Mandrake Local Security Checks : Mandrake Security Advisory MDKSA-2005:075 (libcdaudio1)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.52104

Categoría: Mandrake Local Security Checks

Título: Mandrake Security Advisory MDKSA-2005:075 (libcdaudio1)

Resumen: NOSUMMARY

Descripción: Description:

The remote host is missing an update to libcdaudio1
announced via advisory MDKSA-2005:075.

A buffer overflow bug was found by Joseph VanAndel in the way that grip
handles data returned by CDDB servers. If a user connected to a
malicious CDDB server, an attacker could execute arbitrary code on the
user's machine. This same vulnerability is present in the libcdaudio1
code.

The updated packages have been patched to correct these issues.

Affected versions: 10.1, 10.2, Corporate 3.0

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

https://secure1.securityspace.com/smysecure/catid.html?in=MDKSA-2005:075

Risk factor : High

CVSS Score:
7.5

Referencia Cruzada: BugTraq ID: 12770
Common Vulnerability Exposure (CVE) ID: CVE-2005-0706
12770
http://www.securityfocus.com/bid/12770
32803
http://secunia.com/advisories/32803
33389
http://secunia.com/advisories/33389
33824
http://secunia.com/advisories/33824
FEDORA-2008-11956
https://www.redhat.com/archives/fedora-package-announce/2009-February/msg00188.html
FEDORA-2008-9521
https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00490.html
FEDORA-2008-9604
https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00429.html
FLSA:152919
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=152919
GLSA-200503-21
http://security.gentoo.org/glsa/glsa-200503-21.xml
RHSA-2005:304
http://www.redhat.com/support/errata/RHSA-2005-304.html
RHSA-2009:0005
http://www.redhat.com/support/errata/RHSA-2009-0005.html
grip-cddb-bo(19648)
https://exchange.xforce.ibmcloud.com/vulnerabilities/19648
http://rpmfind.net/linux/RPM/suse/9.3/i386/suse/i586/gnome-vfs-1.0.5-816.2.i586.html
http://sourceforge.net/tracker/index.php?func=detail&aid=1160134&group_id=3714&atid=303714
http://sourceforge.net/tracker/index.php?func=detail&aid=834724&group_id=3714&atid=103714
oval:org.mitre.oval:def:10768
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10768

Copyright Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.52104
Categoría:	Mandrake Local Security Checks
Título:	Mandrake Security Advisory MDKSA-2005:075 (libcdaudio1)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to libcdaudio1 announced via advisory MDKSA-2005:075. A buffer overflow bug was found by Joseph VanAndel in the way that grip handles data returned by CDDB servers. If a user connected to a malicious CDDB server, an attacker could execute arbitrary code on the user's machine. This same vulnerability is present in the libcdaudio1 code. The updated packages have been patched to correct these issues. Affected versions: 10.1, 10.2, Corporate 3.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. https://secure1.securityspace.com/smysecure/catid.html?in=MDKSA-2005:075 Risk factor : High CVSS Score: 7.5
Referencia Cruzada:	BugTraq ID: 12770 Common Vulnerability Exposure (CVE) ID: CVE-2005-0706 12770 http://www.securityfocus.com/bid/12770 32803 http://secunia.com/advisories/32803 33389 http://secunia.com/advisories/33389 33824 http://secunia.com/advisories/33824 FEDORA-2008-11956 https://www.redhat.com/archives/fedora-package-announce/2009-February/msg00188.html FEDORA-2008-9521 https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00490.html FEDORA-2008-9604 https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00429.html FLSA:152919 https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=152919 GLSA-200503-21 http://security.gentoo.org/glsa/glsa-200503-21.xml RHSA-2005:304 http://www.redhat.com/support/errata/RHSA-2005-304.html RHSA-2009:0005 http://www.redhat.com/support/errata/RHSA-2009-0005.html grip-cddb-bo(19648) https://exchange.xforce.ibmcloud.com/vulnerabilities/19648 http://rpmfind.net/linux/RPM/suse/9.3/i386/suse/i586/gnome-vfs-1.0.5-816.2.i586.html http://sourceforge.net/tracker/index.php?func=detail&aid=1160134&group_id=3714&atid=303714 http://sourceforge.net/tracker/index.php?func=detail&aid=834724&group_id=3714&atid=103714 oval:org.mitre.oval:def:10768 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10768
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com