.opensuse.org/opensuse-updates/2015-06/msg00053.html
SuSE Security Announcement: openSUSE-SU-2015:1212 (Google Search)
http://lists.opensuse.org/opensuse-updates/2015-07/msg00018.html
http://www.ubuntu.com/usn/USN-2670-1
Common Vulnerability Exposure (CVE) ID: CVE-2015-4588
BugTraq ID: 75230
http://www.securityfocus.com/bid/75230
http://www.openwall.com/lists/oss-security/2015/06/03/6
http://www.openwall.com/lists/oss-security/2015/06/16/4
Common Vulnerability Exposure (CVE) ID: CVE-2015-4695
BugTraq ID: 75329
http://www.securityfocus.com/bid/75329
http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162569.html
http://www.openwall.com/lists/oss-security/2015/06/17/3
http://www.openwall.com/lists/oss-security/2015/06/21/3
Common Vulnerability Exposure (CVE) ID: CVE-2015-4696
BugTraq ID: 75331
http://www.securityfocus.com/bid/75331
CopyrightCopyright (C) 2015 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.

Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.



© 1998-2025 E-Soft Inc. Todos los derechos reservados.