ID de Prueba:	1.3.6.1.4.1.25623.1.0.66403
Categoría:	Mandrake Local Security Checks
Título:	Mandriva Security Advisory MDVSA-2009:231-1 (htmldoc)
Resumen:	The remote host is missing an update to htmldoc;announced via advisory MDVSA-2009:231-1.
Descripción:	Summary: The remote host is missing an update to htmldoc announced via advisory MDVSA-2009:231-1. Vulnerability Insight: A security vulnerability has been identified and fixed in htmldoc: Buffer overflow in the set_page_size function in util.cxx in HTMLDOC 1.8.27 and earlier allows context-dependent attackers to execute arbitrary code via a long MEDIA SIZE comment. NOTE: it was later reported that there were additional vectors in htmllib.cxx and ps-pdf.cxx using an AFM font file with a long glyph name, but these vectors do not cross privilege boundaries (CVE-2009-3050). This update provides a solution to this vulnerability. Update: Packages for 2008.0 are being provided due to extended support for Corporate products. Affected: 2008.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2009-3050 http://packetstormsecurity.org/0907-exploits/htmldoc-overflow.txt http://www.openwall.com/lists/oss-security/2009/07/25/3 http://www.openwall.com/lists/oss-security/2009/07/26/2 http://www.openwall.com/lists/oss-security/2009/09/01/1 http://secunia.com/advisories/35780
Copyright	Copyright (C) 2009 E-Soft Inc.

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.