ID de Prueba:	1.3.6.1.4.1.25623.1.0.50799
Categoría:	Mandrake Local Security Checks
Título:	Mandrake Security Advisory MDKSA-2002:023-1 (packages)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to packages announced via advisory MDKSA-2002:023-1. Matthias Clasen found a security issue in zlib that, when provided with certain input, causes zlib to free an area of memory twice. This double free bug can be used to crash any programs that take untrusted compressed input, such as web browsers, email clients, image viewing software, etc. This vulnerability can be used to perform Denial of Service attacks and, quite possibly, the execution of arbitrary code on the affected system. MandrakeSoft has published two advisories concerning this incident: MDKSA-2002:022 - zlib MDKSA-2002:023 - packages containing zlib Update: Additional package are now available. For a list of prior packages released, please see MDKSA-2002:023. The noted packages below are in addition to MDKSA-2002:023 no packages have been replaced. Affected versions: 7.1, 7.2, 8.0, 8.1, Corporate Server 1.0.1 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. https://secure1.securityspace.com/smysecure/catid.html?in=MDKSA-2002:023-1 http://www.kb.cert.org/vuls/id/368819 Risk factor : High CVSS Score: 7.5
Referencia Cruzada:	BugTraq ID: 4267 Common Vulnerability Exposure (CVE) ID: CVE-2002-0059 http://www.securityfocus.com/bid/4267 Bugtraq: 20020311 security problem fixed in zlib 1.1.4 (Google Search) Bugtraq: 20020312 Re: [VulnWatch] exploiting the zlib bug in openssh (Google Search) Bugtraq: 20020312 [OpenPKG-SA-2002.003] OpenPKG Security Advisory (zlib) (Google Search) Bugtraq: 20020312 exploiting the zlib bug in openssh (Google Search) Bugtraq: 20020312 zlib & java (Google Search) Bugtraq: 20020312 zlibscan : script to find suid binaries possibly affected by zlib vulnerability (Google Search) Bugtraq: 20020313 OpenSSH rebuild warning: problems avoiding zlib problems in Solaris (Google Search) Bugtraq: 20020314 Re: about zlib vulnerability - Microsoft products (Google Search) Bugtraq: 20020314 ZLib double free bug: Windows NT potentially unaffected (Google Search) Bugtraq: 20020314 about zlib vulnerability (Google Search) Bugtraq: 20020315 RE: [Whitehat] about zlib vulnerability (Google Search) Bugtraq: 20020318 TSLSA-2002-0040 - zlib (Google Search) Bugtraq: 20020402 VNC Security Bulletin - zlib double free issue (multiple vendors and versions) (Google Search) http://www.caldera.com/support/security/advisories/CSSA-2002-014.1.txt Caldera Security Advisory: CSSA-2002-015.1 ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-015.1.txt http://www.cert.org/advisories/CA-2002-07.html CERT/CC vulnerability note: VU#368819 http://www.kb.cert.org/vuls/id/368819 Cisco Security Advisory: 20020403 Vulnerability in the zlib Compression Library Conectiva Linux advisory: CLA-2002:469 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000469 Debian Security Information: DSA-122 (Google Search) http://www.debian.org/security/2002/dsa-122 En Garde Linux Advisory: ESA-20020311-008 FreeBSD Security Advisory: FreeBSD-SA-02:18 HPdes Security Advisory: HPSBTL0204-030 http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBTL0204-030 HPdes Security Advisory: HPSBTL0204-036 http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBTL0204-036 HPdes Security Advisory: HPSBTL0204-037 http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBTL0204-037 http://frontal2.mandriva.com/security/advisories?name=MDKSA-2002:022 http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-023.php http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-024.php3 OpenBSD Security Advisory: 20020313 015: RELIABILITY FIX: March 13, 2002 http://www.redhat.com/support/errata/RHSA-2002-026.html http://www.redhat.com/support/errata/RHSA-2002-027.html SuSE Security Announcement: SuSE-SA:2002:010 (Google Search) SuSE Security Announcement: SuSE-SA:2002:011 (Google Search) XForce ISS Database: zlib-doublefree-memory-corruption(8427) https://exchange.xforce.ibmcloud.com/vulnerabilities/8427
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.