Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | |||
Test ID: | 1.3.6.1.4.1.25623.1.0.50693 |
Category: | Mandrake Local Security Checks |
Title: | Mandrake Security Advisory MDKSA-2003:030 (file) |
Summary: | NOSUMMARY |
Description: | Description: The remote host is missing an update to file announced via advisory MDKSA-2003:030. A memory allocation problem in file was found by Jeff Johnson, and a stack overflow corruption problem was found by David Endler. These problems have been corrected in file version 3.41 and likely affect all previous version. These problems pose a security threat as they can be used to execute arbitrary code by an attacker under the privileges of another user. Note that the attacker must first somehow convince the target user to execute file against a specially crafted file that triggers the buffer overflow in file. Affected versions: 7.2, 8.0, 8.1, 8.2, 9.0, Corporate Server 2.1, Single Network Firewall 7.2 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. http://www.securityspace.com/smysecure/catid.html?in=MDKSA-2003:030 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0102 http://www.idefense.com/advisory/03.04.03.txt Risk factor : Medium CVSS Score: 4.6 |
Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2003-0102 BugTraq ID: 7008 http://www.securityfocus.com/bid/7008 Bugtraq: 20030304 [OpenPKG-SA-2003.017] OpenPKG Security Advisory (file) (Google Search) Bugtraq: 20030304 iDEFENSE Security Advisory 03.04.03: Locally Exploitable Buffer Overflow in file(1) (Google Search) http://marc.info/?l=bugtraq&m=104680706201721&w=2 CERT/CC vulnerability note: VU#611865 http://www.kb.cert.org/vuls/id/611865 Debian Security Information: DSA-260 (Google Search) http://www.debian.org/security/2003/dsa-260 Immunix Linux Advisory: IMNX-2003-7+-012-01 http://lwn.net/Alerts/34908/ http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:030 http://www.idefense.com/advisory/03.04.03.txt NETBSD Security Advisory: NetBSD-SA2003-003 ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-003.txt.asc http://www.redhat.com/support/errata/RHSA-2003-086.html http://www.redhat.com/support/errata/RHSA-2003-087.html SuSE Security Announcement: SuSE-SA:2003:017 (Google Search) http://www.novell.com/linux/security/advisories/2003_017_file.html XForce ISS Database: file-afctr-read-bo(11469) https://exchange.xforce.ibmcloud.com/vulnerabilities/11469 |
Copyright | Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com |
This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |