ID de Prueba:	1.3.6.1.4.1.25623.1.0.61057
Categoría:	FreeBSD Local Security Checks
Título:	FreeBSD Ports: libvorbis
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to the system as announced in the referenced advisory. The following package is affected: libvorbis CVE-2008-1419 Xiph.org libvorbis 1.2.0 and earlier does not properly handle a zero value for codebook.dim, which allows remote attackers to cause a denial of service (crash or infinite loop) or trigger an integer overflow. CVE-2008-1420 Integer overflow in residue partition value (aka partvals) evaluation in Xiph.org libvorbis 1.2.0 and earlier allows remote attackers to execute arbitrary code via a crafted OGG file, which triggers a heap overflow. CVE-2008-1423 Integer overflow in a certain quantvals and quantlist calculation in Xiph.org libvorbis 1.2.0 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted OGG file with a large virtual space for its codebook, which triggers a heap overflow. Solution: Update your system with the appropriate patches or software upgrades. https://rhn.redhat.com/errata/RHSA-2008-0270.html http://www.vuxml.org/freebsd/f5a76faf-244c-11dd-b143-0211d880e350.html CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2008-1419 BugTraq ID: 29206 http://www.securityfocus.com/bid/29206 Debian Security Information: DSA-1591 (Google Search) http://www.debian.org/security/2008/dsa-1591 https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00247.html https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00256.html https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00243.html http://security.gentoo.org/glsa/glsa-200806-09.xml http://www.mandriva.com/security/advisories?name=MDVSA-2008:102 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10104 http://www.redhat.com/support/errata/RHSA-2008-0270.html http://www.redhat.com/support/errata/RHSA-2008-0271.html http://www.securitytracker.com/id?1020029 http://secunia.com/advisories/30234 http://secunia.com/advisories/30237 http://secunia.com/advisories/30247 http://secunia.com/advisories/30259 http://secunia.com/advisories/30479 http://secunia.com/advisories/30581 http://secunia.com/advisories/30820 http://secunia.com/advisories/32946 SuSE Security Announcement: SUSE-SR:2008:012 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00001.html http://www.ubuntu.com/usn/USN-682-1 http://www.vupen.com/english/advisories/2008/1510/references XForce ISS Database: libvorbis-ogg-bo(42397) https://exchange.xforce.ibmcloud.com/vulnerabilities/42397 XForce ISS Database: libvorbis-ogg-dos(42400) https://exchange.xforce.ibmcloud.com/vulnerabilities/42400 Common Vulnerability Exposure (CVE) ID: CVE-2008-1420 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9500 http://secunia.com/advisories/36463 https://usn.ubuntu.com/825-1/ XForce ISS Database: libvorbis-residue-bo(42402) https://exchange.xforce.ibmcloud.com/vulnerabilities/42402 Common Vulnerability Exposure (CVE) ID: CVE-2008-1423 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9851 XForce ISS Database: libvorbis-quantvals-quantlist-bo(42403) https://exchange.xforce.ibmcloud.com/vulnerabilities/42403
Copyright	Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.