Test Kennung:	1.3.6.1.4.1.25623.1.0.57607
Kategorie:	Mandrake Local Security Checks
Titel:	Mandrake Security Advisory MDKSA-2006:157-1 (musicbrainz)
Zusammenfassung:	NOSUMMARY
Beschreibung:	Description: The remote host is missing an update to musicbrainz announced via advisory MDKSA-2006:157-1. Multiple buffer overflows in libmusicbrainz (aka mb_client or MusicBrainz Client Library) 2.1.2 and earlier, and SVN 8406 and earlier, allow remote attackers to cause a denial of service (crash) or execute arbitrary code via (1) a long Location header by the HTTP server, which triggers an overflow in the MBHttp::Download function in lib/http.cpp and (2) a long URL in RDF data, as demonstrated by a URL in an rdf:resource field in an RDF XML document, which triggers overflows in many functions in lib/rdfparse.c. The updated packages have been patched to correct this issue. Update: Packages are now available for Mandriva Linux 2007. Affected: 2007.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. http://www.securityspace.com/smysecure/catid.html?in=MDKSA-2006:157-1 Risk factor : High CVSS Score: 7.5
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2006-4197 BugTraq ID: 19508 http://www.securityfocus.com/bid/19508 Bugtraq: 20060813 Multiple buffer-overflows in libmusicbrainz 2.1.2 (Google Search) http://www.securityfocus.com/archive/1/443205/100/0/threaded Bugtraq: 20060830 rPSA-2006-0161-1 libmusicbrainz (Google Search) http://www.securityfocus.com/archive/1/444843/100/0/threaded Debian Security Information: DSA-1162 (Google Search) http://www.debian.org/security/2006/dsa-1162 http://security.gentoo.org/glsa/glsa-200610-09.xml http://www.mandriva.com/security/advisories?name=MDKSA-2006:157 http://aluigi.altervista.org/adv/brainzbof-adv.txt http://securitytracker.com/id?1016691 http://secunia.com/advisories/21404 http://secunia.com/advisories/21668 http://secunia.com/advisories/21699 http://secunia.com/advisories/22191 http://secunia.com/advisories/22393 http://secunia.com/advisories/22517 http://secunia.com/advisories/22639 http://securityreason.com/securityalert/1399 SuSE Security Announcement: SUSE-SR:2006:025 (Google Search) http://www.novell.com/linux/security/advisories/2006_25_sr.html http://www.ubuntu.com/usn/usn-363-1 XForce ISS Database: libmusicbrainz-mbhttpdownload-bo(28367) https://exchange.xforce.ibmcloud.com/vulnerabilities/28367 XForce ISS Database: libmusicbrainz-rdfparse-bo(28368) https://exchange.xforce.ibmcloud.com/vulnerabilities/28368
Copyright	Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.