FreeBSD Local Security Checks : FreeBSD Ports: enscript-a4, enscript-letter, enscript-letterdj

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.52193

Categoría: FreeBSD Local Security Checks

Título: FreeBSD Ports: enscript-a4, enscript-letter, enscript-letterdj

Resumen: The remote host is missing an update to the system; as announced in the referenced advisory.

Descripción: Summary:
The remote host is missing an update to the system
as announced in the referenced advisory.

Vulnerability Insight:
The following packages are affected:

enscript-a4
enscript-letter
enscript-letterdj

CVE-2004-1184
The EPSF pipe support in enscript 1.6.3 allows remote attackers or
local users to execute arbitrary commands via shell metacharacters.

CVE-2004-1185
Enscript 1.6.3 does not sanitize filenames, which allows remote
attackers or local users to execute arbitrary commands via crafted
filenames.

CVE-2004-1186
Multiple buffer overflows in enscript 1.6.3 allow remote attackers or
local users to cause a denial of service (application crash).

Solution:
Update your system with the appropriate patches or
software upgrades.

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2004-1184
http://lists.apple.com/archives/security-announce/2009/May/msg00002.html
BugTraq ID: 12329
http://www.securityfocus.com/bid/12329
Bugtraq: 20060526 rPSA-2006-0083-1 enscript (Google Search)
http://www.securityfocus.com/archive/1/435199/100/0/threaded
Cert/CC Advisory: TA09-133A
http://www.us-cert.gov/cas/techalerts/TA09-133A.html
Debian Security Information: DSA-654 (Google Search)
http://www.debian.org/security/2005/dsa-654
http://www.securityfocus.com/archive/1/419768/100/0/threaded
http://www.gentoo.org/security/en/glsa/glsa-200502-03.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2005:033
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9658
http://www.redhat.com/support/errata/RHSA-2005-040.html
http://securitytracker.com/id?1012965
http://secunia.com/advisories/35074
https://usn.ubuntu.com/68-1/
http://www.vupen.com/english/advisories/2009/1297
XForce ISS Database: enscript-epsf-command-ececution(19012)
https://exchange.xforce.ibmcloud.com/vulnerabilities/19012
Common Vulnerability Exposure (CVE) ID: CVE-2004-1185
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10808
XForce ISS Database: enscript-filename-command-execution(19029)
https://exchange.xforce.ibmcloud.com/vulnerabilities/19029
Common Vulnerability Exposure (CVE) ID: CVE-2004-1186
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11134
XForce ISS Database: enscript-multiple-bo(19033)
https://exchange.xforce.ibmcloud.com/vulnerabilities/19033

Copyright Copyright (C) 2008 E-Soft Inc.

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.52193
Categoría:	FreeBSD Local Security Checks
Título:	FreeBSD Ports: enscript-a4, enscript-letter, enscript-letterdj
Resumen:	The remote host is missing an update to the system; as announced in the referenced advisory.
Descripción:	Summary: The remote host is missing an update to the system as announced in the referenced advisory. Vulnerability Insight: The following packages are affected: enscript-a4 enscript-letter enscript-letterdj CVE-2004-1184 The EPSF pipe support in enscript 1.6.3 allows remote attackers or local users to execute arbitrary commands via shell metacharacters. CVE-2004-1185 Enscript 1.6.3 does not sanitize filenames, which allows remote attackers or local users to execute arbitrary commands via crafted filenames. CVE-2004-1186 Multiple buffer overflows in enscript 1.6.3 allow remote attackers or local users to cause a denial of service (application crash). Solution: Update your system with the appropriate patches or software upgrades. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2004-1184 http://lists.apple.com/archives/security-announce/2009/May/msg00002.html BugTraq ID: 12329 http://www.securityfocus.com/bid/12329 Bugtraq: 20060526 rPSA-2006-0083-1 enscript (Google Search) http://www.securityfocus.com/archive/1/435199/100/0/threaded Cert/CC Advisory: TA09-133A http://www.us-cert.gov/cas/techalerts/TA09-133A.html Debian Security Information: DSA-654 (Google Search) http://www.debian.org/security/2005/dsa-654 http://www.securityfocus.com/archive/1/419768/100/0/threaded http://www.gentoo.org/security/en/glsa/glsa-200502-03.xml http://www.mandriva.com/security/advisories?name=MDKSA-2005:033 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9658 http://www.redhat.com/support/errata/RHSA-2005-040.html http://securitytracker.com/id?1012965 http://secunia.com/advisories/35074 https://usn.ubuntu.com/68-1/ http://www.vupen.com/english/advisories/2009/1297 XForce ISS Database: enscript-epsf-command-ececution(19012) https://exchange.xforce.ibmcloud.com/vulnerabilities/19012 Common Vulnerability Exposure (CVE) ID: CVE-2004-1185 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10808 XForce ISS Database: enscript-filename-command-execution(19029) https://exchange.xforce.ibmcloud.com/vulnerabilities/19029 Common Vulnerability Exposure (CVE) ID: CVE-2004-1186 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11134 XForce ISS Database: enscript-multiple-bo(19033) https://exchange.xforce.ibmcloud.com/vulnerabilities/19033
Copyright	Copyright (C) 2008 E-Soft Inc.