English | Deutsch | Español
 
Inicial ▼
Página inicial Acerca Nuestro Contáctenos Privacidad Programas de Asociados Testimonios En la Prensa Listas de Correos Abuso Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
 
Auditorias ▼
Inicial Dedicada Avanzada Estándar Periódica Sin Riesgo Escritorio Básica Sello FAQ Resumen de Precio/Funciones Ordenar Nuevas Pruebas Todas las Pruebas Confidencialidad Búsqueda de Vulnerabilidad Ejecutar Auditoría Programador IP Permissions Auditorías Personalizadas Cola Recordatorio Sellos Informes Estilos de Informes
DNS
Administrado ▼
Acerca de DNS Ordenar/Renovar Preguntas Frecuentes AUP Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password
Monitoreo
de Redes ▼
Enterprise Avanzado Estándarr Prueba Preguntas Frecuentes Resumen de Precio/Funciones Ordenar Muestras
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Iniciar sesión/Registrarse 
 
 Búsqueda de    
Vulnerabilidad   		     Buscar 324607 Descripciones CVE y
145615 Descripciones de Pruebas,
accesos 10,000+ referencias cruzadas.
Pruebas   CVE   Todos  

ID de Prueba:1.3.6.1.4.1.25623.1.0.880806
Categoría:CentOS Local Security Checks
Título:CentOS Update for ghostscript CESA-2009:0345 centos3 i386
Resumen:The remote host is missing an update for the 'ghostscript'; package(s) announced via the referenced advisory.
Descripción:Summary:
The remote host is missing an update for the 'ghostscript'
package(s) announced via the referenced advisory.

Vulnerability Insight:
Ghostscript is a set of software that provides a PostScript(TM)
interpreter, a set of C procedures (the Ghostscript library, which
implements the graphics capabilities in the PostScript language) and
an interpreter for Portable Document Format (PDF) files.

Multiple integer overflow flaws which could lead to heap-based buffer
overflows, as well as multiple insufficient input validation flaws, were
found in Ghostscript's International Color Consortium Format library
(icclib). Using specially-crafted ICC profiles, an attacker could create a
malicious PostScript or PDF file with embedded images which could cause
Ghostscript to crash, or, potentially, execute arbitrary code when opened
by the victim. (CVE-2009-0583, CVE-2009-0584)

All users of ghostscript are advised to upgrade to these updated packages,
which contain a backported patch to correct these issues.

Affected Software/OS:
ghostscript on CentOS 3

Solution:
Please install the updated packages.

CVSS Score:
9.3

CVSS Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2009-0583
1021868
http://securitytracker.com/id?1021868
20090319 rPSA-2009-0050-1 ghostscript
http://www.securityfocus.com/archive/1/501994/100/0/threaded
262288
http://sunsolve.sun.com/search/document.do?assetkey=1-26-262288-1
34184
http://www.securityfocus.com/bid/34184
34266
http://secunia.com/advisories/34266
34373
http://secunia.com/advisories/34373
34381
http://secunia.com/advisories/34381
34393
http://secunia.com/advisories/34393
34398
http://secunia.com/advisories/34398
34418
http://secunia.com/advisories/34418
34437
http://secunia.com/advisories/34437
34443
http://secunia.com/advisories/34443
34469
http://secunia.com/advisories/34469
34729
http://secunia.com/advisories/34729
35559
http://secunia.com/advisories/35559
35569
http://secunia.com/advisories/35569
ADV-2009-0776
http://www.vupen.com/english/advisories/2009/0776
ADV-2009-0777
http://www.vupen.com/english/advisories/2009/0777
ADV-2009-0816
http://www.vupen.com/english/advisories/2009/0816
ADV-2009-1708
http://www.vupen.com/english/advisories/2009/1708
DSA-1746
http://www.debian.org/security/2009/dsa-1746
ESB-2009.0259
http://www.auscert.org.au/render.html?it=10666
FEDORA-2009-2883
https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00770.html
FEDORA-2009-2885
https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00772.html
FEDORA-2009-3011
https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00887.html
FEDORA-2009-3031
https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00916.html
GLSA-200903-37
http://www.gentoo.org/security/en/glsa/glsa-200903-37.xml
MDVSA-2009:095
http://www.mandriva.com/security/advisories?name=MDVSA-2009:095
MDVSA-2009:096
http://www.mandriva.com/security/advisories?name=MDVSA-2009:096
RHSA-2009:0345
http://www.redhat.com/support/errata/RHSA-2009-0345.html
SUSE-SR:2009:007
http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html
USN-743-1
http://www.ubuntu.com/usn/USN-743-1
USN-757-1
https://usn.ubuntu.com/757-1/
ghostscript-icclib-native-color-bo(49329)
https://exchange.xforce.ibmcloud.com/vulnerabilities/49329
http://bugs.gentoo.org/show_bug.cgi?id=261087
http://support.avaya.com/elmodocs2/security/ASA-2009-098.htm
http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0050
https://bugzilla.redhat.com/show_bug.cgi?id=487742
https://issues.rpath.com/browse/RPL-2991
oval:org.mitre.oval:def:10795
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10795
Common Vulnerability Exposure (CVE) ID: CVE-2009-0584
52988
http://osvdb.org/52988
ghostscript-icclib-bo(49327)
https://exchange.xforce.ibmcloud.com/vulnerabilities/49327
https://bugzilla.redhat.com/show_bug.cgi?id=487744
oval:org.mitre.oval:def:10544
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10544
CopyrightCopyright (C) 2011 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.

Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.



© 1998-2025 E-Soft Inc. Todos los derechos reservados.