 |
Inicial ▼ Bookkeeping
Online ▼ Auditorias ▼
DNS
Administrado ▼
Acerca de DNS
Ordenar/Renovar
Preguntas Frecuentes
AUP
Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password Monitoreo
de Redes ▼
Enterprise
Avanzado
Estándarr
Prueba
Preguntas Frecuentes
Resumen de Precio/Funciones
Ordenar
Muestras
Configure/Status Alert Profiles | ||
| ID de Prueba: | 1.3.6.1.4.1.25623.1.0.64533 |
| Categoría: | Mandrake Local Security Checks |
| Título: | Mandrake Security Advisory MDVSA-2009:190 (OpenEXR) |
| Resumen: | NOSUMMARY |
| Descripción: | Description: The remote host is missing an update to OpenEXR announced via advisory MDVSA-2009:190. Multiple vulnerabilities has been found and corrected in OpenEXR: Multiple integer overflows in OpenEXR 1.2.2 and 1.6.1 allow context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors that trigger heap-based buffer overflows, related to (1) the Imf::PreviewImage::PreviewImage function and (2) compressor constructors. NOTE: some of these details are obtained from third party information (CVE-2009-1720). The decompression implementation in the Imf::hufUncompress function in OpenEXR 1.2.2 and 1.6.1 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger a free of an uninitialized pointer (CVE-2009-1721). This update provides fixes for these vulnerabilities. Affected: 2008.1, 2009.0, 2009.1, Enterprise Server 5.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. http://www.securityspace.com/smysecure/catid.html?in=MDVSA-2009:190 CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P |
| Referencia Cruzada: |
Common Vulnerability Exposure (CVE) ID: CVE-2009-1720 http://lists.apple.com/archives/security-announce/2009/Aug/msg00001.html BugTraq ID: 35838 http://www.securityfocus.com/bid/35838 Cert/CC Advisory: TA09-218A http://www.us-cert.gov/cas/techalerts/TA09-218A.html Debian Security Information: DSA-1842 (Google Search) http://www.debian.org/security/2009/dsa-1842 https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01286.html https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01290.html http://www.mandriva.com/security/advisories?name=MDVSA-2009:190 http://www.mandriva.com/security/advisories?name=MDVSA-2009:191 http://www.securitytracker.com/id?1022674 http://secunia.com/advisories/36030 http://secunia.com/advisories/36032 http://secunia.com/advisories/36096 http://secunia.com/advisories/36123 http://secunia.com/advisories/36753 SuSE Security Announcement: SUSE-SR:2009:014 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2009-09/msg00000.html http://www.ubuntu.com/usn/USN-831-1 http://www.vupen.com/english/advisories/2009/2035 http://www.vupen.com/english/advisories/2009/2172 Common Vulnerability Exposure (CVE) ID: CVE-2009-1721 |
| Copyright | Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com |
| Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora. |