ID de Prueba:	1.3.6.1.4.1.25623.1.0.66760
Categoría:	Mandrake Local Security Checks
Título:	Mandriva Security Advisory MDVSA-2010:020 (gzip)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to gzip announced via advisory MDVSA-2010:020. Multiple vulnerabilities has been found and corrected in gzip: A missing input sanitation flaw was found in the way gzip used to decompress data blocks for dynamic Huffman codes. A remote attacker could provide a specially-crafted gzip compressed data archive, which once opened by a local, unsuspecting user would lead to denial of service (gzip crash) or, potentially, to arbitrary code execution with the privileges of the user running gzip (CVE-2009-2624). An integer underflow leading to array index error was found in the way gzip used to decompress files / archives, compressed with the Lempel-Ziv-Welch (LZW) compression algorithm. A remote attacker could provide a specially-crafted LZW compressed gzip archive, which once decompressed by a local, unsuspecting user would lead to gzip crash, or, potentially to arbitrary code execution with the privileges of the user running gzip (CVE-2010-0001). Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. The updated packages have been patched to correct these issues. Affected: 2008.0, 2009.0, 2009.1, 2010.0, Enterprise Server 5.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. http://www.securityspace.com/smysecure/catid.html?in=MDVSA-2010:020 Risk factor : High CVSS Score: 6.8
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2009-2624 http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html Debian Security Information: DSA-1974 (Google Search) http://www.debian.org/security/2010/dsa-1974 http://www.mandriva.com/security/advisories?name=MDVSA-2010:020 http://article.gmane.org/gmane.comp.gnu.gzip.bugs/258 http://secunia.com/advisories/38132 http://secunia.com/advisories/38223 http://secunia.com/advisories/38232 SuSE Security Announcement: SUSE-SA:2010:008 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html http://www.ubuntu.com/usn/USN-889-1 http://www.vupen.com/english/advisories/2010/0185 Common Vulnerability Exposure (CVE) ID: CVE-2010-0001 Debian Security Information: DSA-2074 (Google Search) http://www.debian.org/security/2010/dsa-2074 HPdes Security Advisory: HPSBMA02554 http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02286083 HPdes Security Advisory: SSRT100018 http://www.mandriva.com/security/advisories?name=MDVSA-2010:019 http://www.mandriva.com/security/advisories?name=MDVSA-2011:152 http://www.osvdb.org/61869 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10546 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7511 http://www.redhat.com/support/errata/RHSA-2010-0061.html RedHat Security Advisories: RHSA-2010:0095 https://rhn.redhat.com/errata/RHSA-2010-0095.html http://securitytracker.com/id?1023490 http://secunia.com/advisories/38220 http://secunia.com/advisories/38225 http://secunia.com/advisories/40551 http://secunia.com/advisories/40655 http://secunia.com/advisories/40689 http://www.vupen.com/english/advisories/2010/1796 http://www.vupen.com/english/advisories/2010/1872
Copyright	Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.