ID de Prueba:	1.3.6.1.4.1.25623.1.0.50920
Categoría:	Mandrake Local Security Checks
Título:	Mandrake Security Advisory MDKSA-2005:001 (libtiff)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to libtiff announced via advisory MDKSA-2005:001. Several vulnerabilities have been discovered in the libtiff package: iDefense reported the possibility of remote exploitation of an integer overflow in libtiff that may allow for the execution of arbitrary code. The overflow occurs in the parsing of TIFF files set with the STRIPOFFSETS flag. iDefense also reported a heap-based buffer overflow vulnerability within the LibTIFF package could allow attackers to execute arbitrary code. (CVE-2004-1308) The vulnerability specifically exists due to insufficient validation of user-supplied data when calculating the size of a directory entry. The updated packages are patched to protect against these vulnerabilities. Affected versions: 10.0, 10.1, 9.2, Corporate Server 2.1, Multi Network Firewall 8.2 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. https://secure1.securityspace.com/smysecure/catid.html?in=MDKSA-2005:001 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1183 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1308 Risk factor : Critical CVSS Score: 10.0
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2004-1308 http://lists.apple.com/archives/security-announce/2005/May/msg00001.html Cert/CC Advisory: TA05-136A http://www.us-cert.gov/cas/techalerts/TA05-136A.html CERT/CC vulnerability note: VU#125598 http://www.kb.cert.org/vuls/id/125598 Conectiva Linux advisory: CLA-2005:920 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000920 Debian Security Information: DSA-617 (Google Search) http://www.debian.org/security/2004/dsa-617 http://www.idefense.com/application/poi/display?id=174&type=vulnerabilities http://www.mandriva.com/security/advisories?name=MDKSA-2005:052 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100117 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9392 http://www.redhat.com/support/errata/RHSA-2005-019.html http://www.redhat.com/support/errata/RHSA-2005-035.html http://secunia.com/advisories/13776 http://sunsolve.sun.com/search/document.do?assetkey=1-26-101677-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-201072-1 SuSE Security Announcement: SUSE-SA:2005:001 (Google Search) http://www.novell.com/linux/security/advisories/2005_01_libtiff_tiff.html XForce ISS Database: libtiff-tiff-tdircount-bo(18637) https://exchange.xforce.ibmcloud.com/vulnerabilities/18637 Common Vulnerability Exposure (CVE) ID: CVE-2004-1183 BugTraq ID: 12173 http://www.securityfocus.com/bid/12173 Bugtraq: 20050106 [USN-54-1] TIFF library tool vulnerability (Google Search) http://marc.info/?l=bugtraq&m=110503635113419&w=2 Debian Security Information: DSA-626 (Google Search) http://www.debian.org/security/2004/dsa-626 http://security.gentoo.org/glsa/glsa-200501-06.xml http://www.mandriva.com/security/advisories?name=MDKSA-2005:001 http://www.mandriva.com/security/advisories?name=MDKSA-2005:002 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9743 http://secunia.com/advisories/13728/ XForce ISS Database: libtiff-tiffdump-bo(18782) https://exchange.xforce.ibmcloud.com/vulnerabilities/18782
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.