Inicial ▼ Bookkeeping
Online ▼ Auditorias ▼
DNS
Administrado ▼
Acerca de DNS
Ordenar/Renovar
Preguntas Frecuentes
AUP
Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password Monitoreo
de Redes ▼
Enterprise
Avanzado
Estándarr
Prueba
Preguntas Frecuentes
Resumen de Precio/Funciones
Ordenar
Muestras
Configure/Status Alert Profiles | |||
ID de Prueba: | 1.3.6.1.4.1.25623.1.0.69383 |
Categoría: | Ubuntu Local Security Checks |
Título: | Ubuntu USN-1104-1 (ffmpeg) |
Resumen: | NOSUMMARY |
Descripción: | Description: The remote host is missing an update to ffmpeg announced via advisory USN-1104-1. Details follow: Cesar Bernardini and Felipe Andres Manzano discovered that FFmpeg incorrectly handled certain malformed flic files. If a user were tricked into opening a crafted flic file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. This issue only affected Ubuntu 8.04 LTS, 9.10 and 10.04 LTS. (CVE-2010-3429) Dan Rosenberg discovered that FFmpeg incorrectly handled certain malformed wmv files. If a user were tricked into opening a crafted wmv file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. This issue only affected Ubuntu 8.04 LTS, 9.10 and 10.04 LTS. (CVE-2010-3908) It was discovered that FFmpeg incorrectly handled certain malformed ogg files. If a user were tricked into opening a crafted ogg file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2010-4704) It was discovered that FFmpeg incorrectly handled certain malformed WebM files. If a user were tricked into opening a crafted WebM file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2011-0480) Dan Rosenberg discovered that FFmpeg incorrectly handled certain malformed RealMedia files. If a user were tricked into opening a crafted RealMedia file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. This issue only affected Ubuntu 8.04 LTS, 9.10 and 10.04 LTS. (CVE-2011-0722) Dan Rosenberg discovered that FFmpeg incorrectly handled certain malformed VC1 files. If a user were tricked into opening a crafted VC1 file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2011-0723) Solution: The problem can be corrected by upgrading your system to the following package versions: Ubuntu 8.04 LTS: libavcodec1d 3:0.cvs20070307-5ubuntu7.6 libavformat1d 3:0.cvs20070307-5ubuntu7.6 Ubuntu 9.10: libavcodec52 4:0.5+svn20090706-2ubuntu2.3 libavformat52 4:0.5+svn20090706-2ubuntu2.3 Ubuntu 10.04 LTS: libavcodec52 4:0.5.1-1ubuntu1.1 libavformat52 4:0.5.1-1ubuntu1.1 Ubuntu 10.10: libavcodec52 4:0.6-2ubuntu6.1 libavformat52 4:0.6-2ubuntu6.1 In general, a standard system update will make all the necessary changes. http://www.securityspace.com/smysecure/catid.html?in=USN-1104-1 Risk factor : Critical CVSS Score: 9.3 |
Referencia Cruzada: |
Common Vulnerability Exposure (CVE) ID: CVE-2010-3429 Bugtraq: 20100928 [oCERT-2010-004] FFmpeg/libavcodec arbitrary offset dereference (Google Search) http://www.securityfocus.com/archive/1/514009/100/0/threaded Debian Security Information: DSA-2165 (Google Search) http://www.debian.org/security/2011/dsa-2165 http://www.mandriva.com/security/advisories?name=MDVSA-2011:060 http://www.mandriva.com/security/advisories?name=MDVSA-2011:061 http://www.mandriva.com/security/advisories?name=MDVSA-2011:062 http://www.mandriva.com/security/advisories?name=MDVSA-2011:088 http://www.mandriva.com/security/advisories?name=MDVSA-2011:089 http://www.mandriva.com/security/advisories?name=MDVSA-2011:112 http://www.mandriva.com/security/advisories?name=MDVSA-2011:114 http://www.ocert.org/advisories/ocert-2010-004.html http://www.openwall.com/lists/oss-security/2010/09/28/4 http://secunia.com/advisories/41626 http://secunia.com/advisories/43323 http://www.ubuntu.com/usn/usn-1104-1/ http://www.vupen.com/english/advisories/2010/2517 http://www.vupen.com/english/advisories/2010/2518 http://www.vupen.com/english/advisories/2011/1241 Common Vulnerability Exposure (CVE) ID: CVE-2010-3908 Debian Security Information: DSA-2306 (Google Search) http://www.debian.org/security/2011/dsa-2306 Common Vulnerability Exposure (CVE) ID: CVE-2010-4704 BugTraq ID: 46294 http://www.securityfocus.com/bid/46294 Common Vulnerability Exposure (CVE) ID: CVE-2011-0480 BugTraq ID: 45788 http://www.securityfocus.com/bid/45788 http://article.gmane.org/gmane.comp.video.ffmpeg.devel/122703 http://osvdb.org/70463 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14380 http://secunia.com/advisories/42951 XForce ISS Database: chrome-vorbis-bo(64671) https://exchange.xforce.ibmcloud.com/vulnerabilities/64671 Common Vulnerability Exposure (CVE) ID: CVE-2011-0722 BugTraq ID: 47149 http://www.securityfocus.com/bid/47149 Common Vulnerability Exposure (CVE) ID: CVE-2011-0723 BugTraq ID: 47151 http://www.securityfocus.com/bid/47151 http://ffmpeg.mplayerhq.hu/ |
Copyright | Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com |
Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora. |