Mandrake Local Security Checks : Mandrake Security Advisory MDKSA-2004:049 (libneon)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.50529

Categoría: Mandrake Local Security Checks

Título: Mandrake Security Advisory MDKSA-2004:049 (libneon)

Resumen: NOSUMMARY

Descripción: Description:

The remote host is missing an update to libneon
announced via advisory MDKSA-2004:049.

It was discovered that in portions of neon, sscanf() is used in an unsafe
manner. This will result in an overflow of a static heap variable.

The updated packages provide a patched libneon to correct these
problems.

Affected versions: 10.0, 9.2

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

https://secure1.securityspace.com/smysecure/catid.html?in=MDKSA-2004:049
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0398

Risk factor : High

CVSS Score:
7.5

Referencia Cruzada: BugTraq ID: 10385
Common Vulnerability Exposure (CVE) ID: CVE-2004-0398
http://www.securityfocus.com/bid/10385
Bugtraq: 20040519 Advisory 06/2004: libneon date parsing vulnerability (Google Search)
http://marc.info/?l=bugtraq&m=108498433632333&w=2
Bugtraq: 20040519 [OpenPKG-SA-2004.024] OpenPKG Security Advisory (neon) (Google Search)
http://marc.info/?l=bugtraq&m=108500057108022&w=2
Computer Incident Advisory Center Bulletin: O-148
http://www.ciac.org/ciac/bulletins/o-148.shtml
Conectiva Linux advisory: CLA-2004:841
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000841
Debian Security Information: DSA-506 (Google Search)
http://www.debian.org/security/2004/dsa-506
Debian Security Information: DSA-507 (Google Search)
http://www.debian.org/security/2004/dsa-507
https://bugzilla.fedora.us/show_bug.cgi?id=1552
http://archives.neohapsis.com/archives/fulldisclosure/2004-05/0982.html
http://security.gentoo.org/glsa/glsa-200405-13.xml
http://security.gentoo.org/glsa/glsa-200405-15.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2004:049
http://www.osvdb.org/6302
http://www.redhat.com/support/errata/RHSA-2004-191.html
http://secunia.com/advisories/11638
http://secunia.com/advisories/11650
http://secunia.com/advisories/11673
XForce ISS Database: neon-library-nerfc1036parse-bo(16192)
https://exchange.xforce.ibmcloud.com/vulnerabilities/16192

Copyright Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.50529
Categoría:	Mandrake Local Security Checks
Título:	Mandrake Security Advisory MDKSA-2004:049 (libneon)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to libneon announced via advisory MDKSA-2004:049. It was discovered that in portions of neon, sscanf() is used in an unsafe manner. This will result in an overflow of a static heap variable. The updated packages provide a patched libneon to correct these problems. Affected versions: 10.0, 9.2 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. https://secure1.securityspace.com/smysecure/catid.html?in=MDKSA-2004:049 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0398 Risk factor : High CVSS Score: 7.5
Referencia Cruzada:	BugTraq ID: 10385 Common Vulnerability Exposure (CVE) ID: CVE-2004-0398 http://www.securityfocus.com/bid/10385 Bugtraq: 20040519 Advisory 06/2004: libneon date parsing vulnerability (Google Search) http://marc.info/?l=bugtraq&m=108498433632333&w=2 Bugtraq: 20040519 [OpenPKG-SA-2004.024] OpenPKG Security Advisory (neon) (Google Search) http://marc.info/?l=bugtraq&m=108500057108022&w=2 Computer Incident Advisory Center Bulletin: O-148 http://www.ciac.org/ciac/bulletins/o-148.shtml Conectiva Linux advisory: CLA-2004:841 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000841 Debian Security Information: DSA-506 (Google Search) http://www.debian.org/security/2004/dsa-506 Debian Security Information: DSA-507 (Google Search) http://www.debian.org/security/2004/dsa-507 https://bugzilla.fedora.us/show_bug.cgi?id=1552 http://archives.neohapsis.com/archives/fulldisclosure/2004-05/0982.html http://security.gentoo.org/glsa/glsa-200405-13.xml http://security.gentoo.org/glsa/glsa-200405-15.xml http://www.mandriva.com/security/advisories?name=MDKSA-2004:049 http://www.osvdb.org/6302 http://www.redhat.com/support/errata/RHSA-2004-191.html http://secunia.com/advisories/11638 http://secunia.com/advisories/11650 http://secunia.com/advisories/11673 XForce ISS Database: neon-library-nerfc1036parse-bo(16192) https://exchange.xforce.ibmcloud.com/vulnerabilities/16192
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com