 |
Inicial ▼ Bookkeeping
Online ▼ Auditorias ▼
DNS
Administrado ▼
Acerca de DNS
Ordenar/Renovar
Preguntas Frecuentes
AUP
Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password Monitoreo
de Redes ▼
Enterprise
Avanzado
Estándarr
Prueba
Preguntas Frecuentes
Resumen de Precio/Funciones
Ordenar
Muestras
Configure/Status Alert Profiles | ||
| ID de Prueba: | 1.3.6.1.4.1.25623.1.0.51084 |
| Categoría: | Red Hat Local Security Checks |
| Título: | RedHat Security Advisory RHSA-2004:073 |
| Resumen: | NOSUMMARY |
| Descripción: | Description: The remote host is missing updates announced in advisory RHSA-2004:073. Metamail is a system for handling multimedia mail. Ulf Harnhammar discovered two integer overflow bugs and two buffer overflow bugs in versions of Metamail up to and including 2.7. An attacker could create a carefully-crafted message such that when it is opened by a victim and parsed through Metamail, it runs arbitrary code as the victim. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2004-0104 and CVE-2004-0105 to these issues. Users of Red Hat Enterprise Linux 2.1 are advised to upgrade to these erratum packages, which contain a backported security patch and are not vulnerable to these issues. Please note that Red Hat Enterprise Linux 3 does not contain Metamail and is therefore not vulnerable to these issues. Red Hat would like to thank Ulf Harnhammar for the notification and patch for these issues. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2004-073.html Risk factor : High CVSS Score: 7.5 |
| Referencia Cruzada: |
Common Vulnerability Exposure (CVE) ID: CVE-2004-0104 BugTraq ID: 9692 http://www.securityfocus.com/bid/9692 Bugtraq: 20040218 metamail format string bugs and buffer overflows (Google Search) http://marc.info/?l=bugtraq&m=107713476911429&w=2 CERT/CC vulnerability note: VU#518518 http://www.kb.cert.org/vuls/id/518518 Computer Incident Advisory Center Bulletin: O-083 http://www.ciac.org/ciac/bulletins/o-083.shtml Debian Security Information: DSA-449 (Google Search) http://www.debian.org/security/2004/dsa-449 http://www.mandriva.com/security/advisories?name=MDKSA-2004:014 http://www.redhat.com/support/errata/RHSA-2004-073.html http://secunia.com/advisories/10908 http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.404734 http://archives.neohapsis.com/archives/vulnwatch/2004-q1/0041.html XForce ISS Database: metamail-contenttype-format-string(15245) https://exchange.xforce.ibmcloud.com/vulnerabilities/15245 XForce ISS Database: metamail-printheader-format-string(15259) https://exchange.xforce.ibmcloud.com/vulnerabilities/15259 Common Vulnerability Exposure (CVE) ID: CVE-2004-0105 CERT/CC vulnerability note: VU#513062 http://www.kb.cert.org/vuls/id/513062 XForce ISS Database: metamail-printheader-nonascii-bo(15247) https://exchange.xforce.ibmcloud.com/vulnerabilities/15247 XForce ISS Database: metamail-splitmail-subject-bo(15258) https://exchange.xforce.ibmcloud.com/vulnerabilities/15258 |
| Copyright | Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com |
| Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora. |