Gentoo Local Security Checks : Gentoo Security Advisory GLSA 200701-06 (w3m)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.57966

Categoría: Gentoo Local Security Checks

Título: Gentoo Security Advisory GLSA 200701-06 (w3m)

Resumen: The remote host is missing updates announced in;advisory GLSA 200701-06.

Descripción: Summary:
The remote host is missing updates announced in
advisory GLSA 200701-06.

Vulnerability Insight:
w3m does not correctly handle format string specifiers in SSL certificates.

Solution:
All w3m users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose '>=www-client/w3m-0.5.1-r4'

CVSS Score:
9.3

CVSS Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2006-6772
BugTraq ID: 21735
http://www.securityfocus.com/bid/21735
BugTraq ID: 24332
http://www.securityfocus.com/bid/24332
http://fedoranews.org/cms/node/2415
http://fedoranews.org/cms/node/2416
http://lists.grok.org.uk/pipermail/full-disclosure/2006-December/051457.html
http://security.gentoo.org/glsa/glsa-200701-06.xml
http://sourceforge.net/tracker/index.php?func=detail&aid=1612792&group_id=39518&atid=425439
http://www.openpkg.com/security/advisories/OpenPKG-SA-2006.044.html
http://securitytracker.com/id?1017440
http://secunia.com/advisories/23492
http://secunia.com/advisories/23588
http://secunia.com/advisories/23717
http://secunia.com/advisories/23773
http://secunia.com/advisories/23792
SuSE Security Announcement: SUSE-SA:2007:005 (Google Search)
http://www.novell.com/linux/security/advisories/2007_05_w3m.html
http://www.ubuntu.com/usn/usn-399-1
http://www.vupen.com/english/advisories/2006/5164
XForce ISS Database: w3m-certificate-format-string(31114)
https://exchange.xforce.ibmcloud.com/vulnerabilities/31114
XForce ISS Database: w3m-inputanswer-format-string(34821)
https://exchange.xforce.ibmcloud.com/vulnerabilities/34821

Copyright Copyright (C) 2008 E-Soft Inc.

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.57966
Categoría:	Gentoo Local Security Checks
Título:	Gentoo Security Advisory GLSA 200701-06 (w3m)
Resumen:	The remote host is missing updates announced in;advisory GLSA 200701-06.
Descripción:	Summary: The remote host is missing updates announced in advisory GLSA 200701-06. Vulnerability Insight: w3m does not correctly handle format string specifiers in SSL certificates. Solution: All w3m users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=www-client/w3m-0.5.1-r4' CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2006-6772 BugTraq ID: 21735 http://www.securityfocus.com/bid/21735 BugTraq ID: 24332 http://www.securityfocus.com/bid/24332 http://fedoranews.org/cms/node/2415 http://fedoranews.org/cms/node/2416 http://lists.grok.org.uk/pipermail/full-disclosure/2006-December/051457.html http://security.gentoo.org/glsa/glsa-200701-06.xml http://sourceforge.net/tracker/index.php?func=detail&aid=1612792&group_id=39518&atid=425439 http://www.openpkg.com/security/advisories/OpenPKG-SA-2006.044.html http://securitytracker.com/id?1017440 http://secunia.com/advisories/23492 http://secunia.com/advisories/23588 http://secunia.com/advisories/23717 http://secunia.com/advisories/23773 http://secunia.com/advisories/23792 SuSE Security Announcement: SUSE-SA:2007:005 (Google Search) http://www.novell.com/linux/security/advisories/2007_05_w3m.html http://www.ubuntu.com/usn/usn-399-1 http://www.vupen.com/english/advisories/2006/5164 XForce ISS Database: w3m-certificate-format-string(31114) https://exchange.xforce.ibmcloud.com/vulnerabilities/31114 XForce ISS Database: w3m-inputanswer-format-string(34821) https://exchange.xforce.ibmcloud.com/vulnerabilities/34821
Copyright	Copyright (C) 2008 E-Soft Inc.