Inicial ▼ Bookkeeping
Online ▼ Auditorias ▼
DNS
Administrado ▼
Acerca de DNS
Ordenar/Renovar
Preguntas Frecuentes
AUP
Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password Monitoreo
de Redes ▼
Enterprise
Avanzado
Estándarr
Prueba
Preguntas Frecuentes
Resumen de Precio/Funciones
Ordenar
Muestras
Configure/Status Alert Profiles | |||
ID de Prueba: | 1.3.6.1.4.1.25623.1.0.71644 |
Categoría: | Ubuntu Local Security Checks |
Título: | Ubuntu USN-1478-1 (libavcodec53) |
Resumen: | NOSUMMARY |
Descripción: | Description: The remote host is missing an update to libavcodec53 announced via advisory USN-1478-1. Details: Mateusz Jurczyk and Gynvael Coldwind discovered that Libav incorrectly handled certain malformed DV files. If a user were tricked into opening a crafted DV file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. This issue only affected Ubuntu 11.10. (CVE-2011-3929, CVE-2011-3936) Mateusz Jurczyk and Gynvael Coldwind discovered that Libav incorrectly handled certain malformed NSV files. If a user were tricked into opening a crafted NSV file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. This issue only affected Ubuntu 11.04 and Ubuntu 11.10. (CVE-2011-3940) Mateusz Jurczyk and Gynvael Coldwind discovered that Libav incorrectly handled certain malformed Kega Game Video (KGV1) files. If a user were tricked into opening a crafted Kega Game Video (KGV1) file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. This issue only affected Ubuntu 11.04 and Ubuntu 11.10. (CVE-2011-3945) Mateusz Jurczyk and Gynvael Coldwind discovered that Libav incorrectly handled certain malformed MJPEG-B files. If a user were tricked into opening a crafted MJPEG-B file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. This issue only affected Ubuntu 11.04 and Ubuntu 11.10. (CVE-2011-3947) Mateusz Jurczyk and Gynvael Coldwind discovered that Libav incorrectly handled certain malformed DPCM files. If a user were tricked into opening a crafted DPCM file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. This issue only affected Ubuntu 11.04 and Ubuntu 11.10. (CVE-2011-3951) Mateusz Jurczyk and Gynvael Coldwind discovered that Libav incorrectly handled certain malformed KMVC files. If a user were tricked into opening a crafted KMVC file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. This issue only affected Ubuntu 11.04 and Ubuntu 11.10. (CVE-2011-3952) Jeong Wook Oh discovered that Libav incorrectly handled certain malformed ASF files. If a user were tricked into opening a crafted ASF file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. This issue only affected Ubuntu 11.10. (CVE-2011-4031) It was discovered that Libav incorrectly handled certain malformed Westwood SNDx files. If a user were tricked into opening a crafted Westwood SNDx file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. This issue only affected Ubuntu 11.10. (CVE-2012-0848) Diana Elena Muscalu discovered that Libav incorrectly handled certain malformed AAC files. If a user were tricked into opening a crafted AAC file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. This issue only affected Ubuntu 11.04 and Ubuntu 11.10. (CVE-2012-0850) It was discovered that Libav incorrectly handled certain malformed H.264 files. If a user were tricked into opening a crafted H.264 file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2012-0851) It was discovered that Libav incorrectly handled certain malformed ADPCM files. If a user were tricked into opening a crafted ADPCM file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. This issue only affected Ubuntu 11.04 and Ubuntu 11.10. (CVE-2012-0852) It was discovered that Libav incorrectly handled certain malformed Atrac 3 files. If a user were tricked into opening a crafted Atrac 3 file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. This issue only affected Ubuntu 11.04 and Ubuntu 11.10. (CVE-2012-0853) It was discovered that Libav incorrectly handled certain malformed Shorten files. If a user were tricked into opening a crafted Shorten file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. This issue only affected Ubuntu 11.04 and Ubuntu 11.10. (CVE-2012-0858) It was discovered that Libav incorrectly handled certain malformed Vorbis files. If a user were tricked into opening a crafted Vorbis file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. This issue only affected Ubuntu 11.04 and Ubuntu 11.10. (CVE-2012-0859) Fabian Yamaguchi discovered that Libav incorrectly handled certain malformed VQA files. If a user were tricked into opening a crafted VQA file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2012-0947) Solution: The problem can be corrected by updating your system to the following package versions: Ubuntu 11.10: libavcodec53 4:0.7.6-0ubuntu0.11.10.1 libavformat53 4:0.7.6-0ubuntu0.11.10.1 Ubuntu 11.04: libavcodec52 4:0.6.6-0ubuntu0.11.04.1 libavformat52 4:0.6.6-0ubuntu0.11.04.1 http://www.securityspace.com/smysecure/catid.html?in=USN-1478-1 CVSS Score: 9.3 CVSS Vector: AV:L/AC:H/Au:NR/C:C/I:C/A:C |
Referencia Cruzada: |
Common Vulnerability Exposure (CVE) ID: CVE-2011-3929 Debian Security Information: DSA-2471 (Google Search) http://www.debian.org/security/2012/dsa-2471 http://secunia.com/advisories/49089 http://www.ubuntu.com/usn/USN-1479-1 Common Vulnerability Exposure (CVE) ID: CVE-2011-3936 Common Vulnerability Exposure (CVE) ID: CVE-2011-3940 Common Vulnerability Exposure (CVE) ID: CVE-2011-3945 http://www.mandriva.com/security/advisories?name=MDVSA-2012:076 Common Vulnerability Exposure (CVE) ID: CVE-2011-3947 Common Vulnerability Exposure (CVE) ID: CVE-2011-3951 Debian Security Information: DSA-2494 (Google Search) http://www.debian.org/security/2012/dsa-2494 Common Vulnerability Exposure (CVE) ID: CVE-2011-3952 Common Vulnerability Exposure (CVE) ID: CVE-2011-4031 http://technet.microsoft.com/en-us/security/msvr/msvr11-012 Common Vulnerability Exposure (CVE) ID: CVE-2012-0848 http://www.openwall.com/lists/oss-security/2012/02/01/11 http://www.openwall.com/lists/oss-security/2012/02/14/4 XForce ISS Database: ffmpeg-wssnddecodeframe-bo(78936) https://exchange.xforce.ibmcloud.com/vulnerabilities/78936 Common Vulnerability Exposure (CVE) ID: CVE-2012-0850 XForce ISS Database: ffmpeg-sbrqmfsynthesis-dos(78934) https://exchange.xforce.ibmcloud.com/vulnerabilities/78934 Common Vulnerability Exposure (CVE) ID: CVE-2012-0851 http://www.mandriva.com/security/advisories?name=MDVSA-2013:079 XForce ISS Database: ffmpeg-ffh264decode-code-exec(78933) https://exchange.xforce.ibmcloud.com/vulnerabilities/78933 Common Vulnerability Exposure (CVE) ID: CVE-2012-0852 XForce ISS Database: ffmpeg-adpcmdecodeframe-code-exec(78932) https://exchange.xforce.ibmcloud.com/vulnerabilities/78932 Common Vulnerability Exposure (CVE) ID: CVE-2012-0853 Common Vulnerability Exposure (CVE) ID: CVE-2012-0858 Common Vulnerability Exposure (CVE) ID: CVE-2012-0859 XForce ISS Database: ffmpeg-renderline-code-exec(78925) https://exchange.xforce.ibmcloud.com/vulnerabilities/78925 Common Vulnerability Exposure (CVE) ID: CVE-2012-0947 BugTraq ID: 53389 http://www.securityfocus.com/bid/53389 https://bugs.launchpad.net/ubuntu/+source/libav/+bug/980963 http://www.openwall.com/lists/oss-security/2012/05/03/4 |
Copyright | Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com |
Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora. |