English | Deutsch | Español
 
Inicial ▼
Página inicial Acerca Nuestro Contáctenos Privacidad Programas de Asociados Testimonios En la Prensa Listas de Correos Abuso Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
 
Auditorias ▼
Inicial Dedicada Avanzada Estándar Periódica Sin Riesgo Escritorio Básica Sello FAQ Resumen de Precio/Funciones Ordenar Nuevas Pruebas Todas las Pruebas Confidencialidad Búsqueda de Vulnerabilidad Ejecutar Auditoría Programador IP Permissions Auditorías Personalizadas Cola Recordatorio Sellos Informes Estilos de Informes
DNS
Administrado ▼
Acerca de DNS Ordenar/Renovar Preguntas Frecuentes AUP Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password
Monitoreo
de Redes ▼
Enterprise Avanzado Estándarr Prueba Preguntas Frecuentes Resumen de Precio/Funciones Ordenar Muestras
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Iniciar sesión/Registrarse 
 
 Búsqueda de    
Vulnerabilidad   		     Buscar 324607 Descripciones CVE y
145615 Descripciones de Pruebas,
accesos 10,000+ referencias cruzadas.
Pruebas   CVE   Todos  

ID de Prueba:1.3.6.1.4.1.25623.1.0.871616
Categoría:Red Hat Local Security Checks
Título:RedHat Update for file RHSA-2016:0760-01
Resumen:The remote host is missing an update for the 'file'; package(s) announced via the referenced advisory.
Descripción:Summary:
The remote host is missing an update for the 'file'
package(s) announced via the referenced advisory.

Vulnerability Insight:
The file command is used to identify a particular file according to the
type of data the file contains. It can identify many different file types,
including Executable and Linkable Format (ELF) binary files, system
libraries, RPM packages, and different graphics formats.

Security Fix(es):

* Multiple flaws were found in the file regular expression rules for
detecting various files. A remote attacker could use these flaws to cause
file to consume an excessive amount of CPU. (CVE-2014-3538)

* A denial of service flaw was found in the way file parsed certain
Composite Document Format (CDF) files. A remote attacker could use this
flaw to crash file via a specially crafted CDF file. (CVE-2014-3587)

* Multiple flaws were found in the way file parsed Executable and Linkable
Format (ELF) files. A remote attacker could use these flaws to cause file
to crash, disclose portions of its memory, or consume an excessive amount
of system resources. (CVE-2014-3710, CVE-2014-8116, CVE-2014-8117,
CVE-2014-9620, CVE-2014-9653)

Red Hat would like to thank Thomas Jarosch (Intra2net AG) for reporting
CVE-2014-8116 and CVE-2014-8117. The CVE-2014-3538 issue was discovered by
Jan Kalua (Red Hat Web Stack Team) and the CVE-2014-3710 issue was
discovered by Francisco Alonso (Red Hat Product Security).

For detailed information on changes in this release, see the Red Hat
Enterprise Linux 6.8 Release Notes and Red Hat Enterprise Linux 6.8
Technical Notes linked from the References section.

Affected Software/OS:
file on Red Hat Enterprise Linux Desktop (v. 6),
Red Hat Enterprise Linux Server (v. 6),
Red Hat Enterprise Linux Workstation (v. 6)

Solution:
Please Install the Updated Packages.

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2014-3538
http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html
BugTraq ID: 68348
http://www.securityfocus.com/bid/68348
Debian Security Information: DSA-3008 (Google Search)
http://www.debian.org/security/2014/dsa-3008
Debian Security Information: DSA-3021 (Google Search)
http://www.debian.org/security/2014/dsa-3021
http://mx.gw.com/pipermail/file/2014/001553.html
http://openwall.com/lists/oss-security/2014/06/30/7
RedHat Security Advisories: RHSA-2014:1327
http://rhn.redhat.com/errata/RHSA-2014-1327.html
RedHat Security Advisories: RHSA-2014:1765
http://rhn.redhat.com/errata/RHSA-2014-1765.html
RedHat Security Advisories: RHSA-2014:1766
http://rhn.redhat.com/errata/RHSA-2014-1766.html
RedHat Security Advisories: RHSA-2016:0760
http://rhn.redhat.com/errata/RHSA-2016-0760.html
http://secunia.com/advisories/60696
Common Vulnerability Exposure (CVE) ID: CVE-2014-3587
BugTraq ID: 69325
http://www.securityfocus.com/bid/69325
RedHat Security Advisories: RHSA-2014:1326
http://rhn.redhat.com/errata/RHSA-2014-1326.html
http://secunia.com/advisories/60609
http://www.ubuntu.com/usn/USN-2344-1
http://www.ubuntu.com/usn/USN-2369-1
Common Vulnerability Exposure (CVE) ID: CVE-2014-3710
BugTraq ID: 70807
http://www.securityfocus.com/bid/70807
Debian Security Information: DSA-3072 (Google Search)
http://www.debian.org/security/2014/dsa-3072
FreeBSD Security Advisory: FreeBSD-SA-14:28
https://www.freebsd.org/security/advisories/FreeBSD-SA-14:28.file.asc
https://security.gentoo.org/glsa/201503-03
https://security.gentoo.org/glsa/201701-42
RedHat Security Advisories: RHSA-2014:1767
http://rhn.redhat.com/errata/RHSA-2014-1767.html
RedHat Security Advisories: RHSA-2014:1768
http://rhn.redhat.com/errata/RHSA-2014-1768.html
http://www.securitytracker.com/id/1031344
http://secunia.com/advisories/60630
http://secunia.com/advisories/60699
http://secunia.com/advisories/61763
http://secunia.com/advisories/61970
http://secunia.com/advisories/61982
http://secunia.com/advisories/62347
http://secunia.com/advisories/62559
SuSE Security Announcement: openSUSE-SU-2014:1516 (Google Search)
http://lists.opensuse.org/opensuse-updates/2014-11/msg00113.html
http://www.ubuntu.com/usn/USN-2391-1
http://www.ubuntu.com/usn/USN-2494-1
Common Vulnerability Exposure (CVE) ID: CVE-2014-8116
BugTraq ID: 71700
http://www.securityfocus.com/bid/71700
http://seclists.org/oss-sec/2014/q4/1056
http://secunia.com/advisories/61944
http://secunia.com/advisories/62081
Common Vulnerability Exposure (CVE) ID: CVE-2014-8117
BugTraq ID: 71692
http://www.securityfocus.com/bid/71692
http://www.ubuntu.com/usn/USN-2535-1
Common Vulnerability Exposure (CVE) ID: CVE-2014-9620
BugTraq ID: 71715
http://www.securityfocus.com/bid/71715
Debian Security Information: DSA-3121 (Google Search)
http://www.debian.org/security/2015/dsa-3121
https://security.gentoo.org/glsa/201503-08
http://mx.gw.com/pipermail/file/2014/001653.html
http://mx.gw.com/pipermail/file/2015/001660.html
http://www.openwall.com/lists/oss-security/2015/01/17/9
https://usn.ubuntu.com/3686-1/
Common Vulnerability Exposure (CVE) ID: CVE-2014-9653
BugTraq ID: 72516
http://www.securityfocus.com/bid/72516
Debian Security Information: DSA-3196 (Google Search)
http://www.debian.org/security/2015/dsa-3196
HPdes Security Advisory: HPSBMU03380
http://marc.info/?l=bugtraq&m=143748090628601&w=2
HPdes Security Advisory: HPSBMU03409
http://marc.info/?l=bugtraq&m=144050155601375&w=2
http://mx.gw.com/pipermail/file/2014/001649.html
http://openwall.com/lists/oss-security/2015/02/05/13
Common Vulnerability Exposure (CVE) ID: CVE-2012-1571
Debian Security Information: DSA-2422 (Google Search)
http://www.debian.org/security/2012/dsa-2422
http://www.mandriva.com/security/advisories?name=MDVSA-2012:035
http://mx.gw.com/pipermail/file/2012/000914.html
http://www.ubuntu.com/usn/USN-2123-1
CopyrightCopyright (C) 2016 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.

Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.



© 1998-2025 E-Soft Inc. Todos los derechos reservados.