ID de Prueba:	1.3.6.1.4.1.25623.1.0.51052
Categoría:	Red Hat Local Security Checks
Título:	RedHat Security Advisory RHSA-2004:537
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory RHSA-2004:537. OpenMotif provides libraries which implement the Motif industry standard graphical user interface. During a source code audit, Chris Evans and others discovered several stack overflow flaws and an integer overflow flaw in the libXpm library used to decode XPM (X PixMap) images. A vulnerable version of this library was found within OpenMotif. An attacker could create a carefully crafted XPM file which would cause an application to crash or potentially execute arbitrary code if opened by a victim. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2004-0687, CVE-2004-0688, and CVE-2004-0914 to these issues. Users of OpenMotif are advised to upgrade to these erratum packages, which contain backported security patches to the embedded libXpm library. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2004-537.html Risk factor : Critical CVSS Score: 10.0
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2004-0687 http://lists.apple.com/archives/security-announce/2005/May/msg00001.html BugTraq ID: 11196 http://www.securityfocus.com/bid/11196 Bugtraq: 20040915 CESA-2004-004: libXpm (Google Search) http://marc.info/?l=bugtraq&m=109530851323415&w=2 Cert/CC Advisory: TA05-136A http://www.us-cert.gov/cas/techalerts/TA05-136A.html CERT/CC vulnerability note: VU#882750 http://www.kb.cert.org/vuls/id/882750 Conectiva Linux advisory: CLA-2005:924 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000924 Debian Security Information: DSA-560 (Google Search) http://www.debian.org/security/2004/dsa-560 http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00001.html http://www.gentoo.org/security/en/glsa/glsa-200409-34.xml http://www.gentoo.org/security/en/glsa/glsa-200502-07.xml HPdes Security Advisory: HPSBUX02119 http://www.securityfocus.com/archive/1/434715/100/0/threaded HPdes Security Advisory: SSRT4848 http://www.mandriva.com/security/advisories?name=MDKSA-2004:098 http://packetstormsecurity.com/files/170620/Solaris-10-dtprintinfo-libXm-libXpm-Security-Issues.html http://scary.beasts.org/security/CESA-2004-003.txt https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9187 RedHat Security Advisories: RHSA-2004:537 http://www.redhat.com/support/errata/RHSA-2005-004.html http://secunia.com/advisories/20235 http://sunsolve.sun.com/search/document.do?assetkey=1-26-57653-1 SuSE Security Announcement: SUSE-SA:2004:034 (Google Search) http://www.novell.com/linux/security/advisories/2004_34_xfree86_libs_xshared.html https://usn.ubuntu.com/27-1/ http://www.vupen.com/english/advisories/2006/1914 XForce ISS Database: libxpm-multiple-stack-bo(17414) https://exchange.xforce.ibmcloud.com/vulnerabilities/17414 Common Vulnerability Exposure (CVE) ID: CVE-2004-0688 CERT/CC vulnerability note: VU#537878 http://www.kb.cert.org/vuls/id/537878 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11796 XForce ISS Database: libxpm-xpmfile-integer-overflow(17416) https://exchange.xforce.ibmcloud.com/vulnerabilities/17416 Common Vulnerability Exposure (CVE) ID: CVE-2004-0914 BugTraq ID: 11694 http://www.securityfocus.com/bid/11694 Debian Security Information: DSA-607 (Google Search) http://www.debian.org/security/2004/dsa-607 http://www.linuxsecurity.com/content/view/106877/102/ http://www.gentoo.org/security/en/glsa/glsa-200411-28.xml http://www.gentoo.org/security/en/glsa/glsa-200502-06.xml HPdes Security Advisory: HPSBTU01228 http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBTU01228 http://www.mandriva.com/security/advisories?name=MDKSA-2004:137 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9943 http://rhn.redhat.com/errata/RHSA-2004-537.html http://www.redhat.com/support/errata/RHSA-2004-610.html http://secunia.com/advisories/13224/ http://www.ubuntu.com/usn/usn-83-1 http://www.ubuntu.com/usn/usn-83-2 XForce ISS Database: libxpm-command-execution(18145) https://exchange.xforce.ibmcloud.com/vulnerabilities/18145 XForce ISS Database: libxpm-directory-traversal(18146) https://exchange.xforce.ibmcloud.com/vulnerabilities/18146 XForce ISS Database: libxpm-dos(18147) https://exchange.xforce.ibmcloud.com/vulnerabilities/18147 XForce ISS Database: libxpm-image-bo(18142) https://exchange.xforce.ibmcloud.com/vulnerabilities/18142 XForce ISS Database: libxpm-improper-memory-access(18144) https://exchange.xforce.ibmcloud.com/vulnerabilities/18144
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.