English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 145615 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.57215
Category:Trustix Local Security Checks
Title:Trustix Security Advisory TSLSA-2006-0044 (Multiple packages)
Summary:NOSUMMARY
Description:Description:

The remote host is missing updates announced in
advisory TSLSA-2006-0044.

apache < TSL 3.0 > < TSL 2.2 > < TSEL 2 >
- SECURITY Fix: A vulnerability has been reported in Apache HTTP Server,
which potentially can be exploited by malicious people to compromise
a vulnerable system. The vulnerability is caused by a off-by-one error
in mod_rewrite within the ldap scheme handling and can be exploited
to cause a one-byte buffer overflow.

The Common Vulnerabilities and Exposures project has assigned the
name CVE-2006-3747 to this issue.


gnupg < TSL 3.0 > < TSL 2.2 > < TSEL 2 >
- SECURITY Fix: Evgeny Legerov has reported a vulnerability in GnuPG,
caused due to an input validation error in parse_packet.c when
handling certain message packets. This can be exploited to cause
GnuPG to consume large amounts of memory or crash via an overly
long comment length in a message packet. This can further be
exploited to cause an integer overflow, which leads to possible
memory corruption and crashes GnuPG.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CVE-2006-3746 to this issue.

libtiff < TSL 3.0 > < TSL 2.2 > < TSEL 2 >
- SECURITY Fix: Tavis Ormandy, Google Security Team has reported some
vulnerabilities in libTIFF, which can be exploited by malicious people
to cause a DoS or potentially compromise a vulnerable system. The
vulnerabilities are caused due to various heap and integer overflows
when processing TIFF images and can be exploited via a specially
crafted TIFF image.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the names CVE-2006-3459, CVE-2006-3460, CVE-2006-3461,
CVE-2006-3462, CVE-2006-3463, CVE-2006-3464 and CVE-2006-3465
these issues.

Solution:
Update your system with the packages as indicated in
the referenced security advisory.

http://www.securityspace.com/smysecure/catid.html?in=TSLSA-2006-0044

Risk factor : High

CVSS Score:
7.8

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2006-3747
1016601
http://securitytracker.com/id?1016601
102662
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102662-1
102663
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102663-1
1312
http://securityreason.com/securityalert/1312
19204
http://www.securityfocus.com/bid/19204
2006-0044
http://lwn.net/Alerts/194228/
20060728 Apache 1.3.29/2.X mod_rewrite Buffer Overflow Vulnerability CVE-2006-3747
http://lists.grok.org.uk/pipermail/full-disclosure/2006-July/048267.html
20060728 Apache mod_rewrite Buffer Overflow Vulnerability
http://www.securityfocus.com/archive/1/441487/100/0/threaded
20060728 [Announcement] Apache HTTP Server 2.2.3 (2.0.59, 1.3.37) Released
http://lists.grok.org.uk/pipermail/full-disclosure/2006-July/048271.html
http://www.securityfocus.com/archive/1/441485/100/0/threaded
20060728 rPSA-2006-0139-1 httpd mod_ssl
http://www.securityfocus.com/archive/1/441526/100/200/threaded
20060820 POC & exploit for Apache mod_rewrite off-by-one
http://www.securityfocus.com/archive/1/443870/100/0/threaded
21197
http://secunia.com/advisories/21197
21241
http://secunia.com/advisories/21241
21245
http://secunia.com/advisories/21245
21247
http://secunia.com/advisories/21247
21266
http://secunia.com/advisories/21266
21273
http://secunia.com/advisories/21273
21284
http://secunia.com/advisories/21284
21307
http://secunia.com/advisories/21307
21313
http://secunia.com/advisories/21313
21315
http://secunia.com/advisories/21315
21346
http://secunia.com/advisories/21346
21478
http://secunia.com/advisories/21478
21509
http://secunia.com/advisories/21509
22262
http://secunia.com/advisories/22262
22368
http://secunia.com/advisories/22368
22388
http://secunia.com/advisories/22388
22523
http://secunia.com/advisories/22523
23028
http://secunia.com/advisories/23028
23260
http://secunia.com/advisories/23260
26329
http://secunia.com/advisories/26329
27588
http://www.osvdb.org/27588
29420
http://secunia.com/advisories/29420
29849
http://secunia.com/advisories/29849
30430
http://secunia.com/advisories/30430
ADV-2006-3017
http://www.vupen.com/english/advisories/2006/3017
ADV-2006-3264
http://www.vupen.com/english/advisories/2006/3264
ADV-2006-3282
http://www.vupen.com/english/advisories/2006/3282
ADV-2006-3884
http://www.vupen.com/english/advisories/2006/3884
ADV-2006-3995
http://www.vupen.com/english/advisories/2006/3995
ADV-2006-4015
http://www.vupen.com/english/advisories/2006/4015
ADV-2006-4207
http://www.vupen.com/english/advisories/2006/4207
ADV-2006-4300
http://www.vupen.com/english/advisories/2006/4300
ADV-2006-4868
http://www.vupen.com/english/advisories/2006/4868
ADV-2007-2783
http://www.vupen.com/english/advisories/2007/2783
ADV-2008-0924
http://www.vupen.com/english/advisories/2008/0924/references
ADV-2008-1246
http://www.vupen.com/english/advisories/2008/1246/references
ADV-2008-1697
http://www.vupen.com/english/advisories/2008/1697
APPLE-SA-2008-03-18
http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html
APPLE-SA-2008-05-28
http://lists.apple.com/archives/security-announce/2008//May/msg00001.html
DSA-1131
http://www.debian.org/security/2006/dsa-1131
DSA-1132
http://www.debian.org/security/2006/dsa-1132
GLSA-200608-01
http://security.gentoo.org/glsa/glsa-200608-01.xml
HPSBMA02250
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01118771
HPSBMA02328
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01428449
HPSBOV02683
http://marc.info/?l=bugtraq&m=130497311408250&w=2
HPSBUX02145
http://www.securityfocus.com/archive/1/445206/100/0/threaded
HPSBUX02164
http://www.securityfocus.com/archive/1/450321/100/0/threaded
MDKSA-2006:133
http://www.mandriva.com/security/advisories?name=MDKSA-2006:133
OpenPKG-SA-2006.015
http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.015-apache.html
PK27875
http://www-1.ibm.com/support/docview.wss?uid=swg24013080
PK29154
http://www-1.ibm.com/support/docview.wss?uid=swg1PK29154
PK29156
http://www-1.ibm.com/support/docview.wss?uid=swg1PK29156
SSRT061202
SSRT061265
SSRT061275
SSRT071293
SSRT090208
SUSE-SA:2006:043
http://www.novell.com/linux/security/advisories/2006_43_apache.html
TA08-150A
http://www.us-cert.gov/cas/techalerts/TA08-150A.html
USN-328-1
http://www.ubuntu.com/usn/usn-328-1
VU#395412
http://www.kb.cert.org/vuls/id/395412
[httpd-cvs] 20190815 svn commit: r1048742 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E
[httpd-cvs] 20190815 svn commit: r1048743 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E
[httpd-cvs] 20200401 svn commit: r1058586 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E
[httpd-cvs] 20200401 svn commit: r1058587 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E
[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E
[httpd-cvs] 20210330 svn commit: r1073139 [4/13] - in /websites/staging/httpd/trunk/content: ./ security/json/
https://lists.apache.org/thread.html/reb542d2038e9c331506e0cbff881b47e40fbe2bd93ff00979e60cdf7%40%3Ccvs.httpd.apache.org%3E
[httpd-cvs] 20210330 svn commit: r1073140 [1/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5%40%3Ccvs.httpd.apache.org%3E
[httpd-cvs] 20210330 svn commit: r1073140 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E
[httpd-cvs] 20210330 svn commit: r1073143 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/
https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E
[httpd-cvs] 20210330 svn commit: r1073146 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities-httpd.xml security/vulnerabilities_22.html security/vulnerabilities_24.html
https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E
[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/
https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E
[httpd-cvs] 20210330 svn commit: r1073149 [5/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/
https://lists.apache.org/thread.html/rafd145ba6cd0a4ced113a5823cdaff45aeb36eb09855b216401c66d6%40%3Ccvs.httpd.apache.org%3E
[httpd-cvs] 20210330 svn commit: r1888194 [4/13] - /httpd/site/trunk/content/security/json/
https://lists.apache.org/thread.html/r652fc951306cdeca5a276e2021a34878a76695a9f3cfb6490b4a6840%40%3Ccvs.httpd.apache.org%3E
[httpd-cvs] 20210606 svn commit: r1075470 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E
apache-modrewrite-offbyone-bo(28063)
https://exchange.xforce.ibmcloud.com/vulnerabilities/28063
http://docs.info.apple.com/article.html?artnum=307562
http://kbase.redhat.com/faq/FAQ_68_8653.shtm
http://svn.apache.org/viewvc?view=rev&revision=426144
http://www-1.ibm.com/support/docview.wss?uid=swg27007951
http://www.apache.org/dist/httpd/Announcement2.0.html
http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=3117
https://issues.rpath.com/browse/RPL-538
Common Vulnerability Exposure (CVE) ID: CVE-2006-3746
BugTraq ID: 19110
http://www.securityfocus.com/bid/19110
Bugtraq: 20060802 rPSA-2006-0143-1 gnupg (Google Search)
http://www.securityfocus.com/archive/1/442012/100/0/threaded
Bugtraq: 20060808 ERRATA: [ GLSA 200608-08 ] GnuPG: Integer overflow vulnerability (Google Search)
http://www.securityfocus.com/archive/1/442621/100/100/threaded
Debian Security Information: DSA-1140 (Google Search)
http://www.debian.org/security/2006/dsa-1140
Debian Security Information: DSA-1141 (Google Search)
http://www.debian.org/security/2006/dsa-1141
http://security.gentoo.org/glsa/glsa-200608-08.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2006:141
http://bugs.debian.org/cgi-bin/bugreport.cgi/gnupg.CVE-2006-3746.diff?bug=381204;msg=15;att=1
http://issues.rpath.com/browse/RPL-560
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=200502
http://lists.immunitysec.com/pipermail/dailydave/2006-July/003354.html
http://www.gossamer-threads.com/lists/gnupg/devel/37623
http://www.osvdb.org/27664
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11347
http://www.redhat.com/support/errata/RHSA-2006-0615.html
http://securitytracker.com/id?1016622
http://secunia.com/advisories/21297
http://secunia.com/advisories/21300
http://secunia.com/advisories/21306
http://secunia.com/advisories/21326
http://secunia.com/advisories/21329
http://secunia.com/advisories/21333
http://secunia.com/advisories/21351
http://secunia.com/advisories/21378
http://secunia.com/advisories/21467
http://secunia.com/advisories/21522
http://secunia.com/advisories/21524
http://secunia.com/advisories/21598
SGI Security Advisory: 20060801-01-P
ftp://patches.sgi.com/support/free/security/advisories/20060801-01-P
SuSE Security Announcement: SUSE-SR:2006:020 (Google Search)
http://www.novell.com/linux/security/advisories/2006_20_sr.html
http://www.ubuntu.com/usn/usn-332-1
http://www.vupen.com/english/advisories/2006/3123
XForce ISS Database: gnupg-parsecomment-bo(28220)
https://exchange.xforce.ibmcloud.com/vulnerabilities/28220
Common Vulnerability Exposure (CVE) ID: CVE-2006-3459
http://lists.apple.com/archives/security-announce/2006//Aug/msg00000.html
BugTraq ID: 19283
http://www.securityfocus.com/bid/19283
BugTraq ID: 19289
http://www.securityfocus.com/bid/19289
Cert/CC Advisory: TA06-214A
http://www.us-cert.gov/cas/techalerts/TA06-214A.html
Debian Security Information: DSA-1137 (Google Search)
http://www.debian.org/security/2006/dsa-1137
http://www.gentoo.org/security/en/glsa/glsa-200608-07.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2006:136
http://www.mandriva.com/security/advisories?name=MDKSA-2006:137
http://secunia.com/blog/76
http://www.osvdb.org/27723
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11497
http://www.redhat.com/support/errata/RHSA-2006-0603.html
http://www.redhat.com/support/errata/RHSA-2006-0648.html
http://securitytracker.com/id?1016628
http://securitytracker.com/id?1016671
http://secunia.com/advisories/21253
http://secunia.com/advisories/21274
http://secunia.com/advisories/21290
http://secunia.com/advisories/21304
http://secunia.com/advisories/21319
http://secunia.com/advisories/21334
http://secunia.com/advisories/21338
http://secunia.com/advisories/21370
http://secunia.com/advisories/21392
http://secunia.com/advisories/21501
http://secunia.com/advisories/21537
http://secunia.com/advisories/21632
http://secunia.com/advisories/22036
http://secunia.com/advisories/27181
http://secunia.com/advisories/27222
http://secunia.com/advisories/27832
SGI Security Advisory: 20060901-01-P
ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.asc
http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.536600
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103160-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-201331-1
SuSE Security Announcement: SUSE-SA:2006:044 (Google Search)
http://www.novell.com/linux/security/advisories/2006_44_libtiff.html
http://www.ubuntu.com/usn/usn-330-1
http://www.vupen.com/english/advisories/2006/3101
http://www.vupen.com/english/advisories/2006/3105
http://www.vupen.com/english/advisories/2007/3486
http://www.vupen.com/english/advisories/2007/4034
Common Vulnerability Exposure (CVE) ID: CVE-2006-3460
BugTraq ID: 19288
http://www.securityfocus.com/bid/19288
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11265
Common Vulnerability Exposure (CVE) ID: CVE-2006-3461
BugTraq ID: 19290
http://www.securityfocus.com/bid/19290
http://www.osvdb.org/27725
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9910
Common Vulnerability Exposure (CVE) ID: CVE-2006-3462
BugTraq ID: 19282
http://www.securityfocus.com/bid/19282
http://docs.info.apple.com/article.html?artnum=304063
http://www.osvdb.org/27726
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11301
Common Vulnerability Exposure (CVE) ID: CVE-2006-3463
BugTraq ID: 19284
http://www.securityfocus.com/bid/19284
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10639
Common Vulnerability Exposure (CVE) ID: CVE-2006-3464
BugTraq ID: 19286
http://www.securityfocus.com/bid/19286
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10916
Common Vulnerability Exposure (CVE) ID: CVE-2006-3465
BugTraq ID: 19287
http://www.securityfocus.com/bid/19287
http://www.osvdb.org/27729
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9067
CopyrightCopyright (c) 2006 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.