English | Deutsch | Español | Português
 ID de Usuario:
 Contraseña:
Nuevo usuario
 Acerca de:   Dedicada | Avanzada | Estándar | Periódica | Sin Riesgo | Escritorio | Básica | Individual | Sello | FAQ
  Resumen de Precio/Funciones | Ordenar  | Nuevas Vulnerabilidades | Confidencialidad | Búsqueda de Vulnerabilidad
 Búsqueda de    
Vulnerabilidad   
    Buscar 61204 Descripciones CVE y
32582 Descripciones de Pruebas,
accesos 10,000+ referencias cruzadas.
Pruebas   CVE   Todos  

ID de Prueba:1.3.6.1.4.1.25623.1.0.70675
Categoría:Red Hat Local Security Checks
Título:RedHat Security Advisory RHSA-2012:0095
Resumen:Redhat Security Advisory RHSA-2012:0095
Descripción:The remote host is missing updates announced in
advisory RHSA-2012:0095.

Ghostscript is a set of software that provides a PostScript interpreter, a
set of C procedures (the Ghostscript library, which implements the graphics
capabilities in the PostScript language) and an interpreter for Portable
Document Format (PDF) files.

An integer overflow flaw was found in Ghostscript's TrueType bytecode
interpreter. An attacker could create a specially-crafted PostScript or PDF
file that, when interpreted, could cause Ghostscript to crash or,
potentially, execute arbitrary code. (CVE-2009-3743)

It was found that Ghostscript always tried to read Ghostscript system
initialization files from the current working directory before checking
other directories, even if a search path that did not contain the current
working directory was specified with the -I option, or the -P- option
was used (to prevent the current working directory being searched first).
If a user ran Ghostscript in an attacker-controlled directory containing a
system initialization file, it could cause Ghostscript to execute arbitrary
PostScript code. (CVE-2010-2055)

Ghostscript included the current working directory in its library search
path by default. If a user ran Ghostscript without the -P- option in an
attacker-controlled directory containing a specially-crafted PostScript
library file, it could cause Ghostscript to execute arbitrary PostScript
code. With this update, Ghostscript no longer searches the current working
directory for library files by default. (CVE-2010-4820)

Note: The fix for CVE-2010-4820 could possibly break existing
configurations. To use the previous, vulnerable behavior, run Ghostscript
with the -P option (to always search the current working directory
first).

A flaw was found in the way Ghostscript interpreted PostScript Type 1 and
PostScript Type 2 font files. An attacker could create a specially-crafted
PostScript Type 1 or PostScript Type 2 font file that, when interpreted,
could cause Ghostscript to crash or, potentially, execute arbitrary code.
(CVE-2010-4054)

Users of Ghostscript are advised to upgrade to these updated packages,
which contain backported patches to correct these issues.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2012-0095.html

Risk factor : Medium
Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2009-3743
Bugtraq: 20101125 TSSA-2010-01 Ghostscript library Ins_MINDEX() integer overflow and heap corruption (Google Search)
http://www.securityfocus.com/archive/1/archive/1/514892/100/0/threaded
http://www.kb.cert.org/vuls/id/JALR-87YGN8
CERT/CC vulnerability note: VU#644319
http://www.kb.cert.org/vuls/id/644319
http://www.securitytracker.com/id?1024785
Common Vulnerability Exposure (CVE) ID: CVE-2010-2055
Bugtraq: 20100522 Ghostscript 8.64 executes random code at startup (Google Search)
http://www.securityfocus.com/archive/1/511433
Bugtraq: 20100526 Re: Ghostscript 8.64 executes random code at startup (Google Search)
http://www.securityfocus.com/archive/1/511472
http://www.securityfocus.com/archive/1/511474
http://www.securityfocus.com/archive/1/511476
http://lists.fedoraproject.org/pipermail/package-announce/2010-July/043948.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-July/043913.html
SuSE Security Announcement: SUSE-SR:2010:014 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html
http://www.osvdb.org/66247
http://secunia.com/advisories/40452
http://secunia.com/advisories/40475
http://secunia.com/advisories/40532
http://www.vupen.com/english/advisories/2010/1757
Common Vulnerability Exposure (CVE) ID: CVE-2010-4054
http://ghostscript.com/pipermail/gs-cvs/2010-January/010333.html
CERT/CC vulnerability note: VU#538191
http://www.kb.cert.org/vuls/id/538191
Common Vulnerability Exposure (CVE) ID: CVE-2010-4820
CopyrightCopyright (c) 2012 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 32582 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.

Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

Registro de Nuevo Usuario
Email:
Usuario:
Contraseña:
Envíeme por email sus boletines mensuales, informándome los últimos servicios, mejoras y encuestas.
Por favor envíeme por email un anuncio de prueba de vulnerabilidades siempre que se agregue una nueva prueba.
   Privacidad
Ingreso de Usuario Registrado
 
Usuario:   
Contraseña:  

 ¿Olvidó su usuario o contraseña??
Email/ID de Usario:




Principal | Acerca de Nosotros | Contáctenos | Programas de Asociado | Privacidad | Listas de Correo | Abuso
Auditorías de Seguridad | DNS Administrado | Monitoreo de Red | Analizador de Sitio | Informes de Investigación de Internet
Prueba de Web | Whois

© 1998-2014 E-Soft Inc. Todos los derechos reservados.