Gentoo Local Security Checks : Gentoo Security Advisory GLSA 200608-24 (AlsaPlayer)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.57874

Categoría: Gentoo Local Security Checks

Título: Gentoo Security Advisory GLSA 200608-24 (AlsaPlayer)

Resumen: The remote host is missing updates announced in;advisory GLSA 200608-24.

Descripción: Summary:
The remote host is missing updates announced in
advisory GLSA 200608-24.

Vulnerability Insight:
AlsaPlayer is vulnerable to multiple buffer overflows which could lead to
the execution of arbitrary code.

Solution:
AlsaPlayer has been masked in Portage pending the resolution of these
issues. AlsaPlayer users are advised to uninstall the package until
further notice:

# emerge --ask --unmerge 'media-sound/alsaplayer'

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2006-4089
BugTraq ID: 19450
http://www.securityfocus.com/bid/19450
Bugtraq: 20060809 Multiple buffer-overflows in AlsaPlayer 0.99.76 (Google Search)
http://www.securityfocus.com/archive/1/442725/100/0/threaded
Debian Security Information: DSA-1179 (Google Search)
http://www.debian.org/security/2006/dsa-1179
http://archives.neohapsis.com/archives/fulldisclosure/2006-08/0249.html
http://security.gentoo.org/glsa/glsa-200608-24.xml
http://aluigi.altervista.org/adv/alsapbof-adv.txt
http://www.osvdb.org/27883
http://www.osvdb.org/27884
http://www.osvdb.org/27885
http://secunia.com/advisories/21422
http://secunia.com/advisories/21639
http://secunia.com/advisories/21749
http://secunia.com/advisories/22018
http://securityreason.com/securityalert/1356
SuSE Security Announcement: SUSE-SR:2006:021 (Google Search)
http://www.novell.com/linux/security/advisories/2006_21_sr.html
http://www.vupen.com/english/advisories/2006/3235
XForce ISS Database: alsaplayer-cddblookup-bo(28308)
https://exchange.xforce.ibmcloud.com/vulnerabilities/28308
XForce ISS Database: alsaplayer-gtkplaylist-bo(28307)
https://exchange.xforce.ibmcloud.com/vulnerabilities/28307
XForce ISS Database: alsaplayer-reconnect-bo(28306)
https://exchange.xforce.ibmcloud.com/vulnerabilities/28306

Copyright Copyright (C) 2008 E-Soft Inc.

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.57874
Categoría:	Gentoo Local Security Checks
Título:	Gentoo Security Advisory GLSA 200608-24 (AlsaPlayer)
Resumen:	The remote host is missing updates announced in;advisory GLSA 200608-24.
Descripción:	Summary: The remote host is missing updates announced in advisory GLSA 200608-24. Vulnerability Insight: AlsaPlayer is vulnerable to multiple buffer overflows which could lead to the execution of arbitrary code. Solution: AlsaPlayer has been masked in Portage pending the resolution of these issues. AlsaPlayer users are advised to uninstall the package until further notice: # emerge --ask --unmerge 'media-sound/alsaplayer' CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2006-4089 BugTraq ID: 19450 http://www.securityfocus.com/bid/19450 Bugtraq: 20060809 Multiple buffer-overflows in AlsaPlayer 0.99.76 (Google Search) http://www.securityfocus.com/archive/1/442725/100/0/threaded Debian Security Information: DSA-1179 (Google Search) http://www.debian.org/security/2006/dsa-1179 http://archives.neohapsis.com/archives/fulldisclosure/2006-08/0249.html http://security.gentoo.org/glsa/glsa-200608-24.xml http://aluigi.altervista.org/adv/alsapbof-adv.txt http://www.osvdb.org/27883 http://www.osvdb.org/27884 http://www.osvdb.org/27885 http://secunia.com/advisories/21422 http://secunia.com/advisories/21639 http://secunia.com/advisories/21749 http://secunia.com/advisories/22018 http://securityreason.com/securityalert/1356 SuSE Security Announcement: SUSE-SR:2006:021 (Google Search) http://www.novell.com/linux/security/advisories/2006_21_sr.html http://www.vupen.com/english/advisories/2006/3235 XForce ISS Database: alsaplayer-cddblookup-bo(28308) https://exchange.xforce.ibmcloud.com/vulnerabilities/28308 XForce ISS Database: alsaplayer-gtkplaylist-bo(28307) https://exchange.xforce.ibmcloud.com/vulnerabilities/28307 XForce ISS Database: alsaplayer-reconnect-bo(28306) https://exchange.xforce.ibmcloud.com/vulnerabilities/28306
Copyright	Copyright (C) 2008 E-Soft Inc.