FreeBSD Local Security Checks : FreeBSD Ports: zoo

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.56518

Categoría: FreeBSD Local Security Checks

Título: FreeBSD Ports: zoo

Resumen: The remote host is missing an update to the system; as announced in the referenced advisory.

Descripción: Summary:
The remote host is missing an update to the system
as announced in the referenced advisory.

Vulnerability Insight:
The following package is affected: zoo

CVE-2006-0855
Stack-based buffer overflow in the fullpath function in misc.c for zoo
2.10 and earlier allows user-complicit attackers to execute arbitrary
code via a crafted ZOO file that causes the combine function to return
a longer string than expected.

Solution:
Update your system with the appropriate patches or
software upgrades.

CVSS Score:
5.1

CVSS Vector:
AV:N/AC:H/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2006-0855
BugTraq ID: 16790
http://www.securityfocus.com/bid/16790
Bugtraq: 20060223 zoo contains exploitable buffer overflows (Google Search)
http://www.securityfocus.com/archive/1/425887/100/0/threaded
Bugtraq: 20060403 Barracuda ZOO archiver security bug leads to remote compromise (Google Search)
http://archives.neohapsis.com/archives/bugtraq/2006-04/0061.html
Debian Security Information: DSA-991 (Google Search)
http://www.debian.org/security/2006/dsa-991
http://www.gentoo.org/security/en/glsa/glsa-200603-05.xml
http://www.guay-leroux.com/projects/barracuda-advisory-ZOO.txt
http://www.guay-leroux.com/projects/zoo-advisory.txt
http://securitytracker.com/id?1015668
http://securitytracker.com/id?1015866
http://secunia.com/advisories/19002
http://secunia.com/advisories/19130
http://secunia.com/advisories/19148
http://secunia.com/advisories/19166
http://secunia.com/advisories/19408
http://secunia.com/advisories/19514
http://securityreason.com/securityalert/546
SuSE Security Announcement: SUSE-SR:2006:005 (Google Search)
http://www.novell.com/linux/security/advisories/2006_05_sr.html
SuSE Security Announcement: SUSE-SR:2006:006 (Google Search)
http://www.novell.com/linux/security/advisories/2006_06_sr.html
http://www.vupen.com/english/advisories/2006/0705
http://www.vupen.com/english/advisories/2006/1220
XForce ISS Database: zoo-misc-bo(24904)
https://exchange.xforce.ibmcloud.com/vulnerabilities/24904

Copyright Copyright (C) 2008 E-Soft Inc.

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.56518
Categoría:	FreeBSD Local Security Checks
Título:	FreeBSD Ports: zoo
Resumen:	The remote host is missing an update to the system; as announced in the referenced advisory.
Descripción:	Summary: The remote host is missing an update to the system as announced in the referenced advisory. Vulnerability Insight: The following package is affected: zoo CVE-2006-0855 Stack-based buffer overflow in the fullpath function in misc.c for zoo 2.10 and earlier allows user-complicit attackers to execute arbitrary code via a crafted ZOO file that causes the combine function to return a longer string than expected. Solution: Update your system with the appropriate patches or software upgrades. CVSS Score: 5.1 CVSS Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2006-0855 BugTraq ID: 16790 http://www.securityfocus.com/bid/16790 Bugtraq: 20060223 zoo contains exploitable buffer overflows (Google Search) http://www.securityfocus.com/archive/1/425887/100/0/threaded Bugtraq: 20060403 Barracuda ZOO archiver security bug leads to remote compromise (Google Search) http://archives.neohapsis.com/archives/bugtraq/2006-04/0061.html Debian Security Information: DSA-991 (Google Search) http://www.debian.org/security/2006/dsa-991 http://www.gentoo.org/security/en/glsa/glsa-200603-05.xml http://www.guay-leroux.com/projects/barracuda-advisory-ZOO.txt http://www.guay-leroux.com/projects/zoo-advisory.txt http://securitytracker.com/id?1015668 http://securitytracker.com/id?1015866 http://secunia.com/advisories/19002 http://secunia.com/advisories/19130 http://secunia.com/advisories/19148 http://secunia.com/advisories/19166 http://secunia.com/advisories/19408 http://secunia.com/advisories/19514 http://securityreason.com/securityalert/546 SuSE Security Announcement: SUSE-SR:2006:005 (Google Search) http://www.novell.com/linux/security/advisories/2006_05_sr.html SuSE Security Announcement: SUSE-SR:2006:006 (Google Search) http://www.novell.com/linux/security/advisories/2006_06_sr.html http://www.vupen.com/english/advisories/2006/0705 http://www.vupen.com/english/advisories/2006/1220 XForce ISS Database: zoo-misc-bo(24904) https://exchange.xforce.ibmcloud.com/vulnerabilities/24904
Copyright	Copyright (C) 2008 E-Soft Inc.