Conectiva Local Security Checks : Conectiva Security Advisory CLA-2003:656

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.51424

Categoría: Conectiva Local Security Checks

Título: Conectiva Security Advisory CLA-2003:656

Resumen: NOSUMMARY

Descripción: Description:

The remote host is missing updates announced in
advisory CLA-2003:656.

The netpbm package contains a library of functions and a set of basic
tools to manipulate various graphics file formats, including pbm,
pgm, pnm, ppm and others.

Alan Cox and Al Viro discovered[1] several math overflow
vulnerabilities in netpbm versions <= 9.20. These vulnerabilities can
be exploited by attackers using specially crafted images. Successful
exploitation can lead to denial of service conditions or arbitrary
code execution with the privileges of the user running the affected
program.

The netpbm packages included in this update announcement are based on
netpbm version 9.20 and contain a patch to fix the aforementioned
vulnerabilities.

The Common Vulnerabilities and Exposures (CVE) project has assigned
the name CVE-2003-0146 to this issue[2].

Solution:
The apt tool can be used to perform RPM package upgrades
by running 'apt-get update' followed by 'apt-get upgrade'

http://marc.theaimsgroup.com/?l=bugtraq&m=104644687816522&w=2
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0146
http://www.securityspace.com/smysecure/catid.html?in=CLA-2003:656
http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=002003

Risk factor : High

CVSS Score:
7.5

Referencia Cruzada: BugTraq ID: 6979
Common Vulnerability Exposure (CVE) ID: CVE-2003-0146
http://www.securityfocus.com/bid/6979
Bugtraq: 20030228 NetPBM, multiple vulnerabilities (Google Search)
http://marc.info/?l=bugtraq&m=104644687816522&w=2
CERT/CC vulnerability note: VU#630433
http://www.kb.cert.org/vuls/id/630433
Conectiva Linux advisory: CLSA-2003:656
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000656
Debian Security Information: DSA-263 (Google Search)
http://www.debian.org/security/2003/dsa-263
http://www.redhat.com/support/errata/RHSA-2003-060.html
XForce ISS Database: netpbm-multiple-bo(11463)
https://exchange.xforce.ibmcloud.com/vulnerabilities/11463

Copyright Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.51424
Categoría:	Conectiva Local Security Checks
Título:	Conectiva Security Advisory CLA-2003:656
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory CLA-2003:656. The netpbm package contains a library of functions and a set of basic tools to manipulate various graphics file formats, including pbm, pgm, pnm, ppm and others. Alan Cox and Al Viro discovered[1] several math overflow vulnerabilities in netpbm versions <= 9.20. These vulnerabilities can be exploited by attackers using specially crafted images. Successful exploitation can lead to denial of service conditions or arbitrary code execution with the privileges of the user running the affected program. The netpbm packages included in this update announcement are based on netpbm version 9.20 and contain a patch to fix the aforementioned vulnerabilities. The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2003-0146 to this issue[2]. Solution: The apt tool can be used to perform RPM package upgrades by running 'apt-get update' followed by 'apt-get upgrade' http://marc.theaimsgroup.com/?l=bugtraq&m=104644687816522&w=2 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0146 http://www.securityspace.com/smysecure/catid.html?in=CLA-2003:656 http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=002003 Risk factor : High CVSS Score: 7.5
Referencia Cruzada:	BugTraq ID: 6979 Common Vulnerability Exposure (CVE) ID: CVE-2003-0146 http://www.securityfocus.com/bid/6979 Bugtraq: 20030228 NetPBM, multiple vulnerabilities (Google Search) http://marc.info/?l=bugtraq&m=104644687816522&w=2 CERT/CC vulnerability note: VU#630433 http://www.kb.cert.org/vuls/id/630433 Conectiva Linux advisory: CLSA-2003:656 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000656 Debian Security Information: DSA-263 (Google Search) http://www.debian.org/security/2003/dsa-263 http://www.redhat.com/support/errata/RHSA-2003-060.html XForce ISS Database: netpbm-multiple-bo(11463) https://exchange.xforce.ibmcloud.com/vulnerabilities/11463
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com