ID de Prueba:	1.3.6.1.4.1.25623.1.0.68267
Categoría:	Mandrake Local Security Checks
Título:	Mandriva Security Advisory MDVSA-2010:154 (cabextract)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to cabextract announced via advisory MDVSA-2010:154. Multiple vulnerabilities has been found and corrected in cabextract: The MS-ZIP decompressor in cabextract before 1.3 allows remote attackers to cause a denial of service (infinite loop) via a malformed MSZIP archive in a .cab file during a test or extract action, related to the libmspack library (CVE-2010-2800). Integer signedness error in the Quantum decompressor in cabextract before 1.3, when archive test mode is used, allows user-assisted remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Quantum archive in a .cab file, related to the libmspack library (CVE-2010-2801). Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&products_id=490 The updated packages provides cabextract 1.3 which is not vulnerable to these issues. Affected: 2008.0, 2009.0, 2009.1, 2010.0, 2010.1, Corporate 4.0, Enterprise Server 5.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. http://www.securityspace.com/smysecure/catid.html?in=MDVSA-2010:154 Risk factor : High CVSS Score: 5.1
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2010-2800 ADV-2010-1903 http://www.vupen.com/english/advisories/2010/1903 [oss-security] 20100802 CVE Request [two ids] -- cabextract -- 1, Infinite loop in MS-ZIP and Quantum decoders (minor) 2, Integer wrap-around (crash) by processing certain *.cab files in test archive mode http://marc.info/?l=oss-security&m=128076168623266&w=2 [oss-security] 20100802 Re: CVE Request [two ids] -- cabextract -- 1, Infinite loop in MS-ZIP and Quantum decoders (minor) 2, Integer wrap-around (crash) by processing certain *.cab files in test archive mode http://marc.info/?l=oss-security&m=128077976522470&w=2 http://bugs.gentoo.org/show_bug.cgi?id=329891 http://libmspack.svn.sourceforge.net/viewvc/libmspack?view=revision&revision=90 http://libmspack.svn.sourceforge.net/viewvc/libmspack?view=revision&revision=95 http://www.cabextract.org.uk/#changes https://bugzilla.redhat.com/show_bug.cgi?id=620450 Common Vulnerability Exposure (CVE) ID: CVE-2010-2801 42173 http://www.securityfocus.com/bid/42173 ADV-2010-1997 http://www.vupen.com/english/advisories/2010/1997 DSA-2087 http://www.debian.org/security/2010/dsa-2087 cabextract-archive-code-execution(60891) https://exchange.xforce.ibmcloud.com/vulnerabilities/60891 http://libmspack.svn.sourceforge.net/viewvc/libmspack/libmspack/trunk/mspack/qtmd.c?r1=114&r2=113 http://libmspack.svn.sourceforge.net/viewvc/libmspack?view=revision&revision=118 https://bugzilla.redhat.com/show_bug.cgi?id=620454
Copyright	Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.