Test ID:	1.3.6.1.4.1.25623.1.0.68738
Category:	Mandrake Local Security Checks
Title:	Mandriva Security Advisory MDVSA-2011:009 (gif2png)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing an update to gif2png announced via advisory MDVSA-2011:009. A vulnerability has been found and corrected in gif2png: Stack-based buffer overflow in gif2png.c in gif2png 2.5.3 and earlier might allow context-dependent attackers to execute arbitrary code via a long command-line argument, as demonstrated by a CGI program that launches gif2png (CVE-2009-5018). Buffer overflow in gif2png.c in gif2png 2.5.3 and earlier might allow context-dependent attackers to cause a denial of service (application crash) or have unspecified other impact via a GIF file that contains many images, leading to long extensions such as .p100 for PNG output files, as demonstrated by a CGI program that launches gif2png, a different vulnerability than CVE-2009-5018 (CVE-2010-4694). Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&products_id=490 The updated packages have been patched to correct this issue. Affected: 2009.0, 2010.0, 2010.1 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. http://www.securityspace.com/smysecure/catid.html?in=MDVSA-2011:009 Risk factor : High CVSS Score: 6.8
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2009-5018 20091213 [gif2png] long filename Buffer Overrun http://lists.grok.org.uk/pipermail/full-disclosure/2009-December/072009.html 41801 http://www.securityfocus.com/bid/41801 42796 http://secunia.com/advisories/42796 ADV-2010-3036 http://www.vupen.com/english/advisories/2010/3036 ADV-2011-0023 http://www.vupen.com/english/advisories/2011/0023 ADV-2011-0107 http://www.vupen.com/english/advisories/2011/0107 FEDORA-2010-0358 http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051229.html GLSA-201101-01 http://security.gentoo.org/glsa/glsa-201101-01.xml MDVSA-2011:009 http://www.mandriva.com/security/advisories?name=MDVSA-2011:009 [oss-security] 20101121 CVE Request: gif2png: command-line buffer overflow problem http://openwall.com/lists/oss-security/2010/11/21/1 [oss-security] 20101121 Re: CVE Request: gif2png: command-line buffer overflow problem http://openwall.com/lists/oss-security/2010/11/22/1 http://openwall.com/lists/oss-security/2010/11/22/3 [oss-security] 20101122 Re: CVE Request: gif2png: command-line buffer overflow problem http://openwall.com/lists/oss-security/2010/11/22/12 gif2png-commandline-bo(64820) https://exchange.xforce.ibmcloud.com/vulnerabilities/64820 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=550978 http://bugs.gentoo.org/show_bug.cgi?id=346501 http://cvs.fedoraproject.org/viewvc/rpms/gif2png/devel/gif2png-overflow.patch?root=extras&view=log https://bugzilla.redhat.com/show_bug.cgi?id=547515 Common Vulnerability Exposure (CVE) ID: CVE-2010-4694 BugTraq ID: 45815 http://www.securityfocus.com/bid/45815 http://security.gentoo.org/glsa/glsa-201203-15.xml XForce ISS Database: gif2png-gif-bo(64754) https://exchange.xforce.ibmcloud.com/vulnerabilities/64754
Copyright	Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.