Test ID:	1.3.6.1.4.1.25623.1.0.66021
Category:	Mandrake Local Security Checks
Title:	Mandrake Security Advisory MDVSA-2009:264 (gd)
Summary:	The remote host is missing an update to gd;announced via advisory MDVSA-2009:264.
Description:	Summary: The remote host is missing an update to gd announced via advisory MDVSA-2009:264. Vulnerability Insight: Multiple integer overflows in libgd in PHP before 5.2.4 allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large (1) srcW or (2) srcH value to the (a) gdImageCopyResized function, or a large (3) sy (height) or (4) sx (width) value to the (b) gdImageCreate or the (c) gdImageCreateTrueColor function. (CVE-2007-3996) The updated packages have been patched to prevent this. Affected: Corporate 3.0, Multi Network Firewall 2.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2007-3996 Debian Security Information: DSA-1613 (Google Search) http://www.debian.org/security/2008/dsa-1613 https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00354.html http://www.gentoo.org/security/en/glsa/glsa-200710-02.xml http://security.gentoo.org/glsa/glsa-200712-13.xml http://www.mandriva.com/security/advisories?name=MDKSA-2007:187 http://secweb.se/en/advisories/php-imagecopyresized-integer-overflow/ http://secweb.se/en/advisories/php-imagecreatetruecolor-integer-overflow/ https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11147 http://www.redhat.com/support/errata/RHSA-2007-0888.html RedHat Security Advisories: RHSA-2007:0889 http://rhn.redhat.com/errata/RHSA-2007-0889.html http://www.redhat.com/support/errata/RHSA-2007-0890.html http://www.redhat.com/support/errata/RHSA-2007-0891.html http://secunia.com/advisories/26642 http://secunia.com/advisories/26822 http://secunia.com/advisories/26838 http://secunia.com/advisories/26871 http://secunia.com/advisories/26895 http://secunia.com/advisories/26930 http://secunia.com/advisories/26967 http://secunia.com/advisories/27102 http://secunia.com/advisories/27351 http://secunia.com/advisories/27377 http://secunia.com/advisories/27545 http://secunia.com/advisories/28009 http://secunia.com/advisories/28147 http://secunia.com/advisories/28658 http://secunia.com/advisories/31168 http://securityreason.com/securityalert/3103 SuSE Security Announcement: SUSE-SA:2008:004 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00006.html http://www.trustix.org/errata/2007/0026/ http://www.ubuntu.com/usn/usn-557-1 http://www.vupen.com/english/advisories/2007/3023 XForce ISS Database: php-gdimagecopyresized-bo(36383) https://exchange.xforce.ibmcloud.com/vulnerabilities/36383 XForce ISS Database: php-gdimagecreate-bo(36382) https://exchange.xforce.ibmcloud.com/vulnerabilities/36382
Copyright	Copyright (C) 2009 E-Soft Inc.

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.