ID de Prueba:	1.3.6.1.4.1.25623.1.0.58394
Categoría:	Mandrake Local Security Checks
Título:	Mandrake Security Advisory MDKSA-2007:114 (file)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to file announced via advisory MDKSA-2007:114. The update to correct CVE-2007-1536 (MDKSA-2007:067), a buffer overflow in the file_printf() function, introduced a new integer overflow as reported by Colin Percival. This flaw, if an atacker could trick a user into running file on a specially crafted file, could possibly lead to the execution of arbitrary code with the privileges of the user running file (CVE-2007-2799). As well, in file 4.20, flawed regular expressions to identify OS/2 REXX files could lead to a denial of service via CPU consumption (CVE-2007-2026). The updated packages have been patched to correct these issues. Affected: 2007.0, 2007.1, Corporate 3.0, Corporate 4.0, Multi Network Firewall 2.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. http://www.securityspace.com/smysecure/catid.html?in=MDKSA-2007:114 Risk factor : Critical CVSS Score: 9.3
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2007-1536 http://lists.apple.com/archives/security-announce/2007/May/msg00004.html BugTraq ID: 23021 http://www.securityfocus.com/bid/23021 Bugtraq: 20070825 OpenBSD 4.1 - Heap overflow vulnerabillity (Google Search) http://www.securityfocus.com/archive/1/477861/100/0/threaded Bugtraq: 20070828 Re: OpenBSD 4.1 - Heap overflow vulnerabillity (Google Search) http://www.securityfocus.com/archive/1/477950/100/0/threaded CERT/CC vulnerability note: VU#606700 http://www.kb.cert.org/vuls/id/606700 Debian Security Information: DSA-1274 (Google Search) http://www.debian.org/security/2007/dsa-1274 FreeBSD Security Advisory: FreeBSD-SA-07:04 http://security.freebsd.org/advisories/FreeBSD-SA-07:04.file.asc http://security.gentoo.org/glsa/glsa-200703-26.xml http://security.gentoo.org/glsa/glsa-200710-19.xml http://www.mandriva.com/security/advisories?name=MDKSA-2007:067 http://mx.gw.com/pipermail/file/2007/000161.html NETBSD Security Advisory: NetBSD-SA2008-001 ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-001.txt.asc OpenBSD Security Advisory: [4.0] 20070709 015: SECURITY FIX: July 9, 2007 http://openbsd.org/errata40.html#015_file https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10658 http://www.redhat.com/support/errata/RHSA-2007-0124.html http://www.securitytracker.com/id?1017796 http://secunia.com/advisories/24548 http://secunia.com/advisories/24592 http://secunia.com/advisories/24604 http://secunia.com/advisories/24608 http://secunia.com/advisories/24616 http://secunia.com/advisories/24617 http://secunia.com/advisories/24723 http://secunia.com/advisories/24754 http://secunia.com/advisories/25133 http://secunia.com/advisories/25393 http://secunia.com/advisories/25402 http://secunia.com/advisories/25931 http://secunia.com/advisories/25989 http://secunia.com/advisories/27307 http://secunia.com/advisories/27314 http://secunia.com/advisories/29179 http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.512926 SuSE Security Announcement: SUSE-SA:2007:040 (Google Search) http://www.novell.com/linux/security/advisories/2007_40_file.html SuSE Security Announcement: SUSE-SR:2007:005 (Google Search) http://www.novell.com/linux/security/advisories/2007_5_sr.html http://www.ubuntu.com/usn/usn-439-1 http://www.vupen.com/english/advisories/2007/1040 http://www.vupen.com/english/advisories/2007/1939 XForce ISS Database: openbsd-file-bo(36283) https://exchange.xforce.ibmcloud.com/vulnerabilities/36283 Common Vulnerability Exposure (CVE) ID: CVE-2007-2799 http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html BugTraq ID: 24146 http://www.securityfocus.com/bid/24146 Bugtraq: 20070524 FLEA-2007-0022-1: file (Google Search) http://www.securityfocus.com/archive/1/469520/30/6420/threaded Debian Security Information: DSA-1343 (Google Search) http://www.debian.org/security/2007/dsa-1343 http://www.gentoo.org/security/en/glsa/glsa-200705-25.xml http://www.mandriva.com/security/advisories?name=MDKSA-2007:114 http://osvdb.org/38498 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11012 http://www.redhat.com/support/errata/RHSA-2007-0391.html http://www.securitytracker.com/id?1018140 http://secunia.com/advisories/25394 http://secunia.com/advisories/25544 http://secunia.com/advisories/25578 http://secunia.com/advisories/26203 http://secunia.com/advisories/26294 http://secunia.com/advisories/26415 http://secunia.com/advisories/29420 http://www.trustix.org/errata/2007/0024/ http://www.ubuntu.com/usn/usn-439-2 http://www.vupen.com/english/advisories/2007/2071 http://www.vupen.com/english/advisories/2008/0924/references XForce ISS Database: file-assert-code-execution(34731) https://exchange.xforce.ibmcloud.com/vulnerabilities/34731 Common Vulnerability Exposure (CVE) ID: CVE-2007-2026 http://www.gentoo.org/security/en/glsa/glsa-200704-13.xml http://sourceforge.net/mailarchive/forum.php?thread_name=755AF709E5B77E6EA58479D5%40foxx.lsit.ucsb.edu&forum_name=amavis-user http://secunia.com/advisories/24918
Copyright	Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.