English | Deutsch | Español
 
Inicial ▼
Página inicial Acerca Nuestro Contáctenos Privacidad Programas de Asociados Testimonios En la Prensa Listas de Correos Abuso Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
 
Auditorias ▼
Inicial Dedicada Avanzada Estándar Periódica Sin Riesgo Escritorio Básica Sello FAQ Resumen de Precio/Funciones Ordenar Nuevas Pruebas Todas las Pruebas Confidencialidad Búsqueda de Vulnerabilidad Ejecutar Auditoría Programador IP Permissions Auditorías Personalizadas Cola Recordatorio Sellos Informes Estilos de Informes
DNS
Administrado ▼
Acerca de DNS Ordenar/Renovar Preguntas Frecuentes AUP Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password
Monitoreo
de Redes ▼
Enterprise Avanzado Estándarr Prueba Preguntas Frecuentes Resumen de Precio/Funciones Ordenar Muestras
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Iniciar sesión/Registrarse 
 
 Búsqueda de    
Vulnerabilidad   		     Buscar 324607 Descripciones CVE y
145615 Descripciones de Pruebas,
accesos 10,000+ referencias cruzadas.
Pruebas   CVE   Todos  

ID de Prueba:1.3.6.1.4.1.25623.1.0.57409
Categoría:Trustix Local Security Checks
Título:Trustix Security Advisory TSLSA-2006-0052 (Multiple packages)
Resumen:NOSUMMARY
Descripción:Description:

The remote host is missing updates announced in
advisory TSLSA-2006-0052.

freetype < TSL 3.0 > < TSL 2.2 >
- New Upstream.
- Enable bytecode hinting, Bug #1933.
- SECURITY FIX: Chris Evans discovered several integer underflow
and overflow flaws in the FreeType font engine. If a specially
crafted font file that, when loaded by the target user's system,
will trigger an integer underflow or integer overflow and crash
the application or execute arbitrary code on the target system.

The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2006-3467 to this issue.

gnutls < TSL 3.0 >
- SECURITY Fix: A vulnerability has been reported in GnuTLS, caused
due to an error in the verification of certain signatures. If a
RSA key with exponent 3 is used, it may be possible to forge PKCS
#1 v1.5 signatures signed with that key.

The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2006-4790 to this issue.

gzip < TSL 3.0 > < TSL 2.2 > < TSEL 2 >
- SECURITY Fix: Tavis Ormandy, Google Security Team, has reported
some vulnerabilities in gzip, which can be exploited by malicious
people to cause a DoS and potentially compromise a vulnerable system.
- Fix null pointer dereference that may lead to denial of service if
gzip is used in an automated manner.
- A boundary error within the make_table() function in unlzh.c can be
used to modify certain stack data. This can be exploited to cause a
DoS and potentially allows to execute arbitrary code.
- A buffer underflow exists within the build_tree() function in
unpack.c, which can be exploited to cause a DoS and potentially
allows to execute arbitrary code.
- A buffer overflow within the make_table() function of gzip's LZH
support can be exploited to cause a DoS and potentially to compromise
a vulnerable system by e.g. tricking a user or automated system into
unpacking an archive containing a specially crafted decoding table.
- unlzh.c in the LHZ component in gzip allows context-dependent
attackers to cause a denial of service (infinite loop) via a crafted
GZIP archive.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the names CVE-2006-4334, CVE-2006-4335, CVE-2006-4336,
CVE-2006-4337 and CVE-2006-4338 to these issues.

Solution:
Update your system with the packages as indicated in
the referenced security advisory.

http://www.securityspace.com/smysecure/catid.html?in=TSLSA-2006-0052

Risk factor : High

CVSS Score:
7.5

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2006-3467
1016522
http://securitytracker.com/id?1016522
102705
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102705-1
2006-0052
http://www.trustix.org/errata/2006/0052/
20060701-01-U
ftp://patches.sgi.com/support/free/security/advisories/20060701-01-U
20060825 rPSA-2006-0157-1 xorg-x11 xorg-x11-fonts xorg-x11-tools xorg-x11-xfs
http://www.securityfocus.com/archive/1/444318/100/0/threaded
20061113 VMSA-2006-0005 - VMware ESX Server 2.5.4 Upgrade Patch 1
http://www.securityfocus.com/archive/1/451419/100/200/threaded
20061113 VMSA-2006-0006 - VMware ESX Server 2.5.3 Upgrade Patch 4
http://www.securityfocus.com/archive/1/451404/100/0/threaded
20061113 VMSA-2006-0007 - VMware ESX Server 2.1.3 Upgrade Patch 2
http://www.securityfocus.com/archive/1/451417/100/200/threaded
20061113 VMSA-2006-0008 - VMware ESX Server 2.0.2 Upgrade Patch 2
http://www.securityfocus.com/archive/1/451426/100/200/threaded
21062
http://secunia.com/advisories/21062
21135
http://secunia.com/advisories/21135
21144
http://secunia.com/advisories/21144
21232
http://secunia.com/advisories/21232
21285
http://secunia.com/advisories/21285
21566
http://secunia.com/advisories/21566
21567
http://secunia.com/advisories/21567
21606
http://secunia.com/advisories/21606
21626
http://secunia.com/advisories/21626
21701
http://secunia.com/advisories/21701
21793
http://secunia.com/advisories/21793
21798
http://secunia.com/advisories/21798
21836
http://secunia.com/advisories/21836
22027
http://secunia.com/advisories/22027
22332
http://secunia.com/advisories/22332
22875
http://secunia.com/advisories/22875
22907
http://secunia.com/advisories/22907
23400
http://secunia.com/advisories/23400
23939
http://secunia.com/advisories/23939
27271
http://secunia.com/advisories/27271
33937
http://secunia.com/advisories/33937
ADV-2006-4502
http://www.vupen.com/english/advisories/2006/4502
ADV-2006-4522
http://www.vupen.com/english/advisories/2006/4522
ADV-2007-0381
http://www.vupen.com/english/advisories/2007/0381
APPLE-SA-2009-02-12
http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html
DSA-1178
http://www.debian.org/security/2006/dsa-1178
DSA-1193
http://www.debian.org/security/2006/dsa-1193
GLSA-200609-04
http://security.gentoo.org/glsa/glsa-200609-04.xml
MDKSA-2006:129
http://www.mandriva.com/security/advisories?name=MDKSA-2006:129
MDKSA-2006:148
http://www.mandriva.com/security/advisories?name=MDKSA-2006:148
RHSA-2006:0500
http://www.redhat.com/support/errata/RHSA-2006-0500.html
RHSA-2006:0634
http://www.redhat.com/support/errata/RHSA-2006-0634.html
RHSA-2006:0635
http://www.redhat.com/support/errata/RHSA-2006-0635.html
SUSE-SA:2006:045
http://lists.suse.com/archive/suse-security-announce/2006-Aug/0002.html
SUSE-SR:2007:021
http://lists.opensuse.org/opensuse-security-announce/2007-10/msg00006.html
USN-324-1
http://www.ubuntu.com/usn/usn-324-1
USN-341-1
http://www.ubuntu.com/usn/usn-341-1
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=190593
http://support.apple.com/kb/HT3438
http://support.avaya.com/elmodocs2/security/ASA-2006-176.htm
http://support.avaya.com/elmodocs2/security/ASA-2006-186.htm
http://support.avaya.com/elmodocs2/security/ASA-2006-284.htm
http://www.vmware.com/download/esx/esx-202-200610-patch.html
http://www.vmware.com/download/esx/esx-213-200610-patch.html
http://www.vmware.com/download/esx/esx-254-200610-patch.html
oval:org.mitre.oval:def:10673
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10673
Common Vulnerability Exposure (CVE) ID: CVE-2006-4790
1016844
http://securitytracker.com/id?1016844
102648
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102648-1
102970
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102970-1
20027
http://www.securityfocus.com/bid/20027
21937
http://secunia.com/advisories/21937
21942
http://secunia.com/advisories/21942
21973
http://secunia.com/advisories/21973
22049
http://secunia.com/advisories/22049
22080
http://secunia.com/advisories/22080
22084
http://secunia.com/advisories/22084
22097
http://secunia.com/advisories/22097
22226
http://secunia.com/advisories/22226
22992
http://secunia.com/advisories/22992
25762
http://secunia.com/advisories/25762
ADV-2006-3635
http://www.vupen.com/english/advisories/2006/3635
ADV-2006-3899
http://www.vupen.com/english/advisories/2006/3899
ADV-2007-2289
http://www.vupen.com/english/advisories/2007/2289
DSA-1182
http://www.debian.org/security/2006/dsa-1182
GLSA-200609-15
http://security.gentoo.org/glsa/glsa-200609-15.xml
MDKSA-2006:166
http://www.mandriva.com/security/advisories?name=MDKSA-2006:166
RHSA-2006:0680
http://www.redhat.com/support/errata/RHSA-2006-0680.html
SUSE-SA:2007:010
http://www.novell.com/linux/security/advisories/2007_10_ibmjava.html
SUSE-SR:2006:023
http://www.novell.com/linux/security/advisories/2006_23_sr.html
USN-348-1
http://www.ubuntu.com/usn/usn-348-1
[gnutls-dev] 20060908 Variant of Bleichenbacher's crypto 06 rump session attack
http://lists.gnupg.org/pipermail/gnutls-dev/2006-September/001205.html
[gnutls-dev] 20060912 Re: Variant of Bleichenbacher's crypto 06 rump session attack
http://lists.gnupg.org/pipermail/gnutls-dev/2006-September/001212.html
gnutls-rsakey-security-bypass(28953)
https://exchange.xforce.ibmcloud.com/vulnerabilities/28953
http://support.avaya.com/elmodocs2/security/ASA-2006-250.htm
http://www.gnu.org/software/gnutls/security.html
oval:org.mitre.oval:def:9937
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9937
Common Vulnerability Exposure (CVE) ID: CVE-2006-4334
1016883
http://securitytracker.com/id?1016883
102766
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102766-1
20060919 rPSA-2006-0170-1 gzip
http://www.securityfocus.com/archive/1/446426/100/0/threaded
20061001-01-P
ftp://patches.sgi.com/support/free/security/advisories/20061001-01-P.asc
20070330 VMSA-2007-0002 VMware ESX security updates
http://www.securityfocus.com/archive/1/464268/100/0/threaded
20101
http://www.securityfocus.com/bid/20101
21996
http://secunia.com/advisories/21996
22002
http://secunia.com/advisories/22002
22009
http://secunia.com/advisories/22009
22012
http://secunia.com/advisories/22012
22017
http://secunia.com/advisories/22017
22033
http://secunia.com/advisories/22033
22034
http://secunia.com/advisories/22034
22043
http://secunia.com/advisories/22043
22085
http://secunia.com/advisories/22085
22101
http://secunia.com/advisories/22101
22435
http://secunia.com/advisories/22435
22487
http://secunia.com/advisories/22487
22661
http://secunia.com/advisories/22661
23155
http://secunia.com/advisories/23155
23679
http://secunia.com/advisories/23679
24435
http://secunia.com/advisories/24435
24636
http://secunia.com/advisories/24636
ADV-2006-4275
http://www.vupen.com/english/advisories/2006/4275
ADV-2006-4750
http://www.vupen.com/english/advisories/2006/4750
ADV-2007-0092
http://www.vupen.com/english/advisories/2007/0092
ADV-2007-0832
http://www.vupen.com/english/advisories/2007/0832
ADV-2007-1171
http://www.vupen.com/english/advisories/2007/1171
APPLE-SA-2006-11-28
http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html
DSA-1181
http://www.us.debian.org/security/2006/dsa-1181
FLSA:211760
http://www.securityfocus.com/archive/1/451324/100/0/threaded
FreeBSD-SA-06:21
http://security.freebsd.org/advisories/FreeBSD-SA-06:21.gzip.asc
GLSA-200609-13
http://security.gentoo.org/glsa/glsa-200609-13.xml
HPSBTU02168
http://www.securityfocus.com/archive/1/450078/100/0/threaded
HPSBUX02195
http://www.securityfocus.com/archive/1/462007/100/0/threaded
MDKSA-2006:167
http://www.mandriva.com/security/advisories?name=MDKSA-2006:167
OpenPKG-SA-2006.020
http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.020-gzip.html
RHSA-2006:0667
http://www.redhat.com/support/errata/RHSA-2006-0667.html
SSA:2006-262
http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.555852
SSRT061237
SUSE-SA:2006:056
http://www.novell.com/linux/security/advisories/2006_56_gzip.html
TA06-333A
http://www.us-cert.gov/cas/techalerts/TA06-333A.html
USN-349-1
http://www.ubuntu.com/usn/usn-349-1
VU#933712
http://www.kb.cert.org/vuls/id/933712
gzip-huftbuild-code-execution(29038)
https://exchange.xforce.ibmcloud.com/vulnerabilities/29038
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=204676
http://docs.info.apple.com/article.html?artnum=304829
http://support.avaya.com/elmodocs2/security/ASA-2006-218.htm
http://www.vmware.com/support/esx25/doc/esx-254-200702-patch.html
https://issues.rpath.com/browse/RPL-615
oval:org.mitre.oval:def:10527
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10527
Common Vulnerability Exposure (CVE) ID: CVE-2006-4335
23153
http://secunia.com/advisories/23153
23156
http://secunia.com/advisories/23156
ADV-2006-3695
http://www.vupen.com/english/advisories/2006/3695
ADV-2006-4760
http://www.vupen.com/english/advisories/2006/4760
GLSA-200611-24
http://www.gentoo.org/security/en/glsa/glsa-200611-24.xml
VU#381508
http://www.kb.cert.org/vuls/id/381508
gzip-lzh-array-code-execution(29040)
https://exchange.xforce.ibmcloud.com/vulnerabilities/29040
oval:org.mitre.oval:def:10391
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10391
Common Vulnerability Exposure (CVE) ID: CVE-2006-4336
VU#554780
http://www.kb.cert.org/vuls/id/554780
gzip-unpack-buffer-underflow(29042)
https://exchange.xforce.ibmcloud.com/vulnerabilities/29042
oval:org.mitre.oval:def:10140
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10140
Common Vulnerability Exposure (CVE) ID: CVE-2006-4337
oval:org.mitre.oval:def:11212
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11212
Common Vulnerability Exposure (CVE) ID: CVE-2006-4338
29008
http://www.osvdb.org/29008
gzip-lhz-dos(29046)
https://exchange.xforce.ibmcloud.com/vulnerabilities/29046
oval:org.mitre.oval:def:11290
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11290
CopyrightCopyright (c) 2006 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.

Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.



© 1998-2025 E-Soft Inc. Todos los derechos reservados.