Mandrake Local Security Checks : Mandrake Security Advisory MDKSA-2003:033 (zlib)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.50697

Categoría: Mandrake Local Security Checks

Título: Mandrake Security Advisory MDKSA-2003:033 (zlib)

Resumen: NOSUMMARY

Descripción: Description:

The remote host is missing an update to zlib
announced via advisory MDKSA-2003:033.

Richard Kettlewell discovered a buffer overflow vulnerability in the
zlib library's gzprintf() function. This can be used by attackers
to cause a denial of service or possibly even the execution of
arbitrary code. Our thanks to the OpenPKG team for providing a patch
which adds the necessary configure script checks to always use the
secure vsnprintf(3) and snprintf(3) functions, and which additionally
adjusts the code to correctly take into account the return value of
vsnprintf(3) and snprintf(3).

Affected versions: 7.2, 8.0, 8.1, 8.2, 9.0, Corporate Server 2.1,
Multi Network Firewall 8.2,

Single Network Firewall 7.2

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

http://www.securityspace.com/smysecure/catid.html?in=MDKSA-2003:033
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0107
http://online.securityfocus.com/bid/6913

Risk factor : High

CVSS Score:
7.5

Referencia Cruzada: BugTraq ID: 6913
Common Vulnerability Exposure (CVE) ID: CVE-2003-0107
http://www.securityfocus.com/bid/6913
Bugtraq: 20030222 buffer overrun in zlib 1.1.4 (Google Search)
http://online.securityfocus.com/archive/1/312869
Bugtraq: 20030223 poc zlib sploit just for fun :) (Google Search)
http://marc.info/?l=bugtraq&m=104610337726297&w=2
Bugtraq: 20030224 Re: buffer overrun in zlib 1.1.4 (Google Search)
http://marc.info/?l=bugtraq&m=104610536129508&w=2
Bugtraq: 20030225 [sorcerer-spells] ZLIB-SORCERER2003-02-25 (Google Search)
http://marc.info/?l=bugtraq&m=104620610427210&w=2
Caldera Security Advisory: CSSA-2003-011.0
ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2003-011.0.txt
CERT/CC vulnerability note: VU#142121
http://www.kb.cert.org/vuls/id/142121
Conectiva Linux advisory: CLSA-2003:619
http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000619
http://marc.info/?l=bugtraq&m=104887247624907&w=2
http://jvn.jp/en/jp/JVN78689801/index.html
http://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000066.html
http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:033
NETBSD Security Advisory: NetBSD-SA2003-004
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-004.txt.asc
http://www.osvdb.org/6599
http://www.redhat.com/support/errata/RHSA-2003-079.html
http://www.redhat.com/support/errata/RHSA-2003-081.html
http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F57405
http://www.iss.net/security_center/static/11381.php

Copyright Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.50697
Categoría:	Mandrake Local Security Checks
Título:	Mandrake Security Advisory MDKSA-2003:033 (zlib)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to zlib announced via advisory MDKSA-2003:033. Richard Kettlewell discovered a buffer overflow vulnerability in the zlib library's gzprintf() function. This can be used by attackers to cause a denial of service or possibly even the execution of arbitrary code. Our thanks to the OpenPKG team for providing a patch which adds the necessary configure script checks to always use the secure vsnprintf(3) and snprintf(3) functions, and which additionally adjusts the code to correctly take into account the return value of vsnprintf(3) and snprintf(3). Affected versions: 7.2, 8.0, 8.1, 8.2, 9.0, Corporate Server 2.1, Multi Network Firewall 8.2, Single Network Firewall 7.2 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. http://www.securityspace.com/smysecure/catid.html?in=MDKSA-2003:033 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0107 http://online.securityfocus.com/bid/6913 Risk factor : High CVSS Score: 7.5
Referencia Cruzada:	BugTraq ID: 6913 Common Vulnerability Exposure (CVE) ID: CVE-2003-0107 http://www.securityfocus.com/bid/6913 Bugtraq: 20030222 buffer overrun in zlib 1.1.4 (Google Search) http://online.securityfocus.com/archive/1/312869 Bugtraq: 20030223 poc zlib sploit just for fun :) (Google Search) http://marc.info/?l=bugtraq&m=104610337726297&w=2 Bugtraq: 20030224 Re: buffer overrun in zlib 1.1.4 (Google Search) http://marc.info/?l=bugtraq&m=104610536129508&w=2 Bugtraq: 20030225 [sorcerer-spells] ZLIB-SORCERER2003-02-25 (Google Search) http://marc.info/?l=bugtraq&m=104620610427210&w=2 Caldera Security Advisory: CSSA-2003-011.0 ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2003-011.0.txt CERT/CC vulnerability note: VU#142121 http://www.kb.cert.org/vuls/id/142121 Conectiva Linux advisory: CLSA-2003:619 http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000619 http://marc.info/?l=bugtraq&m=104887247624907&w=2 http://jvn.jp/en/jp/JVN78689801/index.html http://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000066.html http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:033 NETBSD Security Advisory: NetBSD-SA2003-004 ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-004.txt.asc http://www.osvdb.org/6599 http://www.redhat.com/support/errata/RHSA-2003-079.html http://www.redhat.com/support/errata/RHSA-2003-081.html http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F57405 http://www.iss.net/security_center/static/11381.php
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com