ID de Prueba:	1.3.6.1.4.1.25623.1.0.51628
Categoría:	Mandrake Local Security Checks
Título:	Mandrake Security Advisory MDKSA-2005:033 (enscript)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to enscript announced via advisory MDKSA-2005:033. A vulnerability in the enscript program's handling of the epsf command used to insert inline EPS file into a document was found. An attacker could create a carefully crafted ASCII file which would make used of the epsf pipe command in such a way that it could execute arbitrary commands if the file was opened with enscript (CVE-2004-1184). Additionally, flaws were found in enscript that could be abused by executing enscript with carefully crafted command-line arguments. These flaws only have a security impact if enscript is executed by other programs and passed untrusted data from remote users (CVE-2004-1185 and CVE-2004-1186). The updated packages have been patched to prevent these problems. Affected versions: 10.0, 10.1, Corporate 3.0, Corporate Server 2.1 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. https://secure1.securityspace.com/smysecure/catid.html?in=MDKSA-2005:033 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1184 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1185 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1186 Risk factor : High CVSS Score: 7.5
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2004-1184 http://lists.apple.com/archives/security-announce/2009/May/msg00002.html BugTraq ID: 12329 http://www.securityfocus.com/bid/12329 Bugtraq: 20060526 rPSA-2006-0083-1 enscript (Google Search) http://www.securityfocus.com/archive/1/435199/100/0/threaded Cert/CC Advisory: TA09-133A http://www.us-cert.gov/cas/techalerts/TA09-133A.html Debian Security Information: DSA-654 (Google Search) http://www.debian.org/security/2005/dsa-654 http://www.securityfocus.com/archive/1/419768/100/0/threaded http://www.gentoo.org/security/en/glsa/glsa-200502-03.xml http://www.mandriva.com/security/advisories?name=MDKSA-2005:033 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9658 http://www.redhat.com/support/errata/RHSA-2005-040.html http://securitytracker.com/id?1012965 http://secunia.com/advisories/35074 https://usn.ubuntu.com/68-1/ http://www.vupen.com/english/advisories/2009/1297 XForce ISS Database: enscript-epsf-command-ececution(19012) https://exchange.xforce.ibmcloud.com/vulnerabilities/19012 Common Vulnerability Exposure (CVE) ID: CVE-2004-1185 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10808 XForce ISS Database: enscript-filename-command-execution(19029) https://exchange.xforce.ibmcloud.com/vulnerabilities/19029 Common Vulnerability Exposure (CVE) ID: CVE-2004-1186 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11134 XForce ISS Database: enscript-multiple-bo(19033) https://exchange.xforce.ibmcloud.com/vulnerabilities/19033
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.