ID de Prueba:	1.3.6.1.4.1.25623.1.0.62931
Categoría:	Red Hat Local Security Checks
Título:	RedHat Security Advisory RHSA-2008:1021
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory RHSA-2008:1021. GNU enscript converts ASCII files to PostScript(R) language files and spools the generated output to a specified printer or saves it to a file. Enscript can be extended to handle different output media and includes options for customizing printouts. Several buffer overflow flaws were found in GNU enscript. An attacker could craft an ASCII file in such a way that it could execute arbitrary commands if the file was opened with enscript with the special escapes option (-e or --escapes) enabled. (CVE-2008-3863, CVE-2008-4306, CVE-2008-5078) All users of enscript should upgrade to these updated packages, which contain backported patches to correct these issues. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2008-1021.html http://www.redhat.com/security/updates/classification/#moderate Risk factor : Critical CVSS Score: 9.3
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2008-3863 http://lists.apple.com/archives/security-announce/2009/May/msg00002.html BugTraq ID: 31858 http://www.securityfocus.com/bid/31858 Bugtraq: 20081022 Secunia Research: GNU Enscript "setfilename" Special Escape Buffer Overflow (Google Search) http://www.securityfocus.com/archive/1/497647/100/0/threaded Bugtraq: 20081117 rPSA-2008-0321-1 enscript (Google Search) http://www.securityfocus.com/archive/1/498385/100/0/threaded Cert/CC Advisory: TA09-133A http://www.us-cert.gov/cas/techalerts/TA09-133A.html Debian Security Information: DSA-1670 (Google Search) http://www.debian.org/security/2008/dsa-1670 https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00014.html https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00040.html http://security.gentoo.org/glsa/glsa-200812-02.xml http://www.mandriva.com/security/advisories?name=MDVSA-2008:243 http://secunia.com/secunia_research/2008-41/ https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9939 http://www.redhat.com/support/errata/RHSA-2008-1016.html http://www.redhat.com/support/errata/RHSA-2008-1021.html http://rhn.redhat.com/errata/RHSA-2008-1021.html http://secunia.com/advisories/32137 http://secunia.com/advisories/32521 http://secunia.com/advisories/32530 http://secunia.com/advisories/32753 http://secunia.com/advisories/32854 http://secunia.com/advisories/32970 http://secunia.com/advisories/33109 http://secunia.com/advisories/35074 http://securityreason.com/securityalert/4488 SuSE Security Announcement: SUSE-SR:2008:024 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00000.html http://www.ubuntu.com/usn/usn-660-1 http://www.vupen.com/english/advisories/2008/2891 http://www.vupen.com/english/advisories/2009/1297 XForce ISS Database: gnuenscript-readspecialescape-bo(46026) https://exchange.xforce.ibmcloud.com/vulnerabilities/46026 Common Vulnerability Exposure (CVE) ID: CVE-2008-4306 20081117 rPSA-2008-0321-1 enscript 32521 32530 32753 32854 32970 33109 49569 http://osvdb.org/49569 DSA-1670 FEDORA-2008-9351 FEDORA-2008-9372 GLSA-200812-02 MDVSA-2008:243 RHSA-2008:1016 RHSA-2008:1021 SUSE-SR:2008:024 USN-660-1 http://support.avaya.com/elmodocs2/security/ASA-2008-504.htm http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0321 https://issues.rpath.com/browse/RPL-2887 oval:org.mitre.oval:def:10718 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10718 Common Vulnerability Exposure (CVE) ID: CVE-2008-5078 1021401 http://www.securitytracker.com/id?1021401 33181 http://secunia.com/advisories/33181 SUSE-SR:2009:005 http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00000.html enscript-recognize-tilde-bo(47680) https://exchange.xforce.ibmcloud.com/vulnerabilities/47680 https://bugzilla.redhat.com/show_bug.cgi?id=473958 oval:org.mitre.oval:def:11807 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11807
Copyright	Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.