Test ID:	1.3.6.1.4.1.25623.1.0.58492
Category:	Mandrake Local Security Checks
Title:	Mandrake Security Advisory MDKSA-2007:153 (gd)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing an update to gd announced via advisory MDKSA-2007:153. GD versions prior to 2.0.35 have a number of bugs which potentially lead to denial of service and possibly other issues. Integer overflow in gdImageCreateTrueColor function in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to have unspecified remote attack vectors and impact. (CVE-2007-3472) The gdImageCreateXbm function in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash) via unspecified vectors involving a gdImageCreate failure. (CVE-2007-3473) Multiple unspecified vulnerabilities in the GIF reader in the GD Graphics Library (libgd) before 2.0.35 allow user-assisted remote attackers to have unspecified attack vectors and impact. (CVE-2007-3474) The GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash) via a GIF image that has no global color map. (CVE-2007-3475) Array index error in gd_gif_in.c in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash and heap corruption) via large color index values in crafted image data, which results in a segmentation fault. (CVE-2007-3476) The (a) imagearc and (b) imagefilledarc functions in GD Graphics Library (libgd) before 2.0.35 allows attackers to cause a denial of service (CPU consumption) via a large (1) start or (2) end angle degree value. (CVE-2007-3477) Race condition in gdImageStringFTEx (gdft_draw_bitmap) in gdft.c in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash) via unspecified vectors, possibly involving truetype font (TTF) support. (CVE-2007-3478) The security issues related to GIF image handling (CVE-2007-3473, CVE-2007-3474, CVE-2007-3475, CVE-2007-3476) do not affect Corporate 3.0, as the version of GD included in these versions does not include GIF support. Updated packages have been patched to prevent these issues. Affected: 2007.0, 2007.1, Corporate 3.0, Corporate 4.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. http://www.securityspace.com/smysecure/catid.html?in=MDKSA-2007:153 Risk factor : Medium CVSS Score: 5.0
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2007-3472 BugTraq ID: 24651 http://www.securityfocus.com/bid/24651 Bugtraq: 20070907 FLEA-2007-0052-1 gd (Google Search) http://www.securityfocus.com/archive/1/478796/100/0/threaded http://fedoranews.org/updates/FEDORA-2007-205.shtml http://www.redhat.com/archives/fedora-package-announce/2007-September/msg00311.html http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052854.html http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052848.html http://security.gentoo.org/glsa/glsa-200708-05.xml http://security.gentoo.org/glsa/glsa-200711-34.xml http://security.gentoo.org/glsa/glsa-200805-13.xml http://www.mandriva.com/security/advisories?name=MDKSA-2007:153 http://www.mandriva.com/security/advisories?name=MDKSA-2007:164 http://bugs.libgd.org/?do=details&task_id=89 http://www.secweb.se/en/advisories/gd-gdimagecreatetruecolor-integer-overflow/ http://osvdb.org/37745 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11067 http://www.redhat.com/support/errata/RHSA-2008-0146.html http://secunia.com/advisories/25855 http://secunia.com/advisories/25860 http://secunia.com/advisories/26272 http://secunia.com/advisories/26390 http://secunia.com/advisories/26415 http://secunia.com/advisories/26467 http://secunia.com/advisories/26663 http://secunia.com/advisories/26766 http://secunia.com/advisories/26856 http://secunia.com/advisories/29157 http://secunia.com/advisories/30168 http://secunia.com/advisories/42813 SuSE Security Announcement: SUSE-SR:2007:015 (Google Search) http://www.novell.com/linux/security/advisories/2007_15_sr.html http://www.trustix.org/errata/2007/0024/ http://www.vupen.com/english/advisories/2007/2336 http://www.vupen.com/english/advisories/2011/0022 XForce ISS Database: gd-imagecreatetruecolor-code-execution(35108) https://exchange.xforce.ibmcloud.com/vulnerabilities/35108 Common Vulnerability Exposure (CVE) ID: CVE-2007-3473 http://bugs.libgd.org/?do=details&task_id=94 http://osvdb.org/37744 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11806 XForce ISS Database: gd-imagecreatexbm-dos(35109) https://exchange.xforce.ibmcloud.com/vulnerabilities/35109 Common Vulnerability Exposure (CVE) ID: CVE-2007-3474 http://osvdb.org/37743 XForce ISS Database: gd-gifreader-unspecified(35110) https://exchange.xforce.ibmcloud.com/vulnerabilities/35110 Common Vulnerability Exposure (CVE) ID: CVE-2007-3475 http://www.libgd.org/ReleaseNote020035 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9728 Common Vulnerability Exposure (CVE) ID: CVE-2007-3476 Debian Security Information: DSA-1613 (Google Search) http://www.debian.org/security/2008/dsa-1613 http://osvdb.org/37741 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10348 http://secunia.com/advisories/31168 Common Vulnerability Exposure (CVE) ID: CVE-2007-3477 http://osvdb.org/42062 Common Vulnerability Exposure (CVE) ID: CVE-2007-3478 http://bugs.php.net/bug.php?id=40578 http://osvdb.org/37740
Copyright	Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.