 |
Inicial ▼ Bookkeeping
Online ▼ Auditorias ▼
DNS
Administrado ▼
Acerca de DNS
Ordenar/Renovar
Preguntas Frecuentes
AUP
Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password Monitoreo
de Redes ▼
Enterprise
Avanzado
Estándarr
Prueba
Preguntas Frecuentes
Resumen de Precio/Funciones
Ordenar
Muestras
Configure/Status Alert Profiles | ||
| ID de Prueba: | 1.3.6.1.4.1.25623.1.0.831715 |
| Categoría: | Mandrake Local Security Checks |
| Título: | Mandriva Update for libtiff MDVSA-2012:127 (libtiff) |
| Resumen: | The remote host is missing an update for the 'libtiff'; package(s) announced via the referenced advisory. |
| Descripción: | Summary: The remote host is missing an update for the 'libtiff' package(s) announced via the referenced advisory. Vulnerability Insight: A vulnerability was found and corrected in libtiff: A heap-based buffer overflow flaw was found in the way tiff2pdf, a TIFF image to a PDF document conversion tool, of libtiff, a library of functions for manipulating TIFF (Tagged Image File Format) image format files, performed write of TIFF image content into particular PDF document file, when not properly initialized T2P context struct pointer has been provided by tiff2pdf (application requesting the conversion) as one of parameters for the routine performing the write. A remote attacker could provide a specially-crafted TIFF image format file, that when processed by tiff2pdf would lead to tiff2pdf executable crash or, potentially, arbitrary code execution with the privileges of the user running the tiff2pdf binary (CVE-2012-3401). The updated packages have been patched to correct this issue. Affected Software/OS: libtiff on Mandriva Linux 2011.0, Mandriva Enterprise Server 5.2 Solution: Please Install the Updated Packages. CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P |
| Referencia Cruzada: |
Common Vulnerability Exposure (CVE) ID: CVE-2012-3401 49938 http://secunia.com/advisories/49938 50007 http://secunia.com/advisories/50007 50726 http://secunia.com/advisories/50726 54601 http://www.securityfocus.com/bid/54601 84090 http://osvdb.org/84090 DSA-2552 http://www.debian.org/security/2012/dsa-2552 GLSA-201209-02 http://security.gentoo.org/glsa/glsa-201209-02.xml MDVSA-2012:127 http://www.mandriva.com/security/advisories?name=MDVSA-2012:127 RHSA-2012:1590 http://rhn.redhat.com/errata/RHSA-2012-1590.html USN-1511-1 http://www.ubuntu.com/usn/USN-1511-1 [oss-security] 20120719 Re: tiff2pdf: Heap-based buffer overflow due to improper initialization of T2P context struct pointer http://www.openwall.com/lists/oss-security/2012/07/19/4 [oss-security] 20120719 tiff2pdf: Heap-based buffer overflow due to improper initialization of T2P context struct pointer http://www.openwall.com/lists/oss-security/2012/07/19/1 http://libjpeg-turbo.svn.sourceforge.net/viewvc/libjpeg-turbo?view=revision&revision=830 http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf https://bugzilla.redhat.com/attachment.cgi?id=596457 https://bugzilla.redhat.com/show_bug.cgi?id=837577 libtiff-t2preadtiffinit-bo(77088) https://exchange.xforce.ibmcloud.com/vulnerabilities/77088 openSUSE-SU-2012:0955 http://lists.opensuse.org/opensuse-updates/2012-08/msg00011.html |
| Copyright | Copyright (C) 2012 Greenbone AG |
| Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora. |