Mandrake Local Security Checks : Mandrake Security Advisory MDKSA-2004:012 (XFree86)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.50651
Categoría:	Mandrake Local Security Checks
Título:	Mandrake Security Advisory MDKSA-2004:012 (XFree86)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to XFree86 announced via advisory MDKSA-2004:012. Two buffer overflow vulnerabilities were found by iDEFENSE in XFree86's parsing of the font.alias file. The X server, which runs as root, fails to check the length of user-provided input as a result a malicious user could craft a malformed font.alias file causing a buffer overflow upon parsing, which could eventually lead to the execution of arbitrary code. Additional vulnerabilities were found by David Dawes, also in the reading of font files. The updated packages have a patch from David Dawes to correct these vulnerabilities. Affected versions: 9.0, 9.1, 9.2, Corporate Server 2.1 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. http://www.securityspace.com/smysecure/catid.html?in=MDKSA-2004:012 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0083 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0084 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0106 Risk factor : Critical CVSS Score: 10.0
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2004-0083 BugTraq ID: 9636 http://www.securityfocus.com/bid/9636 Bugtraq: 20040210 iDEFENSESecurityAdvisory02.10.04: XFree86FontInformationFileBufferOverflow (Google Search) http://marc.info/?l=bugtraq&m=107644835523678&w=2 Bugtraq: 20040211 XFree86 vulnerability exploit (Google Search) http://marc.info/?l=bugtraq&m=107653324115914&w=2 CERT/CC vulnerability note: VU#820006 http://www.kb.cert.org/vuls/id/820006 Conectiva Linux advisory: CLA-2004:821 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000821 Debian Security Information: DSA-443 (Google Search) http://www.debian.org/security/2004/dsa-443 http://marc.info/?l=bugtraq&m=110979666528890&w=2 http://security.gentoo.org/glsa/glsa-200402-02.xml http://www.mandriva.com/security/advisories?name=MDKSA-2004:012 http://www.idefense.com/application/poi/display?id=72 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A806 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A830 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9612 http://www.redhat.com/support/errata/RHSA-2004-059.html http://www.redhat.com/support/errata/RHSA-2004-060.html http://www.redhat.com/support/errata/RHSA-2004-061.html http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.405053 http://sunsolve.sun.com/search/document.do?assetkey=1-26-57768-1 SuSE Security Announcement: SuSE-SA:2004:006 (Google Search) http://www.novell.com/linux/security/advisories/2004_06_xf86.html XForce ISS Database: xfree86-fontalias-bo(15130) https://exchange.xforce.ibmcloud.com/vulnerabilities/15130 Common Vulnerability Exposure (CVE) ID: CVE-2004-0084 BugTraq ID: 9652 http://www.securityfocus.com/bid/9652 Bugtraq: 20040212 iDEFENSE Security Advisory 02.11.04: XFree86 Font Information File Buffer Overflow II (Google Search) http://marc.info/?l=bugtraq&m=107662833512775&w=2 CERT/CC vulnerability note: VU#667502 http://www.kb.cert.org/vuls/id/667502 http://www.idefense.com/application/poi/display?id=73 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10405 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A807 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A831 XForce ISS Database: xfree86-copyisolatin1lLowered-bo(15200) https://exchange.xforce.ibmcloud.com/vulnerabilities/15200 Common Vulnerability Exposure (CVE) ID: CVE-2004-0106 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11111 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A809 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A832 XForce ISS Database: xfree86-multiple-font-improper-handling(15206) https://exchange.xforce.ibmcloud.com/vulnerabilities/15206
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com