 |
Inicial ▼ Bookkeeping
Online ▼ Auditorias ▼
DNS
Administrado ▼
Acerca de DNS
Ordenar/Renovar
Preguntas Frecuentes
AUP
Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password Monitoreo
de Redes ▼
Enterprise
Avanzado
Estándarr
Prueba
Preguntas Frecuentes
Resumen de Precio/Funciones
Ordenar
Muestras
Configure/Status Alert Profiles | ||
| ID de Prueba: | 1.3.6.1.4.1.25623.1.0.68740 |
| Categoría: | Mandrake Local Security Checks |
| Título: | Mandriva Security Advisory MDVSA-2011:010 (xfig) |
| Resumen: | NOSUMMARY |
| Descripción: | Description: The remote host is missing an update to xfig announced via advisory MDVSA-2011:010. Multiple vulnerabilities has been found and corrected in xfig: Stack-based buffer overflow in the read_1_3_textobject function in f_readold.c in Xfig 3.2.5b and earlier, and in the read_textobject function in read1_3.c in fig2dev in Transfig 3.2.5a and earlier, allows remote attackers to execute arbitrary code via a long string in a malformed .fig file that uses the 1.3 file format. NOTE: some of these details are obtained from third party information (CVE-2009-4227). Stack consumption vulnerability in u_bound.c in Xfig 3.2.5b and earlier allows remote attackers to cause a denial of service (application crash) via a long string in a malformed .fig file that uses the 1.3 file format, possibly related to the readfp_fig function in f_read.c (CVE-2009-4228). Stack-based buffer overflow in Xfig 3.2.4 and 3.2.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a FIG image with a crafted color definition (CVE-2010-4262). Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&products_id=490 The updated packages have been patched to correct these issues. Affected: 2009.0, 2010.0, 2010.1, Corporate 4.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. http://www.securityspace.com/smysecure/catid.html?in=MDVSA-2011:010 Risk factor : High CVSS Score: 6.8 |
| Referencia Cruzada: |
Common Vulnerability Exposure (CVE) ID: CVE-2009-4227 BugTraq ID: 37193 http://www.securityfocus.com/bid/37193 http://www.mandriva.com/security/advisories?name=MDVSA-2011:010 http://www.openwall.com/lists/oss-security/2009/12/03/2 http://secunia.com/advisories/37571 http://secunia.com/advisories/37577 http://www.vupen.com/english/advisories/2011/0108 XForce ISS Database: xfig-read13textobject-bo(54525) https://exchange.xforce.ibmcloud.com/vulnerabilities/54525 Common Vulnerability Exposure (CVE) ID: CVE-2009-4228 Common Vulnerability Exposure (CVE) ID: CVE-2010-4262 42579 http://secunia.com/advisories/42579 45177 http://www.securityfocus.com/bid/45177 ADV-2010-3232 http://www.vupen.com/english/advisories/2010/3232 ADV-2011-0108 FEDORA-2010-18589 http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052247.html MDVSA-2011:010 [oss-security] 20101203 CVE Request -- Xfig: Stack-based buffer overflow by processing FIG image with crafted color definition http://www.openwall.com/lists/oss-security/2010/12/03/2 [oss-security] 20101206 Re: CVE Request -- Xfig: Stack-based buffer overflow by processing FIG image with crafted color definition http://www.openwall.com/lists/oss-security/2010/12/06/8 https://bugzilla.redhat.com/show_bug.cgi?id=657981 https://bugzilla.redhat.com/show_bug.cgi?id=659676 |
| Copyright | Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com |
| Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora. |