 |
Inicial ▼ Bookkeeping
Online ▼ Auditorias ▼
DNS
Administrado ▼
Acerca de DNS
Ordenar/Renovar
Preguntas Frecuentes
AUP
Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password Monitoreo
de Redes ▼
Enterprise
Avanzado
Estándarr
Prueba
Preguntas Frecuentes
Resumen de Precio/Funciones
Ordenar
Muestras
Configure/Status Alert Profiles | ||
| ID de Prueba: | 1.3.6.1.4.1.25623.1.0.63626 |
| Categoría: | FreeBSD Local Security Checks |
| Título: | FreeBSD Ports: gstreamer-plugins-good |
| Resumen: | The remote host is missing an update to the system; as announced in the referenced advisory. |
| Descripción: | Summary: The remote host is missing an update to the system as announced in the referenced advisory. Vulnerability Insight: The following package is affected: gstreamer-plugins-good CVE-2009-0386 Heap-based buffer overflow in the qtdemux_parse_samples function in gst/qtdemux/qtdemux.c in GStreamer Good Plug-ins (aka gst-plugins-good) 0.10.9 through 0.10.11 might allow remote attackers to execute arbitrary code via crafted Composition Time To Sample (ctts) atom data in a malformed QuickTime media .mov file. CVE-2009-0387 Array index error in the qtdemux_parse_samples function in gst/qtdemux/qtdemux.c in GStreamer Good Plug-ins (aka gst-plugins-good) 0.10.9 through 0.10.11 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted Sync Sample (aka stss) atom data in a malformed QuickTime media .mov file, related to 'mark keyframes.' CVE-2009-0397 Heap-based buffer overflow in the qtdemux_parse_samples function in gst/qtdemux/qtdemux.c in GStreamer Good Plug-ins (aka gst-plugins-good) 0.10.9 through 0.10.11, and GStreamer Plug-ins (aka gstreamer-plugins) 0.8.5, might allow remote attackers to execute arbitrary code via crafted Time-to-sample (aka stts) atom data in a malformed QuickTime media .mov file. Solution: Update your system with the appropriate patches or software upgrades. CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C |
| Referencia Cruzada: |
Common Vulnerability Exposure (CVE) ID: CVE-2009-0386 BugTraq ID: 33405 http://www.securityfocus.com/bid/33405 Bugtraq: 20090122 [TKADV2009-003] GStreamer Heap Overflow and Array Index out of Bounds Vulnerabilities (Google Search) http://www.securityfocus.com/archive/1/500317/100/0/threaded http://security.gentoo.org/glsa/glsa-200907-11.xml http://www.mandriva.com/security/advisories?name=MDVSA-2009:035 http://trapkit.de/advisories/TKADV2009-003.txt http://www.openwall.com/lists/oss-security/2009/01/29/3 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10306 http://www.redhat.com/support/errata/RHSA-2009-0271.html http://secunia.com/advisories/33650 http://secunia.com/advisories/33815 http://secunia.com/advisories/34336 http://secunia.com/advisories/35777 SuSE Security Announcement: SUSE-SR:2009:005 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00000.html http://www.ubuntu.com/usn/USN-736-1 http://www.vupen.com/english/advisories/2009/0225 Common Vulnerability Exposure (CVE) ID: CVE-2009-0387 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10611 Common Vulnerability Exposure (CVE) ID: CVE-2009-0397 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9942 http://www.redhat.com/support/errata/RHSA-2009-0270.html http://secunia.com/advisories/33830 XForce ISS Database: gstreamer-qtdemuxparse-bo(48555) https://exchange.xforce.ibmcloud.com/vulnerabilities/48555 |
| Copyright | Copyright (C) 2009 E-Soft Inc. |
| Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora. |