ID de Prueba:	1.3.6.1.4.1.25623.1.0.60632
Categoría:	FreeBSD Local Security Checks
Título:	FreeBSD Ports: bzip2
Resumen:	The remote host is missing an update to the system; as announced in the referenced advisory.
Descripción:	Summary: The remote host is missing an update to the system as announced in the referenced advisory. Vulnerability Insight: The following package is affected: bzip2 CVE-2008-1372 bzlib.c in bzip2 before 1.0.5 allows user-assisted remote attackers to cause a denial of service (crash) via a crafted file that triggers a buffer over-read, as demonstrated by the PROTOS GENOME test suite for Archive Formats. Solution: Update your system with the appropriate patches or software upgrades. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2008-1372 http://lists.apple.com/archives/security-announce/2009/Aug/msg00001.html BugTraq ID: 28286 http://www.securityfocus.com/bid/28286 Bugtraq: 20080321 rPSA-2008-0118-1 bzip2 (Google Search) http://www.securityfocus.com/archive/1/489968/100/0/threaded Bugtraq: 20081203 VMSA-2008-0019 VMware Hosted products and patches for ESX and ESXi resolve a critical security issue and update bzip2 (Google Search) http://www.securityfocus.com/archive/1/498863/100/0/threaded Cert/CC Advisory: TA09-218A http://www.us-cert.gov/cas/techalerts/TA09-218A.html CERT/CC vulnerability note: VU#813451 http://www.kb.cert.org/vuls/id/813451 https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00165.html https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00225.html http://www.gentoo.org/security/en/glsa/glsa-200804-02.xml http://security.gentoo.org/glsa/glsa-200903-40.xml http://www.mandriva.com/security/advisories?name=MDVSA-2008:075 http://www.cert.fi/haavoittuvuudet/joint-advisory-archive-formats.html http://www.ee.oulu.fi/research/ouspg/protos/testing/c10/archive/ NETBSD Security Advisory: NetBSD-SA2008-004 ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-004.txt.asc https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10067 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6467 http://www.redhat.com/support/errata/RHSA-2008-0893.html http://www.securitytracker.com/id?1020867 http://secunia.com/advisories/29410 http://secunia.com/advisories/29475 http://secunia.com/advisories/29497 http://secunia.com/advisories/29506 http://secunia.com/advisories/29656 http://secunia.com/advisories/29677 http://secunia.com/advisories/29698 http://secunia.com/advisories/29940 http://secunia.com/advisories/31204 http://secunia.com/advisories/31869 http://secunia.com/advisories/31878 http://secunia.com/advisories/36096 http://www.slackware.org/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.473263 http://sunsolve.sun.com/search/document.do?assetkey=1-26-241786-1 SuSE Security Announcement: SUSE-SR:2008:011 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2008-05/msg00000.html https://usn.ubuntu.com/590-1/ http://www.vupen.com/english/advisories/2008/0915 http://www.vupen.com/english/advisories/2008/2557 http://www.vupen.com/english/advisories/2009/2172 XForce ISS Database: bzip2-archives-code-execution(41249) https://exchange.xforce.ibmcloud.com/vulnerabilities/41249
Copyright	Copyright (C) 2008 E-Soft Inc.

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.