Mandrake Local Security Checks : Mandrake Security Advisory MDKSA-2003:030 (file)

Búsqueda de Vulnerabilidad		Buscar 219043 Descripciones CVE y 99761 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.50693

Categoría: Mandrake Local Security Checks

Título: Mandrake Security Advisory MDKSA-2003:030 (file)

Resumen: NOSUMMARY

Descripción: Description:

The remote host is missing an update to file
announced via advisory MDKSA-2003:030.

A memory allocation problem in file was found by Jeff Johnson, and a
stack overflow corruption problem was found by David Endler. These
problems have been corrected in file version 3.41 and likely affect
all previous version. These problems pose a security threat as they
can be used to execute arbitrary code by an attacker under the
privileges of another user. Note that the attacker must first
somehow convince the target user to execute file against a specially
crafted file that triggers the buffer overflow in file.

Affected versions: 7.2, 8.0, 8.1, 8.2, 9.0, Corporate Server 2.1,
Single Network Firewall 7.2

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

http://www.securityspace.com/smysecure/catid.html?in=MDKSA-2003:030
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0102
http://www.idefense.com/advisory/03.04.03.txt

Risk factor : Medium

CVSS Score:
4.6

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2003-0102
BugTraq ID: 7008
http://www.securityfocus.com/bid/7008
Bugtraq: 20030304 [OpenPKG-SA-2003.017] OpenPKG Security Advisory (file) (Google Search)
Bugtraq: 20030304 iDEFENSE Security Advisory 03.04.03: Locally Exploitable Buffer Overflow in file(1) (Google Search)
http://marc.info/?l=bugtraq&m=104680706201721&w=2
CERT/CC vulnerability note: VU#611865
http://www.kb.cert.org/vuls/id/611865
Debian Security Information: DSA-260 (Google Search)
http://www.debian.org/security/2003/dsa-260
Immunix Linux Advisory: IMNX-2003-7+-012-01
http://lwn.net/Alerts/34908/
http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:030
http://www.idefense.com/advisory/03.04.03.txt
NETBSD Security Advisory: NetBSD-SA2003-003
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-003.txt.asc
http://www.redhat.com/support/errata/RHSA-2003-086.html
http://www.redhat.com/support/errata/RHSA-2003-087.html
SuSE Security Announcement: SuSE-SA:2003:017 (Google Search)
http://www.novell.com/linux/security/advisories/2003_017_file.html
XForce ISS Database: file-afctr-read-bo(11469)
https://exchange.xforce.ibmcloud.com/vulnerabilities/11469

Copyright Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.50693
Categoría:	Mandrake Local Security Checks
Título:	Mandrake Security Advisory MDKSA-2003:030 (file)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to file announced via advisory MDKSA-2003:030. A memory allocation problem in file was found by Jeff Johnson, and a stack overflow corruption problem was found by David Endler. These problems have been corrected in file version 3.41 and likely affect all previous version. These problems pose a security threat as they can be used to execute arbitrary code by an attacker under the privileges of another user. Note that the attacker must first somehow convince the target user to execute file against a specially crafted file that triggers the buffer overflow in file. Affected versions: 7.2, 8.0, 8.1, 8.2, 9.0, Corporate Server 2.1, Single Network Firewall 7.2 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. http://www.securityspace.com/smysecure/catid.html?in=MDKSA-2003:030 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0102 http://www.idefense.com/advisory/03.04.03.txt Risk factor : Medium CVSS Score: 4.6
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2003-0102 BugTraq ID: 7008 http://www.securityfocus.com/bid/7008 Bugtraq: 20030304 [OpenPKG-SA-2003.017] OpenPKG Security Advisory (file) (Google Search) Bugtraq: 20030304 iDEFENSE Security Advisory 03.04.03: Locally Exploitable Buffer Overflow in file(1) (Google Search) http://marc.info/?l=bugtraq&m=104680706201721&w=2 CERT/CC vulnerability note: VU#611865 http://www.kb.cert.org/vuls/id/611865 Debian Security Information: DSA-260 (Google Search) http://www.debian.org/security/2003/dsa-260 Immunix Linux Advisory: IMNX-2003-7+-012-01 http://lwn.net/Alerts/34908/ http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:030 http://www.idefense.com/advisory/03.04.03.txt NETBSD Security Advisory: NetBSD-SA2003-003 ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-003.txt.asc http://www.redhat.com/support/errata/RHSA-2003-086.html http://www.redhat.com/support/errata/RHSA-2003-087.html SuSE Security Announcement: SuSE-SA:2003:017 (Google Search) http://www.novell.com/linux/security/advisories/2003_017_file.html XForce ISS Database: file-afctr-read-bo(11469) https://exchange.xforce.ibmcloud.com/vulnerabilities/11469
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com