Conectiva Local Security Checks : Conectiva Security Advisory CLA-2004:810

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.51329

Categoría: Conectiva Local Security Checks

Título: Conectiva Security Advisory CLA-2004:810

Resumen: NOSUMMARY

Descripción: Description:

The remote host is missing updates announced in
advisory CLA-2004:810.

kdepim is a collection of Personal Information Management (PIM) tools
for the K Desktop Enviromnent (KDE[1]).

The KDE team has found[2] a buffer overflow vulnerability[3] in the
file information reader of .VCF files. A carefully constructed .VCF
file, if opened or previewed by an unsuspecting user, could cause the
execution of arbitrary code with the victim's privileges.

Solution:
The apt tool can be used to perform RPM package upgrades
by running 'apt-get update' followed by 'apt-get upgrade'

http://www.securityspace.com/smysecure/catid.html?in=CLA-2004:810
http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=002004

Risk factor : High

CVSS Score:
7.5

Referencia Cruzada: BugTraq ID: 9419
Common Vulnerability Exposure (CVE) ID: CVE-2003-0988
http://www.securityfocus.com/bid/9419
Bugtraq: 20040114 KDE Security Advisory: VCF file information reader vulnerability (Google Search)
http://marc.info/?l=bugtraq&m=107412130407906&w=2
CERT/CC vulnerability note: VU#820798
http://www.kb.cert.org/vuls/id/820798
Conectiva Linux advisory: CLA-2004:810
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000810
http://security.gentoo.org/glsa/glsa-200404-02.xml
http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:003
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A858
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A865
http://www.redhat.com/support/errata/RHSA-2004-005.html
http://www.redhat.com/support/errata/RHSA-2004-006.html
XForce ISS Database: kde-kdepim-bo(14833)
https://exchange.xforce.ibmcloud.com/vulnerabilities/14833

Copyright Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.51329
Categoría:	Conectiva Local Security Checks
Título:	Conectiva Security Advisory CLA-2004:810
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory CLA-2004:810. kdepim is a collection of Personal Information Management (PIM) tools for the K Desktop Enviromnent (KDE[1]). The KDE team has found[2] a buffer overflow vulnerability[3] in the file information reader of .VCF files. A carefully constructed .VCF file, if opened or previewed by an unsuspecting user, could cause the execution of arbitrary code with the victim's privileges. Solution: The apt tool can be used to perform RPM package upgrades by running 'apt-get update' followed by 'apt-get upgrade' http://www.securityspace.com/smysecure/catid.html?in=CLA-2004:810 http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=002004 Risk factor : High CVSS Score: 7.5
Referencia Cruzada:	BugTraq ID: 9419 Common Vulnerability Exposure (CVE) ID: CVE-2003-0988 http://www.securityfocus.com/bid/9419 Bugtraq: 20040114 KDE Security Advisory: VCF file information reader vulnerability (Google Search) http://marc.info/?l=bugtraq&m=107412130407906&w=2 CERT/CC vulnerability note: VU#820798 http://www.kb.cert.org/vuls/id/820798 Conectiva Linux advisory: CLA-2004:810 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000810 http://security.gentoo.org/glsa/glsa-200404-02.xml http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:003 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A858 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A865 http://www.redhat.com/support/errata/RHSA-2004-005.html http://www.redhat.com/support/errata/RHSA-2004-006.html XForce ISS Database: kde-kdepim-bo(14833) https://exchange.xforce.ibmcloud.com/vulnerabilities/14833
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com