ID de Prueba:	1.3.6.1.4.1.25623.1.0.56941
Categoría:	Trustix Local Security Checks
Título:	Trustix Security Advisory TSLSA-2006-0034 (Multiple packages)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory TSLSA-2006-0034. binutils < TSL 3.0 > < TSL 2.2 > < TSEL 2 > - SECURITY Fix: A vulnerability has been identified which could be exploited by attackers to execute arbitrary code or cause a denial of service. This flaw is due to a buffer overflow error in the libbfd library [bfd/tekhex.c] when processing a file containing malformed a Tektronix Hex Format (TekHex) record, which could be exploited by attackers to crash an affected application or compromise a vulnerable system via a malicious file. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2006-2362 to this issue. mysql < TSL 3.0 > < TSL 2.2 > - SECURITY Fix: A vulnerability has been reported in MySQL caused due to an error within the server when parsing a query string that is escaped with the mysql_real_escape_string() function. This can potentially be exploited in an environment that uses multi-byte character encoding to bypass SQL injection escaping. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2006-2753 to this issue. spamassassin < TSL 3.0 > < TSL 2.2 > - SECURITY Fix: A vulnerability has been reported in SpamAssassin, which can be exploited by malicious people to compromise a vulnerable system. SpamAssassin when running with vpopmail and the paranoid (-P) switch, allows remote attackers to execute arbitrary commands via a crafted message that is not properly handled when invoking spamd with the virtual pop username. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2006-2447 to this issue. Solution: Update your system with the packages as indicated in the referenced security advisory. http://www.securityspace.com/smysecure/catid.html?in=TSLSA-2006-0034 Risk factor : High CVSS Score: 7.5
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2006-2362 http://lists.apple.com/archives/security-announce/2007/Oct/msg00001.html BugTraq ID: 17950 http://www.securityfocus.com/bid/17950 http://www.mail-archive.com/bug-binutils@gnu.org/msg01516.html http://www.securitytracker.com/id?1018872 http://secunia.com/advisories/20188 http://secunia.com/advisories/20531 http://secunia.com/advisories/20550 http://secunia.com/advisories/22932 http://secunia.com/advisories/27441 SuSE Security Announcement: SUSE-SR:2006:026 (Google Search) http://www.novell.com/linux/security/advisories/2006_26_sr.html http://www.trustix.org/errata/2006/0034/ http://www.ubuntu.com/usn/usn-292-1 http://www.vupen.com/english/advisories/2006/1924 http://www.vupen.com/english/advisories/2007/3665 XForce ISS Database: binutils-libbfd-bo(26644) https://exchange.xforce.ibmcloud.com/vulnerabilities/26644 Common Vulnerability Exposure (CVE) ID: CVE-2006-2753 1016216 http://securitytracker.com/id?1016216 18219 http://www.securityfocus.com/bid/18219 2006-0034 20365 http://secunia.com/advisories/20365 20489 http://secunia.com/advisories/20489 20531 20541 http://secunia.com/advisories/20541 20562 http://secunia.com/advisories/20562 20625 http://secunia.com/advisories/20625 20712 http://secunia.com/advisories/20712 24479 http://secunia.com/advisories/24479 ADV-2006-2105 http://www.vupen.com/english/advisories/2006/2105 ADV-2007-0930 http://www.vupen.com/english/advisories/2007/0930 APPLE-SA-2007-03-13 http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html DSA-1092 http://www.debian.org/security/2006/dsa-1092 GLSA-200606-13 http://www.gentoo.org/security/en/glsa/glsa-200606-13.xml MDKSA-2006:097 http://www.mandriva.com/security/advisories?name=MDKSA-2006:097 RHSA-2006:0544 http://www.redhat.com/support/errata/RHSA-2006-0544.html TA07-072A http://www.us-cert.gov/cas/techalerts/TA07-072A.html USN-288-3 http://www.ubuntu.com/usn/usn-288-3 USN-303-1 https://usn.ubuntu.com/303-1/ http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=369735 http://docs.info.apple.com/article.html?artnum=305214 http://lists.mysql.com/announce/364 mysql-ascii-sql-injection(26875) https://exchange.xforce.ibmcloud.com/vulnerabilities/26875 oval:org.mitre.oval:def:10312 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10312 Common Vulnerability Exposure (CVE) ID: CVE-2006-2447 1016230 http://securitytracker.com/id?1016230 1016235 http://securitytracker.com/id?1016235 18290 http://www.securityfocus.com/bid/18290 20060607 rPSA-2006-0096-1 spamassassin http://www.securityfocus.com/archive/1/436288/100/0/threaded 20430 http://secunia.com/advisories/20430 20443 http://secunia.com/advisories/20443 20482 http://secunia.com/advisories/20482 20566 http://secunia.com/advisories/20566 20692 http://secunia.com/advisories/20692 ADV-2006-2148 http://www.vupen.com/english/advisories/2006/2148 DSA-1090 http://www.debian.org/security/2006/dsa-1090 GLSA-200606-09 http://www.gentoo.org/security/en/glsa/glsa-200606-09.xml MDKSA-2006:103 http://www.mandriva.com/security/advisories?name=MDKSA-2006:103 RHSA-2006:0543 http://www.redhat.com/support/errata/RHSA-2006-0543.html http://www.nabble.com/ANNOUNCE%3A-Apache-SpamAssassin-3.1.3-available%21-t1736096.html oval:org.mitre.oval:def:9184 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9184 spamassassin-spamd-command-execution(27008) https://exchange.xforce.ibmcloud.com/vulnerabilities/27008
Copyright	Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.