ID de Prueba:	1.3.6.1.4.1.25623.1.0.51406
Categoría:	Conectiva Local Security Checks
Título:	Conectiva Security Advisory CLA-2003:619
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory CLA-2003:619. zlib[1] is a compression library used by several programs. Richard Kettlewell discovered[1] a buffer overflow vulnerability[2] in the gzprintf() function provided by zlib. If a program passes unsafe data to this function (e.g. data from remote images or network traffic), it is possible for a remote attacker to execute arbitrary code or to cause a denial of service in such programs. Although hundreds of programs are linked against zlib in Conectiva Linux, the vulnerable function, gzprintf(), is rarely used, which lessens the impact of this vulnerability. The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2003-0107 to this issue. Solution: The apt tool can be used to perform RPM package upgrades by running 'apt-get update' followed by 'apt-get upgrade' http://www.gzip.org/zlib/ http://online.securityfocus.com/archive/1/312869 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0107 http://www.securityspace.com/smysecure/catid.html?in=CLA-2003:619 http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=002003 Risk factor : High CVSS Score: 7.5
Referencia Cruzada:	BugTraq ID: 6913 Common Vulnerability Exposure (CVE) ID: CVE-2003-0107 http://www.securityfocus.com/bid/6913 Bugtraq: 20030222 buffer overrun in zlib 1.1.4 (Google Search) http://online.securityfocus.com/archive/1/312869 Bugtraq: 20030223 poc zlib sploit just for fun :) (Google Search) http://marc.info/?l=bugtraq&m=104610337726297&w=2 Bugtraq: 20030224 Re: buffer overrun in zlib 1.1.4 (Google Search) http://marc.info/?l=bugtraq&m=104610536129508&w=2 Bugtraq: 20030225 [sorcerer-spells] ZLIB-SORCERER2003-02-25 (Google Search) http://marc.info/?l=bugtraq&m=104620610427210&w=2 Caldera Security Advisory: CSSA-2003-011.0 ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2003-011.0.txt CERT/CC vulnerability note: VU#142121 http://www.kb.cert.org/vuls/id/142121 Conectiva Linux advisory: CLSA-2003:619 http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000619 http://marc.info/?l=bugtraq&m=104887247624907&w=2 http://jvn.jp/en/jp/JVN78689801/index.html http://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000066.html http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:033 NETBSD Security Advisory: NetBSD-SA2003-004 ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-004.txt.asc http://www.osvdb.org/6599 http://www.redhat.com/support/errata/RHSA-2003-079.html http://www.redhat.com/support/errata/RHSA-2003-081.html http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F57405 http://www.iss.net/security_center/static/11381.php
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.