 |
Inicial ▼ Bookkeeping
Online ▼ Auditorias ▼
DNS
Administrado ▼
Acerca de DNS
Ordenar/Renovar
Preguntas Frecuentes
AUP
Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password Monitoreo
de Redes ▼
Enterprise
Avanzado
Estándarr
Prueba
Preguntas Frecuentes
Resumen de Precio/Funciones
Ordenar
Muestras
Configure/Status Alert Profiles | ||
| ID de Prueba: | 1.3.6.1.4.1.25623.1.0.64993 |
| Categoría: | Red Hat Local Security Checks |
| Título: | RedHat Security Advisory RHSA-2009:1471 |
| Resumen: | The remote host is missing updates announced in;advisory RHSA-2009:1471.;;ELinks is a text-based Web browser. ELinks does not display any images, but;it does support frames, tables, and most other HTML tags.;;An off-by-one buffer overflow flaw was discovered in the way ELinks handled;its internal cache of string representations for HTML special entities. A;remote attacker could use this flaw to create a specially-crafted HTML file;that would cause ELinks to crash or, possibly, execute arbitrary code when;rendered. (CVE-2008-7224);;It was discovered that ELinks tried to load translation files using;relative paths. A local attacker able to trick a victim into running ELinks;in a folder containing specially-crafted translation files could use this;flaw to confuse the victim via incorrect translations, or cause ELinks to;crash and possibly execute arbitrary code via embedded formatting sequences;in translated messages. (CVE-2007-2027);;All ELinks users are advised to upgrade to this updated package, which;contains backported patches to resolve these issues. |
| Descripción: | Summary: The remote host is missing updates announced in advisory RHSA-2009:1471. ELinks is a text-based Web browser. ELinks does not display any images, but it does support frames, tables, and most other HTML tags. An off-by-one buffer overflow flaw was discovered in the way ELinks handled its internal cache of string representations for HTML special entities. A remote attacker could use this flaw to create a specially-crafted HTML file that would cause ELinks to crash or, possibly, execute arbitrary code when rendered. (CVE-2008-7224) It was discovered that ELinks tried to load translation files using relative paths. A local attacker able to trick a victim into running ELinks in a folder containing specially-crafted translation files could use this flaw to confuse the victim via incorrect translations, or cause ELinks to crash and possibly execute arbitrary code via embedded formatting sequences in translated messages. (CVE-2007-2027) All ELinks users are advised to upgrade to this updated package, which contains backported patches to resolve these issues. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date CVSS Score: 7.8 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C |
| Referencia Cruzada: |
Common Vulnerability Exposure (CVE) ID: CVE-2007-2027 BugTraq ID: 23844 http://www.securityfocus.com/bid/23844 http://security.gentoo.org/glsa/glsa-200706-03.xml http://osvdb.org/35668 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9741 http://secunia.com/advisories/25169 http://secunia.com/advisories/25198 http://secunia.com/advisories/25255 http://secunia.com/advisories/25550 http://www.trustix.org/errata/2007/0017/ http://www.ubuntu.com/usn/usn-457-1 http://www.vupen.com/english/advisories/2007/1686 Common Vulnerability Exposure (CVE) ID: CVE-2008-7224 http://linuxfromscratch.org/pipermail/elinks-users/2008-February/001604.html http://osvdb.org/41949 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10126 |
| Copyright | Copyright (C) 2009 E-Soft Inc. |
| Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora. |