ID de Prueba:	1.3.6.1.4.1.25623.1.0.57669
Categoría:	Mandrake Local Security Checks
Título:	Mandrake Security Advisory MDKSA-2006:214-1 (gv)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to gv announced via advisory MDKSA-2006:214-1. Stack-based buffer overflow in the ps_gettext function in ps.c for GNU gv 3.6.2, and possibly earlier versions, allows user-assisted attackers to execute arbitrary code via a PostScript (PS) file with certain headers that contain long comments, as demonstrated using the DocumentMedia header. Packages have been patched to correct this issue. Update: The patch used in the previous update still left the possibility of causing X to consume unusual amounts of memory if gv is used to view a carefully crafted image designed to exploit CVE-2006-5864. This update uses an improved patch to address this issue. Affected: 2006.0, 2007.0, Corporate 3.0, Corporate 4.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. http://www.securityspace.com/smysecure/catid.html?in=MDKSA-2006:214-1 Risk factor : High CVSS Score: 5.1
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2006-5864 BugTraq ID: 20978 http://www.securityfocus.com/bid/20978 Bugtraq: 20061109 GNU gv Stack Overflow Vulnerability (Google Search) http://www.securityfocus.com/archive/1/451057/100/0/threaded Bugtraq: 20061112 Re: GNU gv Stack Overflow Vulnerability (Google Search) http://www.securityfocus.com/archive/1/451422/100/200/threaded Bugtraq: 20061128 evince buffer overflow exploit (gv) (Google Search) http://www.securityfocus.com/archive/1/452868/100/0/threaded CERT/CC vulnerability note: VU#352825 http://www.kb.cert.org/vuls/id/352825 Debian Security Information: DSA-1214 (Google Search) http://www.debian.org/security/2006/dsa-1214 Debian Security Information: DSA-1243 (Google Search) http://www.debian.org/security/2006/dsa-1243 https://www.exploit-db.com/exploits/2858 http://security.gentoo.org/glsa/glsa-200611-20.xml http://security.gentoo.org/glsa/glsa-200703-24.xml http://security.gentoo.org/glsa/glsa-200704-06.xml http://www.mandriva.com/security/advisories?name=MDKSA-2006:214 http://www.mandriva.com/security/advisories?name=MDKSA-2006:229 http://secunia.com/advisories/22787 http://secunia.com/advisories/22932 http://secunia.com/advisories/23006 http://secunia.com/advisories/23018 http://secunia.com/advisories/23111 http://secunia.com/advisories/23118 http://secunia.com/advisories/23183 http://secunia.com/advisories/23266 http://secunia.com/advisories/23306 http://secunia.com/advisories/23335 http://secunia.com/advisories/23353 http://secunia.com/advisories/23409 http://secunia.com/advisories/23579 http://secunia.com/advisories/24649 http://secunia.com/advisories/24787 SuSE Security Announcement: SUSE-SR:2006:026 (Google Search) http://www.novell.com/linux/security/advisories/2006_26_sr.html SuSE Security Announcement: SUSE-SR:2006:028 (Google Search) http://www.novell.com/linux/security/advisories/2006_28_sr.html SuSE Security Announcement: SUSE-SR:2006:029 (Google Search) http://www.novell.com/linux/security/advisories/2006_29_sr.html http://www.ubuntu.com/usn/usn-390-1 http://www.ubuntu.com/usn/usn-390-2 http://www.ubuntu.com/usn/usn-390-3 http://www.vupen.com/english/advisories/2006/4424 http://www.vupen.com/english/advisories/2006/4747 XForce ISS Database: evince-postscript-bo(30555) https://exchange.xforce.ibmcloud.com/vulnerabilities/30555 XForce ISS Database: gnu-gv-buffer-overflow(30153) https://exchange.xforce.ibmcloud.com/vulnerabilities/30153
Copyright	Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.