Conectiva Local Security Checks : Conectiva Security Advisory CLA-2004:836

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.51340

Categoría: Conectiva Local Security Checks

Título: Conectiva Security Advisory CLA-2004:836

Resumen: NOSUMMARY

Descripción: Description:

The remote host is missing updates announced in
advisory CLA-2004:836.

The XML C library (libxml2) is used by many programs to load and save
extensible datastructures or to manipulate several kinds of XML
files.

This update fixes a buffer overflow vulnerability[1,2] in the URI
parsing code of the nanoftp and nanohttp modules of libxml2. An
attacker can exploit this vulnerability to execute arbitrary code
with the privileges of the user running an affected application.
Depending of the scenario where this application is used, this
vulnerability can be remotely exploitable.

Solution:
The apt tool can be used to perform RPM package upgrades
by running 'apt-get update' followed by 'apt-get upgrade'

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0110
http://www.securityfocus.com/bid/9718
http://www.securityspace.com/smysecure/catid.html?in=CLA-2004:836
http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=002004

Risk factor : High

CVSS Score:
7.5

Referencia Cruzada: BugTraq ID: 9718
Common Vulnerability Exposure (CVE) ID: CVE-2004-0110
http://www.securityfocus.com/bid/9718
Bugtraq: 20040305 [OpenPKG-SA-2004.003] OpenPKG Security Advisory (libxml) (Google Search)
http://marc.info/?l=bugtraq&m=107851606605420&w=2
Bugtraq: 20040306 TSLSA-2004-0010 - libxml2 (Google Search)
http://marc.info/?l=bugtraq&m=107860178228804&w=2
CERT/CC vulnerability note: VU#493966
http://www.kb.cert.org/vuls/id/493966
Computer Incident Advisory Center Bulletin: O-086
http://www.ciac.org/ciac/bulletins/o-086.shtml
Debian Security Information: DSA-455 (Google Search)
http://www.debian.org/security/2004/dsa-455
http://security.gentoo.org/glsa/glsa-200403-01.xml
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11626
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A833
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A875
RedHat Security Advisories: RHSA-2004:090
http://rhn.redhat.com/errata/RHSA-2004-090.html
http://www.redhat.com/support/errata/RHSA-2004-091.html
http://www.redhat.com/support/errata/RHSA-2004-650.html
http://secunia.com/advisories/10958/
SuSE Security Announcement: SUSE-SR:2005:001 (Google Search)
http://www.novell.com/linux/security/advisories/2005_01_sr.html
XForce ISS Database: libxml2-nanoftp-bo(15302)
https://exchange.xforce.ibmcloud.com/vulnerabilities/15302
XForce ISS Database: libxml2-nanohttp-bo(15301)
https://exchange.xforce.ibmcloud.com/vulnerabilities/15301

Copyright Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.51340
Categoría:	Conectiva Local Security Checks
Título:	Conectiva Security Advisory CLA-2004:836
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory CLA-2004:836. The XML C library (libxml2) is used by many programs to load and save extensible datastructures or to manipulate several kinds of XML files. This update fixes a buffer overflow vulnerability[1,2] in the URI parsing code of the nanoftp and nanohttp modules of libxml2. An attacker can exploit this vulnerability to execute arbitrary code with the privileges of the user running an affected application. Depending of the scenario where this application is used, this vulnerability can be remotely exploitable. Solution: The apt tool can be used to perform RPM package upgrades by running 'apt-get update' followed by 'apt-get upgrade' http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0110 http://www.securityfocus.com/bid/9718 http://www.securityspace.com/smysecure/catid.html?in=CLA-2004:836 http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=002004 Risk factor : High CVSS Score: 7.5
Referencia Cruzada:	BugTraq ID: 9718 Common Vulnerability Exposure (CVE) ID: CVE-2004-0110 http://www.securityfocus.com/bid/9718 Bugtraq: 20040305 [OpenPKG-SA-2004.003] OpenPKG Security Advisory (libxml) (Google Search) http://marc.info/?l=bugtraq&m=107851606605420&w=2 Bugtraq: 20040306 TSLSA-2004-0010 - libxml2 (Google Search) http://marc.info/?l=bugtraq&m=107860178228804&w=2 CERT/CC vulnerability note: VU#493966 http://www.kb.cert.org/vuls/id/493966 Computer Incident Advisory Center Bulletin: O-086 http://www.ciac.org/ciac/bulletins/o-086.shtml Debian Security Information: DSA-455 (Google Search) http://www.debian.org/security/2004/dsa-455 http://security.gentoo.org/glsa/glsa-200403-01.xml https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11626 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A833 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A875 RedHat Security Advisories: RHSA-2004:090 http://rhn.redhat.com/errata/RHSA-2004-090.html http://www.redhat.com/support/errata/RHSA-2004-091.html http://www.redhat.com/support/errata/RHSA-2004-650.html http://secunia.com/advisories/10958/ SuSE Security Announcement: SUSE-SR:2005:001 (Google Search) http://www.novell.com/linux/security/advisories/2005_01_sr.html XForce ISS Database: libxml2-nanoftp-bo(15302) https://exchange.xforce.ibmcloud.com/vulnerabilities/15302 XForce ISS Database: libxml2-nanohttp-bo(15301) https://exchange.xforce.ibmcloud.com/vulnerabilities/15301
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com