Conectiva Local Security Checks : Conectiva Security Advisory CLSA-2005:1007

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.55316

Categoría: Conectiva Local Security Checks

Título: Conectiva Security Advisory CLSA-2005:1007

Resumen: NOSUMMARY

Descripción: Description:

The remote host is missing updates announced in
advisory CLSA-2005:1007.

netpbm are tools for manipulating graphic files in
many formats.

pstopnm did not properly use the '-dSAFER' option when
calling Ghostscript to convert a PostScript file into
a PBM, PGM, or PNM file, which allows remote attackers
to execute arbitrary commands.

Solution:
The apt tool can be used to perform RPM package upgrades
by running 'apt-get update' followed by 'apt-get upgrade'

http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=001007
http://netpbm.sourceforge.net/

Risk factor : High

CVSS Score:
7.5

Referencia Cruzada: BugTraq ID: 14379
Common Vulnerability Exposure (CVE) ID: CVE-2005-2471
http://www.securityfocus.com/bid/14379
Debian Security Information: DSA-1021 (Google Search)
http://www.debian.org/security/2006/dsa-1021
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=319757
http://www.osvdb.org/18253
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11645
http://www.redhat.com/support/errata/RHSA-2005-743.html
http://securitytracker.com/id?1014752
http://secunia.com/advisories/16184
http://secunia.com/advisories/18330
http://secunia.com/advisories/19436
SuSE Security Announcement: SUSE-SR:2005:019 (Google Search)
http://www.novell.com/linux/security/advisories/2005_19_sr.html
http://www.trustix.org/errata/2005/0038/
XForce ISS Database: netpbm-dsafer-command-execution(21500)
https://exchange.xforce.ibmcloud.com/vulnerabilities/21500

Copyright Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.55316
Categoría:	Conectiva Local Security Checks
Título:	Conectiva Security Advisory CLSA-2005:1007
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory CLSA-2005:1007. netpbm are tools for manipulating graphic files in many formats. pstopnm did not properly use the '-dSAFER' option when calling Ghostscript to convert a PostScript file into a PBM, PGM, or PNM file, which allows remote attackers to execute arbitrary commands. Solution: The apt tool can be used to perform RPM package upgrades by running 'apt-get update' followed by 'apt-get upgrade' http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=001007 http://netpbm.sourceforge.net/ Risk factor : High CVSS Score: 7.5
Referencia Cruzada:	BugTraq ID: 14379 Common Vulnerability Exposure (CVE) ID: CVE-2005-2471 http://www.securityfocus.com/bid/14379 Debian Security Information: DSA-1021 (Google Search) http://www.debian.org/security/2006/dsa-1021 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=319757 http://www.osvdb.org/18253 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11645 http://www.redhat.com/support/errata/RHSA-2005-743.html http://securitytracker.com/id?1014752 http://secunia.com/advisories/16184 http://secunia.com/advisories/18330 http://secunia.com/advisories/19436 SuSE Security Announcement: SUSE-SR:2005:019 (Google Search) http://www.novell.com/linux/security/advisories/2005_19_sr.html http://www.trustix.org/errata/2005/0038/ XForce ISS Database: netpbm-dsafer-command-execution(21500) https://exchange.xforce.ibmcloud.com/vulnerabilities/21500
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com