Test ID:	1.3.6.1.4.1.25623.1.0.50457
Category:	Ubuntu Local Security Checks
Title:	Ubuntu 4.10 USN-21-1 (libgd)
Summary:	Ubuntu 4.10 USN-21-1 (libgd)
Description:	The remote host is missing an update to libgd announced via advisory USN-21-1. Several buffer overflows have been discovered in libgd's PNG handling functions. If an attacker tricked a user into loading a malicious PNG image, they could leverage this into executing arbitrary code in the context of the user opening image. Most importantly, this library is commonly used in PHP. One possible target would be a PHP driven photo website that lets users upload images. Therefore this vulnerability might lead to privilege escalation to a web server's privileges. The following packages are affected: libgd1-noxpm libgd1-xpm Solution: The problem can be corrected by upgrading the affected package to version 1.8.4-36ubuntu0.1. In general, a standard system upgrade is sufficient to effect the necessary changes. http://lists.ubuntu.com/archives/ubuntu-security-announce/2004-November/000023.html Risk factor : Critical
Cross-Ref:	BugTraq ID: 11523 Common Vulnerability Exposure (CVE) ID: CVE-2004-0990 Bugtraq: 20041026 libgd integer overflow (Google Search) http://marc.theaimsgroup.com/?l=bugtraq&m=109882489302099&w=2 Debian Security Information: DSA-589 (Google Search) http://www.debian.org/security/2004/dsa-589 Debian Security Information: DSA-591 (Google Search) http://www.debian.org/security/2004/dsa-591 Debian Security Information: DSA-601 (Google Search) http://www.debian.org/security/2004/dsa-601 Debian Security Information: DSA-602 (Google Search) http://www.debian.org/security/2004/dsa-602 http://www.mandriva.com/security/advisories?name=MDKSA-2004:132 http://www.mandriva.com/security/advisories?name=MDKSA-2006:113 http://www.mandriva.com/security/advisories?name=MDKSA-2006:114 http://www.mandriva.com/security/advisories?name=MDKSA-2006:122 http://www.redhat.com/support/errata/RHSA-2004-638.html SuSE Security Announcement: SUSE-SR:2006:003 (Google Search) http://lists.suse.com/archive/suse-security-announce/2006-Feb/0001.html http://www.trustix.org/errata/2004/0058 http://marc.theaimsgroup.com/?l=bugtraq&m=109907605501428&w=2 http://marc.theaimsgroup.com/?l=bugtraq&m=110055781015402&w=2 Computer Incident Advisory Center Bulletin: P-071 http://www.ciac.org/ciac/bulletins/p-071.shtml http://www.securityfocus.com/bid/11523 http://www.osvdb.org/11190 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1260 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9952 http://secunia.com/advisories/18717 http://secunia.com/advisories/20866 http://secunia.com/advisories/20824 http://secunia.com/advisories/21050 http://secunia.com/advisories/23783 XForce ISS Database: gd-png-bo(17866) http://xforce.iss.net/xforce/xfdb/17866
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

This is only one of 32582 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.

New User Registration Email: UserID: Passwd: Please email me your monthly newsletters, informing the latest services, improvements & surveys. Please email me a vulnerability test announcement whenever a new test is added.     Privacy

Registered User Login   UserID:     Passwd:     Forgot userid or passwd? Email/Userid: