English | Deutsch | Español
 
Inicial ▼
Página inicial Acerca Nuestro Contáctenos Privacidad Programas de Asociados Testimonios En la Prensa Listas de Correos Abuso Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
 
Auditorias ▼
Inicial Dedicada Avanzada Estándar Periódica Sin Riesgo Escritorio Básica Sello FAQ Resumen de Precio/Funciones Ordenar Nuevas Pruebas Todas las Pruebas Confidencialidad Búsqueda de Vulnerabilidad Ejecutar Auditoría Programador IP Permissions Auditorías Personalizadas Cola Recordatorio Sellos Informes Estilos de Informes
DNS
Administrado ▼
Acerca de DNS Ordenar/Renovar Preguntas Frecuentes AUP Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password
Monitoreo
de Redes ▼
Enterprise Avanzado Estándarr Prueba Preguntas Frecuentes Resumen de Precio/Funciones Ordenar Muestras
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Iniciar sesión/Registrarse 
 
 Búsqueda de    
Vulnerabilidad   		     Buscar 219043 Descripciones CVE y
99761 Descripciones de Pruebas,
accesos 10,000+ referencias cruzadas.
Pruebas   CVE   Todos  

ID de Prueba:1.3.6.1.4.1.25623.1.0.59659
Categoría:Trustix Local Security Checks
Título:Trustix Security Advisory TSLSA-2007-0024 (Multiple packages)
Resumen:NOSUMMARY
Descripción:Description:

The remote host is missing updates announced in
advisory TSLSA-2007-0024.

file < TSL 3.0.5 > < TSL 3.0 > < TSL 2.2 > < TSEL 2>
- SECURITY Fix: Fixes integer overflow in the file program, that
might allow user-assisted attackers to execute arbitrary code via
a large file that triggers an overflow that bypasses an assert()
statement. This issue is due to an incorrect patch for CVE-2007-1536.

The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2007-2799 to this issue.

gd < TSL 3.0.5 > < TSL 3.0 > < TSL 2.2 >
- SECURITY Fix: Some vulnerabilities have been reported in the GD
Graphics Library, where some have unknown impact and others can
potentially be exploited to cause a DoS (SA25855).
Includes fixes for CVE-2007-3472 to CVE-2007-3478.

mutt < TSL 3.0.5 > < TSL 3.0 > < TSL 2.2 >
- New Upstream.
- SECURITY Fix: A vulnerability has been reported in mutt, caused
due to a boundary error in the mutt_gecos_name() function when
processing & characters in the GECOS field. This can be exploited
to cause a buffer overflow during alias expansion.
- A weakness has been identified which is caused by an error in the
APOP protocol that fails to properly prevent MD5 collisions. This
could be exploited via man-in-the-middle attacks and specially
crafted message-IDs to potentially disclose the first three
characters of passwords.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the names CVE-2007-2683 and CVE-2007-1558 to these issue.

Solution:
Update your system with the packages as indicated in
the referenced security advisory.

http://www.securityspace.com/smysecure/catid.html?in=TSLSA-2007-0024

Risk factor : Critical

CVSS Score:
9.3

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2007-1536
http://lists.apple.com/archives/security-announce/2007/May/msg00004.html
BugTraq ID: 23021
http://www.securityfocus.com/bid/23021
Bugtraq: 20070825 OpenBSD 4.1 - Heap overflow vulnerabillity (Google Search)
http://www.securityfocus.com/archive/1/477861/100/0/threaded
Bugtraq: 20070828 Re: OpenBSD 4.1 - Heap overflow vulnerabillity (Google Search)
http://www.securityfocus.com/archive/1/477950/100/0/threaded
CERT/CC vulnerability note: VU#606700
http://www.kb.cert.org/vuls/id/606700
Debian Security Information: DSA-1274 (Google Search)
http://www.debian.org/security/2007/dsa-1274
FreeBSD Security Advisory: FreeBSD-SA-07:04
http://security.freebsd.org/advisories/FreeBSD-SA-07:04.file.asc
http://security.gentoo.org/glsa/glsa-200703-26.xml
http://security.gentoo.org/glsa/glsa-200710-19.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2007:067
http://mx.gw.com/pipermail/file/2007/000161.html
NETBSD Security Advisory: NetBSD-SA2008-001
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-001.txt.asc
OpenBSD Security Advisory: [4.0] 20070709 015: SECURITY FIX: July 9, 2007
http://openbsd.org/errata40.html#015_file
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10658
http://www.redhat.com/support/errata/RHSA-2007-0124.html
http://www.securitytracker.com/id?1017796
http://secunia.com/advisories/24548
http://secunia.com/advisories/24592
http://secunia.com/advisories/24604
http://secunia.com/advisories/24608
http://secunia.com/advisories/24616
http://secunia.com/advisories/24617
http://secunia.com/advisories/24723
http://secunia.com/advisories/24754
http://secunia.com/advisories/25133
http://secunia.com/advisories/25393
http://secunia.com/advisories/25402
http://secunia.com/advisories/25931
http://secunia.com/advisories/25989
http://secunia.com/advisories/27307
http://secunia.com/advisories/27314
http://secunia.com/advisories/29179
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.512926
SuSE Security Announcement: SUSE-SA:2007:040 (Google Search)
http://www.novell.com/linux/security/advisories/2007_40_file.html
SuSE Security Announcement: SUSE-SR:2007:005 (Google Search)
http://www.novell.com/linux/security/advisories/2007_5_sr.html
http://www.ubuntu.com/usn/usn-439-1
http://www.vupen.com/english/advisories/2007/1040
http://www.vupen.com/english/advisories/2007/1939
XForce ISS Database: openbsd-file-bo(36283)
https://exchange.xforce.ibmcloud.com/vulnerabilities/36283
Common Vulnerability Exposure (CVE) ID: CVE-2007-2799
http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html
BugTraq ID: 24146
http://www.securityfocus.com/bid/24146
Bugtraq: 20070524 FLEA-2007-0022-1: file (Google Search)
http://www.securityfocus.com/archive/1/469520/30/6420/threaded
Debian Security Information: DSA-1343 (Google Search)
http://www.debian.org/security/2007/dsa-1343
http://www.gentoo.org/security/en/glsa/glsa-200705-25.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2007:114
http://osvdb.org/38498
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11012
http://www.redhat.com/support/errata/RHSA-2007-0391.html
http://www.securitytracker.com/id?1018140
http://secunia.com/advisories/25394
http://secunia.com/advisories/25544
http://secunia.com/advisories/25578
http://secunia.com/advisories/26203
http://secunia.com/advisories/26294
http://secunia.com/advisories/26415
http://secunia.com/advisories/29420
http://www.trustix.org/errata/2007/0024/
http://www.ubuntu.com/usn/usn-439-2
http://www.vupen.com/english/advisories/2007/2071
http://www.vupen.com/english/advisories/2008/0924/references
XForce ISS Database: file-assert-code-execution(34731)
https://exchange.xforce.ibmcloud.com/vulnerabilities/34731
Common Vulnerability Exposure (CVE) ID: CVE-2007-3472
BugTraq ID: 24651
http://www.securityfocus.com/bid/24651
Bugtraq: 20070907 FLEA-2007-0052-1 gd (Google Search)
http://www.securityfocus.com/archive/1/478796/100/0/threaded
http://fedoranews.org/updates/FEDORA-2007-205.shtml
http://www.redhat.com/archives/fedora-package-announce/2007-September/msg00311.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052854.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052848.html
http://security.gentoo.org/glsa/glsa-200708-05.xml
http://security.gentoo.org/glsa/glsa-200711-34.xml
http://security.gentoo.org/glsa/glsa-200805-13.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2007:153
http://www.mandriva.com/security/advisories?name=MDKSA-2007:164
http://bugs.libgd.org/?do=details&task_id=89
http://www.secweb.se/en/advisories/gd-gdimagecreatetruecolor-integer-overflow/
http://osvdb.org/37745
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11067
http://www.redhat.com/support/errata/RHSA-2008-0146.html
http://secunia.com/advisories/25855
http://secunia.com/advisories/25860
http://secunia.com/advisories/26272
http://secunia.com/advisories/26390
http://secunia.com/advisories/26467
http://secunia.com/advisories/26663
http://secunia.com/advisories/26766
http://secunia.com/advisories/26856
http://secunia.com/advisories/29157
http://secunia.com/advisories/30168
http://secunia.com/advisories/42813
SuSE Security Announcement: SUSE-SR:2007:015 (Google Search)
http://www.novell.com/linux/security/advisories/2007_15_sr.html
http://www.vupen.com/english/advisories/2007/2336
http://www.vupen.com/english/advisories/2011/0022
XForce ISS Database: gd-imagecreatetruecolor-code-execution(35108)
https://exchange.xforce.ibmcloud.com/vulnerabilities/35108
Common Vulnerability Exposure (CVE) ID: CVE-2007-3478
http://bugs.php.net/bug.php?id=40578
http://www.libgd.org/ReleaseNote020035
http://osvdb.org/37740
Common Vulnerability Exposure (CVE) ID: CVE-2007-2683
BugTraq ID: 24192
http://www.securityfocus.com/bid/24192
http://www.mandriva.com/security/advisories?name=MDKSA-2007:113
http://dev.mutt.org/trac/ticket/2885
http://osvdb.org/34973
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10543
http://www.redhat.com/support/errata/RHSA-2007-0386.html
http://www.securitytracker.com/id?1018066
http://secunia.com/advisories/25408
http://secunia.com/advisories/25515
http://secunia.com/advisories/25529
http://secunia.com/advisories/25546
XForce ISS Database: mutt-gecos-bo(34441)
https://exchange.xforce.ibmcloud.com/vulnerabilities/34441
Common Vulnerability Exposure (CVE) ID: CVE-2007-1558
BugTraq ID: 23257
http://www.securityfocus.com/bid/23257
Bugtraq: 20070402 APOP vulnerability (Google Search)
http://www.securityfocus.com/archive/1/464477/30/0/threaded
Bugtraq: 20070403 Re: APOP vulnerability (Google Search)
http://www.securityfocus.com/archive/1/464569/100/0/threaded
Bugtraq: 20070531 FLEA-2007-0023-1: firefox (Google Search)
http://www.securityfocus.com/archive/1/470172/100/200/threaded
Bugtraq: 20070615 rPSA-2007-0122-1 evolution-data-server (Google Search)
http://www.securityfocus.com/archive/1/471455/100/0/threaded
Bugtraq: 20070619 FLEA-2007-0026-1: evolution-data-server (Google Search)
http://www.securityfocus.com/archive/1/471720/100/0/threaded
Bugtraq: 20070620 FLEA-2007-0027-1: thunderbird (Google Search)
http://www.securityfocus.com/archive/1/471842/100/0/threaded
Cert/CC Advisory: TA07-151A
http://www.us-cert.gov/cas/techalerts/TA07-151A.html
Debian Security Information: DSA-1300 (Google Search)
http://www.debian.org/security/2007/dsa-1300
Debian Security Information: DSA-1305 (Google Search)
http://www.debian.org/security/2007/dsa-1305
http://security.gentoo.org/glsa/glsa-200706-06.xml
HPdes Security Advisory: HPSBUX02153
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742
HPdes Security Advisory: HPSBUX02156
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00774579
HPdes Security Advisory: SSRT061181
HPdes Security Advisory: SSRT061236
http://www.mandriva.com/security/advisories?name=MDKSA-2007:105
http://www.mandriva.com/security/advisories?name=MDKSA-2007:107
http://www.mandriva.com/security/advisories?name=MDKSA-2007:119
http://www.mandriva.com/security/advisories?name=MDKSA-2007:131
http://mail.gnome.org/archives/balsa-list/2007-July/msg00000.html
http://www.openwall.com/lists/oss-security/2009/08/15/1
http://www.openwall.com/lists/oss-security/2009/08/18/1
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9782
http://www.redhat.com/support/errata/RHSA-2007-0344.html
http://www.redhat.com/support/errata/RHSA-2007-0353.html
http://www.redhat.com/support/errata/RHSA-2007-0385.html
http://www.redhat.com/support/errata/RHSA-2007-0401.html
http://www.redhat.com/support/errata/RHSA-2007-0402.html
http://www.redhat.com/support/errata/RHSA-2009-1140.html
http://www.securitytracker.com/id?1018008
http://secunia.com/advisories/25353
http://secunia.com/advisories/25476
http://secunia.com/advisories/25496
http://secunia.com/advisories/25534
http://secunia.com/advisories/25559
http://secunia.com/advisories/25664
http://secunia.com/advisories/25750
http://secunia.com/advisories/25798
http://secunia.com/advisories/25858
http://secunia.com/advisories/25894
http://secunia.com/advisories/26083
http://secunia.com/advisories/35699
SGI Security Advisory: 20070602-01-P
ftp://patches.sgi.com/support/free/security/advisories/20070602-01-P.asc
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.571857
SuSE Security Announcement: SUSE-SA:2007:036 (Google Search)
http://www.novell.com/linux/security/advisories/2007_36_mozilla.html
SuSE Security Announcement: SUSE-SR:2007:014 (Google Search)
http://www.novell.com/linux/security/advisories/2007_14_sr.html
http://www.trustix.org/errata/2007/0019/
http://www.ubuntu.com/usn/usn-469-1
http://www.ubuntu.com/usn/usn-520-1
http://www.vupen.com/english/advisories/2007/1466
http://www.vupen.com/english/advisories/2007/1467
http://www.vupen.com/english/advisories/2007/1468
http://www.vupen.com/english/advisories/2007/1480
http://www.vupen.com/english/advisories/2007/1994
http://www.vupen.com/english/advisories/2007/2788
http://www.vupen.com/english/advisories/2008/0082
CopyrightCopyright (c) 2007 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.

Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.



© 1998-2024 E-Soft Inc. Todos los derechos reservados.