Mandrake Local Security Checks : Mandriva Security Advisory MDVSA-2010:161 (vte)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.68249

Categoría: Mandrake Local Security Checks

Título: Mandriva Security Advisory MDVSA-2010:161 (vte)

Resumen: NOSUMMARY

Descripción: Description:
The remote host is missing an update to vte
announced via advisory MDVSA-2010:161.

A vulnerability has been found and corrected in vte:

The vte_sequence_handler_window_manipulation function in vteseq.c
in libvte (aka libvte9) in VTE 0.25.1 and earlier, as used in
gnome-terminal, does not properly handle escape sequences, which
allows remote attackers to execute arbitrary commands or obtain
potentially sensitive information via a (1) window title or (2) icon
title sequence. NOTE: this issue exists because of a CVE-2003-0070
regression (CVE-2010-2713).

The updated packages have been patched to correct this issue.

Affected: 2009.1, 2010.0, 2010.1

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

http://www.securityspace.com/smysecure/catid.html?in=MDVSA-2010:161

Risk factor : High

CVSS Score:
6.8

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2003-0070
Bugtraq: 20030224 Terminal Emulator Security Issues (Google Search)
http://marc.info/?l=bugtraq&m=104612710031920&w=2
http://seclists.org/lists/bugtraq/2003/Mar/0010.html
http://www.redhat.com/support/errata/RHSA-2003-053.html
http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html
http://www.iss.net/security_center/static/11414.php
Common Vulnerability Exposure (CVE) ID: CVE-2010-2713
BugTraq ID: 41716
http://www.securityfocus.com/bid/41716
http://secunia.com/advisories/40635
SuSE Security Announcement: SUSE-SR:2010:014 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html
http://www.ubuntu.com/usn/usn-962-1
http://www.vupen.com/english/advisories/2010/1839

Copyright Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.68249
Categoría:	Mandrake Local Security Checks
Título:	Mandriva Security Advisory MDVSA-2010:161 (vte)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to vte announced via advisory MDVSA-2010:161. A vulnerability has been found and corrected in vte: The vte_sequence_handler_window_manipulation function in vteseq.c in libvte (aka libvte9) in VTE 0.25.1 and earlier, as used in gnome-terminal, does not properly handle escape sequences, which allows remote attackers to execute arbitrary commands or obtain potentially sensitive information via a (1) window title or (2) icon title sequence. NOTE: this issue exists because of a CVE-2003-0070 regression (CVE-2010-2713). The updated packages have been patched to correct this issue. Affected: 2009.1, 2010.0, 2010.1 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. http://www.securityspace.com/smysecure/catid.html?in=MDVSA-2010:161 Risk factor : High CVSS Score: 6.8
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2003-0070 Bugtraq: 20030224 Terminal Emulator Security Issues (Google Search) http://marc.info/?l=bugtraq&m=104612710031920&w=2 http://seclists.org/lists/bugtraq/2003/Mar/0010.html http://www.redhat.com/support/errata/RHSA-2003-053.html http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html http://www.iss.net/security_center/static/11414.php Common Vulnerability Exposure (CVE) ID: CVE-2010-2713 BugTraq ID: 41716 http://www.securityfocus.com/bid/41716 http://secunia.com/advisories/40635 SuSE Security Announcement: SUSE-SR:2010:014 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html http://www.ubuntu.com/usn/usn-962-1 http://www.vupen.com/english/advisories/2010/1839
Copyright	Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com