Test ID:	1.3.6.1.4.1.25623.1.0.56941
Category:	Trustix Local Security Checks
Title:	Trustix Security Advisory TSLSA-2006-0034 (Multiple packages)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing updates announced in advisory TSLSA-2006-0034. binutils < TSL 3.0 > < TSL 2.2 > < TSEL 2 > - SECURITY Fix: A vulnerability has been identified which could be exploited by attackers to execute arbitrary code or cause a denial of service. This flaw is due to a buffer overflow error in the libbfd library [bfd/tekhex.c] when processing a file containing malformed a Tektronix Hex Format (TekHex) record, which could be exploited by attackers to crash an affected application or compromise a vulnerable system via a malicious file. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2006-2362 to this issue. mysql < TSL 3.0 > < TSL 2.2 > - SECURITY Fix: A vulnerability has been reported in MySQL caused due to an error within the server when parsing a query string that is escaped with the mysql_real_escape_string() function. This can potentially be exploited in an environment that uses multi-byte character encoding to bypass SQL injection escaping. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2006-2753 to this issue. spamassassin < TSL 3.0 > < TSL 2.2 > - SECURITY Fix: A vulnerability has been reported in SpamAssassin, which can be exploited by malicious people to compromise a vulnerable system. SpamAssassin when running with vpopmail and the paranoid (-P) switch, allows remote attackers to execute arbitrary commands via a crafted message that is not properly handled when invoking spamd with the virtual pop username. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2006-2447 to this issue. Solution: Update your system with the packages as indicated in the referenced security advisory. http://www.securityspace.com/smysecure/catid.html?in=TSLSA-2006-0034 Risk factor : High CVSS Score: 7.5
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2006-2362 http://lists.apple.com/archives/security-announce/2007/Oct/msg00001.html BugTraq ID: 17950 http://www.securityfocus.com/bid/17950 http://www.mail-archive.com/bug-binutils@gnu.org/msg01516.html http://www.securitytracker.com/id?1018872 http://secunia.com/advisories/20188 http://secunia.com/advisories/20531 http://secunia.com/advisories/20550 http://secunia.com/advisories/22932 http://secunia.com/advisories/27441 SuSE Security Announcement: SUSE-SR:2006:026 (Google Search) http://www.novell.com/linux/security/advisories/2006_26_sr.html http://www.trustix.org/errata/2006/0034/ http://www.ubuntu.com/usn/usn-292-1 http://www.vupen.com/english/advisories/2006/1924 http://www.vupen.com/english/advisories/2007/3665 XForce ISS Database: binutils-libbfd-bo(26644) https://exchange.xforce.ibmcloud.com/vulnerabilities/26644 Common Vulnerability Exposure (CVE) ID: CVE-2006-2753 1016216 http://securitytracker.com/id?1016216 18219 http://www.securityfocus.com/bid/18219 2006-0034 20365 http://secunia.com/advisories/20365 20489 http://secunia.com/advisories/20489 20531 20541 http://secunia.com/advisories/20541 20562 http://secunia.com/advisories/20562 20625 http://secunia.com/advisories/20625 20712 http://secunia.com/advisories/20712 24479 http://secunia.com/advisories/24479 ADV-2006-2105 http://www.vupen.com/english/advisories/2006/2105 ADV-2007-0930 http://www.vupen.com/english/advisories/2007/0930 APPLE-SA-2007-03-13 http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html DSA-1092 http://www.debian.org/security/2006/dsa-1092 GLSA-200606-13 http://www.gentoo.org/security/en/glsa/glsa-200606-13.xml MDKSA-2006:097 http://www.mandriva.com/security/advisories?name=MDKSA-2006:097 RHSA-2006:0544 http://www.redhat.com/support/errata/RHSA-2006-0544.html TA07-072A http://www.us-cert.gov/cas/techalerts/TA07-072A.html USN-288-3 http://www.ubuntu.com/usn/usn-288-3 USN-303-1 https://usn.ubuntu.com/303-1/ http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=369735 http://docs.info.apple.com/article.html?artnum=305214 http://lists.mysql.com/announce/364 mysql-ascii-sql-injection(26875) https://exchange.xforce.ibmcloud.com/vulnerabilities/26875 oval:org.mitre.oval:def:10312 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10312 Common Vulnerability Exposure (CVE) ID: CVE-2006-2447 1016230 http://securitytracker.com/id?1016230 1016235 http://securitytracker.com/id?1016235 18290 http://www.securityfocus.com/bid/18290 20060607 rPSA-2006-0096-1 spamassassin http://www.securityfocus.com/archive/1/436288/100/0/threaded 20430 http://secunia.com/advisories/20430 20443 http://secunia.com/advisories/20443 20482 http://secunia.com/advisories/20482 20566 http://secunia.com/advisories/20566 20692 http://secunia.com/advisories/20692 ADV-2006-2148 http://www.vupen.com/english/advisories/2006/2148 DSA-1090 http://www.debian.org/security/2006/dsa-1090 GLSA-200606-09 http://www.gentoo.org/security/en/glsa/glsa-200606-09.xml MDKSA-2006:103 http://www.mandriva.com/security/advisories?name=MDKSA-2006:103 RHSA-2006:0543 http://www.redhat.com/support/errata/RHSA-2006-0543.html http://www.nabble.com/ANNOUNCE%3A-Apache-SpamAssassin-3.1.3-available%21-t1736096.html oval:org.mitre.oval:def:9184 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9184 spamassassin-spamd-command-execution(27008) https://exchange.xforce.ibmcloud.com/vulnerabilities/27008
Copyright	Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.