Test Kennung:	1.3.6.1.4.1.25623.1.0.900644
Kategorie:	Buffer overflow
Titel:	Pango < 1.24.0 Integer Buffer Overflow Vulnerability (Linux)
Zusammenfassung:	This host has installed with Pango and is prone to an integer buffer; overflow vulnerability.
Beschreibung:	Summary: This host has installed with Pango and is prone to an integer buffer overflow vulnerability. Vulnerability Insight: Error in pango_glyph_string_set_size function in pango/glyphstring.c file, which fails to perform adequate boundary checks on user-supplied data before using the data to allocate memory buffers. Vulnerability Impact: Successful exploitation will allow an attacker to execute arbitrary code via a long glyph string, and can cause a denial of service. Affected Software/OS: Pango version prior to 1.24.0. Solution: Upgrade to pango version 1.24.0 or later. CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Querverweis:	BugTraq ID: 34870 Common Vulnerability Exposure (CVE) ID: CVE-2009-1194 http://www.securityfocus.com/bid/34870 BugTraq ID: 35758 http://www.securityfocus.com/bid/35758 Bugtraq: 20090507 [oCERT-2009-001] Pango integer overflow in heap allocation size calculations (Google Search) http://www.securityfocus.com/archive/1/503349/100/0/threaded Debian Security Information: DSA-1798 (Google Search) http://www.debian.org/security/2009/dsa-1798 http://www.ocert.org/advisories/ocert-2009-001.html http://www.openwall.com/lists/oss-security/2009/05/07/1 http://osvdb.org/54279 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10137 http://www.redhat.com/support/errata/RHSA-2009-0476.html http://www.securitytracker.com/id?1022196 http://secunia.com/advisories/35018 http://secunia.com/advisories/35021 http://secunia.com/advisories/35027 http://secunia.com/advisories/35038 http://secunia.com/advisories/35685 http://secunia.com/advisories/35914 http://secunia.com/advisories/36005 http://secunia.com/advisories/36145 http://sunsolve.sun.com/search/document.do?assetkey=1-66-264308-1 SuSE Security Announcement: SUSE-SA:2009:039 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00005.html SuSE Security Announcement: SUSE-SA:2009:042 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2009-08/msg00002.html SuSE Security Announcement: SUSE-SR:2009:012 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html http://www.ubuntu.com/usn/USN-773-1 http://www.vupen.com/english/advisories/2009/1269 http://www.vupen.com/english/advisories/2009/1972 XForce ISS Database: pango-pangoglyphstringsetsize-bo(50397) https://exchange.xforce.ibmcloud.com/vulnerabilities/50397
Copyright	Copyright (C) 2009 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.