ID de Prueba:	1.3.6.1.4.1.25623.1.0.51382
Categoría:	Conectiva Local Security Checks
Título:	Conectiva Security Advisory CLA-2004:890
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory CLA-2004:890. The XML C library[1] (libxml2) is used by many programs to load and save extensible data structures or to manipulate several kinds of XML files. This update fixes a buffer overflow vulnerability[2,3] in the URI parsing code found by infamous41md at the nanoftp and nanohttp modules of libxml2. An attacker may exploit this vulnerability to execute arbitrary code with the privileges of the user running an affected application. Depending of the scenario where this application is used, this vulnerability can be remotely exploitable. Solution: The apt tool can be used to perform RPM package upgrades by running 'apt-get update' followed by 'apt-get upgrade' http://xmlsoft.org http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0989 http://www.securityfocus.com/archive/1/379383 http://www.securityspace.com/smysecure/catid.html?in=CLA-2004:890 http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=002004 Risk factor : Critical CVSS Score: 10.0
Referencia Cruzada:	BugTraq ID: 11526 Common Vulnerability Exposure (CVE) ID: CVE-2004-0989 http://lists.apple.com/archives/security-announce/2005/Jan/msg00001.html http://www.securityfocus.com/bid/11526 Bugtraq: 20041026 libxml2 remote buffer overflows (not in xml parsing code though) (Google Search) http://marc.info/?l=bugtraq&m=109880813013482&w=2 Computer Incident Advisory Center Bulletin: P-029 http://www.ciac.org/ciac/bulletins/p-029.shtml Conectiva Linux advisory: CLA-2004:890 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000890 Debian Security Information: DSA-582 (Google Search) http://www.debian.org/security/2004/dsa-582 http://www.gentoo.org/security/en/glsa/glsa-200411-05.xml http://www.osvdb.org/11179 http://www.osvdb.org/11180 http://www.osvdb.org/11324 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10505 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1173 http://www.redhat.com/support/errata/RHSA-2004-615.html http://www.redhat.com/support/errata/RHSA-2004-650.html http://securitytracker.com/id?1011941 http://secunia.com/advisories/13000 SuSE Security Announcement: SUSE-SR:2005:001 (Google Search) http://www.novell.com/linux/security/advisories/2005_01_sr.html https://www.ubuntu.com/usn/usn-89-1/ XForce ISS Database: libxml2-nanoftp-file-bo(17872) https://exchange.xforce.ibmcloud.com/vulnerabilities/17872 XForce ISS Database: libxml2-nanohttp-file-bo(17876) https://exchange.xforce.ibmcloud.com/vulnerabilities/17876 XForce ISS Database: libxml2-xmlnanoftpscanproxy-bo(17875) https://exchange.xforce.ibmcloud.com/vulnerabilities/17875 XForce ISS Database: libxml2-xmlnanoftpscanurl-bo(17870) https://exchange.xforce.ibmcloud.com/vulnerabilities/17870
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.