ID de Prueba:	1.3.6.1.4.1.25623.1.0.51308
Categoría:	Red Hat Local Security Checks
Título:	RedHat Security Advisory RHSA-2005:039
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory RHSA-2005:039. GNU enscript converts ASCII files to PostScript. Enscript has the ability to interpret special escape sequences. A flaw was found in the handling of the epsf command used to insert inline EPS files into a document. An attacker could create a carefully crafted ASCII file which made use of the epsf pipe command in such a way that it could execute arbitrary commands if the file was opened with enscript by a victim. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-1184 to this issue. Additional flaws in Enscript were also discovered which can only be triggered by executing enscript with carefully crafted command line arguments. These flaws therefore only have a security impact if enscript is executed by other programs and passed untrusted data from remote users. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2004-1185 and CVE-2004-1186 to these issues. All users of enscript should upgrade to these updated packages, which resolve these issues. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2005-039.html Risk factor : High CVSS Score: 7.5
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2004-1184 http://lists.apple.com/archives/security-announce/2009/May/msg00002.html BugTraq ID: 12329 http://www.securityfocus.com/bid/12329 Bugtraq: 20060526 rPSA-2006-0083-1 enscript (Google Search) http://www.securityfocus.com/archive/1/435199/100/0/threaded Cert/CC Advisory: TA09-133A http://www.us-cert.gov/cas/techalerts/TA09-133A.html Debian Security Information: DSA-654 (Google Search) http://www.debian.org/security/2005/dsa-654 http://www.securityfocus.com/archive/1/419768/100/0/threaded http://www.gentoo.org/security/en/glsa/glsa-200502-03.xml http://www.mandriva.com/security/advisories?name=MDKSA-2005:033 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9658 http://www.redhat.com/support/errata/RHSA-2005-040.html http://securitytracker.com/id?1012965 http://secunia.com/advisories/35074 https://usn.ubuntu.com/68-1/ http://www.vupen.com/english/advisories/2009/1297 XForce ISS Database: enscript-epsf-command-ececution(19012) https://exchange.xforce.ibmcloud.com/vulnerabilities/19012 Common Vulnerability Exposure (CVE) ID: CVE-2004-1185 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10808 XForce ISS Database: enscript-filename-command-execution(19029) https://exchange.xforce.ibmcloud.com/vulnerabilities/19029 Common Vulnerability Exposure (CVE) ID: CVE-2004-1186 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11134 XForce ISS Database: enscript-multiple-bo(19033) https://exchange.xforce.ibmcloud.com/vulnerabilities/19033
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.