Red Hat Local Security Checks : RedHat Security Advisory RHSA-2005:304

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.51933

Categoría: Red Hat Local Security Checks

Título: RedHat Security Advisory RHSA-2005:304

Resumen: NOSUMMARY

Descripción: Description:

The remote host is missing updates announced in
advisory RHSA-2005:304.

Grip is a GTK+ based front-end for CD rippers (such as cdparanoia and
cdda2wav) and Ogg Vorbis encoders.

Dean Brettle discovered a buffer overflow bug in the way grip handles data
returned by CDDB servers. It is possible that if a user connects to a
malicious CDDB server, an attacker could execute arbitrary code on the
victim's machine. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CVE-2005-0706 to this issue.

Users of grip should upgrade to this updated package, which
contains a backported patch, and is not vulnerable to this issue.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2005-304.html

Risk factor : High

CVSS Score:
7.5

Referencia Cruzada: BugTraq ID: 12770
Common Vulnerability Exposure (CVE) ID: CVE-2005-0706
12770
http://www.securityfocus.com/bid/12770
32803
http://secunia.com/advisories/32803
33389
http://secunia.com/advisories/33389
33824
http://secunia.com/advisories/33824
FEDORA-2008-11956
https://www.redhat.com/archives/fedora-package-announce/2009-February/msg00188.html
FEDORA-2008-9521
https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00490.html
FEDORA-2008-9604
https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00429.html
FLSA:152919
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=152919
GLSA-200503-21
http://security.gentoo.org/glsa/glsa-200503-21.xml
RHSA-2005:304
http://www.redhat.com/support/errata/RHSA-2005-304.html
RHSA-2009:0005
http://www.redhat.com/support/errata/RHSA-2009-0005.html
grip-cddb-bo(19648)
https://exchange.xforce.ibmcloud.com/vulnerabilities/19648
http://rpmfind.net/linux/RPM/suse/9.3/i386/suse/i586/gnome-vfs-1.0.5-816.2.i586.html
http://sourceforge.net/tracker/index.php?func=detail&aid=1160134&group_id=3714&atid=303714
http://sourceforge.net/tracker/index.php?func=detail&aid=834724&group_id=3714&atid=103714
oval:org.mitre.oval:def:10768
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10768

Copyright Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.51933
Categoría:	Red Hat Local Security Checks
Título:	RedHat Security Advisory RHSA-2005:304
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory RHSA-2005:304. Grip is a GTK+ based front-end for CD rippers (such as cdparanoia and cdda2wav) and Ogg Vorbis encoders. Dean Brettle discovered a buffer overflow bug in the way grip handles data returned by CDDB servers. It is possible that if a user connects to a malicious CDDB server, an attacker could execute arbitrary code on the victim's machine. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0706 to this issue. Users of grip should upgrade to this updated package, which contains a backported patch, and is not vulnerable to this issue. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2005-304.html Risk factor : High CVSS Score: 7.5
Referencia Cruzada:	BugTraq ID: 12770 Common Vulnerability Exposure (CVE) ID: CVE-2005-0706 12770 http://www.securityfocus.com/bid/12770 32803 http://secunia.com/advisories/32803 33389 http://secunia.com/advisories/33389 33824 http://secunia.com/advisories/33824 FEDORA-2008-11956 https://www.redhat.com/archives/fedora-package-announce/2009-February/msg00188.html FEDORA-2008-9521 https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00490.html FEDORA-2008-9604 https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00429.html FLSA:152919 https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=152919 GLSA-200503-21 http://security.gentoo.org/glsa/glsa-200503-21.xml RHSA-2005:304 http://www.redhat.com/support/errata/RHSA-2005-304.html RHSA-2009:0005 http://www.redhat.com/support/errata/RHSA-2009-0005.html grip-cddb-bo(19648) https://exchange.xforce.ibmcloud.com/vulnerabilities/19648 http://rpmfind.net/linux/RPM/suse/9.3/i386/suse/i586/gnome-vfs-1.0.5-816.2.i586.html http://sourceforge.net/tracker/index.php?func=detail&aid=1160134&group_id=3714&atid=303714 http://sourceforge.net/tracker/index.php?func=detail&aid=834724&group_id=3714&atid=103714 oval:org.mitre.oval:def:10768 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10768
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com