ID de Prueba:	1.3.6.1.4.1.25623.1.0.53992
Categoría:	Red Hat Local Security Checks
Título:	RedHat Security Advisory RHSA-2005:569
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory RHSA-2005:569. Zlib is a general-purpose lossless data compression library which is used by many different programs. Tavis Ormandy discovered a buffer overflow affecting Zlib version 1.2 and above. An attacker could create a carefully crafted compressed stream that would cause an application to crash if the stream is opened by a user. As an example, an attacker could create a malicious PNG image file which would cause a web browser or mail viewer to crash if the image is viewed. The Common Vulnerabilities and Exposures project assigned the name CVE-2005-2096 to this issue. Please note that the versions of Zlib as shipped with Red Hat Enterprise Linux 2.1 and 3 are not vulnerable to this issue. All users should update to these erratum packages which contain a patch from Mark Adler which corrects this issue. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2005-569.html http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2096 Risk factor : High CVSS Score: 7.5
Referencia Cruzada:	BugTraq ID: 14162 Common Vulnerability Exposure (CVE) ID: CVE-2005-2096 1014398 http://securitytracker.com/id?1014398 101989 http://sunsolve.sun.com/search/document.do?assetkey=1-26-101989-1 14162 http://www.securityfocus.com/bid/14162 15949 http://secunia.com/advisories/15949 17054 http://secunia.com/advisories/17054 17225 http://secunia.com/advisories/17225 17236 http://secunia.com/advisories/17236 17326 http://secunia.com/advisories/17326 17516 http://secunia.com/advisories/17516 18377 http://secunia.com/advisories/18377 18406 http://secunia.com/advisories/18406 18507 http://secunia.com/advisories/18507 19550 http://secunia.com/advisories/19550 19597 http://secunia.com/advisories/19597 20070404 VMSA-2007-0003 VMware ESX 3.0.1 and 3.0.0 server security updates http://www.securityfocus.com/archive/1/464745/100/0/threaded 20071018 Official Windows binaries of "curl" contain vulnerable zlib 1.2.2 (CAN-2005-2096) http://www.securityfocus.com/archive/1/482505/100/0/threaded 20071018 Windows binary of "GSview 4.8" contain vulnerable zlib (CAN-2005-2096) http://www.securityfocus.com/archive/1/482503/100/0/threaded 20071020 Re: Windows binary of "GSview 4.8" contain vulnerable zlib (CAN-2005-2096) http://www.securityfocus.com/archive/1/482571/100/0/threaded 20071021 Re: Windows binary of "GSview 4.8" contain vulnerable zlib (CAN-2005-2096) http://www.securityfocus.com/archive/1/482601/100/0/threaded 20071029 Re: Windows binary of "GSview 4.8" contain vulnerable zlib (CAN-2005-2096) http://www.securityfocus.com/archive/1/482949/100/0/threaded 20071029 Windows binary of "Virtual Floppy Drive 2.1" contains vulnerable zlib (CAN-2005-2096) http://www.securityfocus.com/archive/1/482950/100/0/threaded 24788 http://secunia.com/advisories/24788 31492 http://secunia.com/advisories/31492 32706 http://secunia.com/advisories/32706 ADV-2005-0978 http://www.vupen.com/english/advisories/2005/0978 ADV-2006-0144 http://www.vupen.com/english/advisories/2006/0144 ADV-2007-1267 http://www.vupen.com/english/advisories/2007/1267 APPLE-SA-2005-08-15 http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html APPLE-SA-2005-08-17 http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html APPLE-SA-2008-11-13 http://lists.apple.com/archives/security-announce//2008/Nov/msg00001.html DSA-1026 http://www.debian.org/security/2006/dsa-1026 DSA-740 http://www.debian.org/security/2005/dsa-740 DSA-797 http://www.debian.org/security/2005/dsa-797 FLSA:162680 https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=162680 FreeBSD-SA-05:16.zlib ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:16.zlib.asc GLSA-200507-05 http://security.gentoo.org/glsa/glsa-200507-05.xml GLSA-200509-18 http://www.gentoo.org/security/en/glsa/glsa-200509-18.xml HPSBUX02090 http://www.securityfocus.com/archive/1/421411/100/0/threaded MDKSA-2005:112 http://www.mandriva.com/security/advisories?name=MDKSA-2005:112 MDKSA-2005:196 http://www.mandriva.com/security/advisories?name=MDKSA-2005:196 MDKSA-2006:070 http://www.mandriva.com/security/advisories?name=MDKSA-2006:070 RHSA-2005:569 http://www.redhat.com/support/errata/RHSA-2005-569.html RHSA-2008:0629 http://www.redhat.com/support/errata/RHSA-2008-0629.html SCOSA-2006.6 ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.6/SCOSA-2006.6.txt SSRT051058 USN-148-1 https://usn.ubuntu.com/148-1/ USN-151-3 http://www.ubuntulinux.org/usn/usn-151-3 VU#680620 http://www.kb.cert.org/vuls/id/680620 hpux-secure-shell-dos(24064) https://exchange.xforce.ibmcloud.com/vulnerabilities/24064 http://support.apple.com/kb/HT3298 http://support.avaya.com/elmodocs2/security/ASA-2006-016.htm http://www.vmware.com/support/vi3/doc/esx-3616065-patch.html http://www.vmware.com/support/vi3/doc/esx-9916286-patch.html https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=162391 oval:org.mitre.oval:def:11500 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11500 oval:org.mitre.oval:def:1262 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1262 oval:org.mitre.oval:def:1542 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1542
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.