Mandrake Local Security Checks : Mandrake Security Advisory MDKSA-2005:217 (netpbm)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.55928

Categoría: Mandrake Local Security Checks

Título: Mandrake Security Advisory MDKSA-2005:217 (netpbm)

Resumen: NOSUMMARY

Descripción: Description:

The remote host is missing an update to netpbm
announced via advisory MDKSA-2005:217.

Greg Roelofs discovered and fixed several buffer overflows in
pnmtopng which is also included in netpbm, a collection of
graphic conversion utilities, that can lead to the execution of
arbitrary code via a specially crafted PNM file.

Multiple buffer overflows in pnmtopng in netpbm 10.0 and
earlier allow attackers to execute arbitrary code via a
crafted PNM file. (CVE-2005-3632)

An off-by-one buffer overflow in pnmtopng, when using the -alpha
command line option, allows attackers to cause a denial of
service (crash) and possibly execute arbitrary code via a
crafted PNM file with exactly 256 colors. (CVE-2005-3662)

The updated packages have been patched to correct this problem.

Affected: 10.1, Corporate 2.1, Corporate 3.0

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

https://secure1.securityspace.com/smysecure/catid.html?in=MDKSA-2005:217

Risk factor : Medium

CVSS Score:
4.6

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2005-3632
15514
http://www.securityfocus.com/bid/15514
17544
http://secunia.com/advisories/17544
17671
http://secunia.com/advisories/17671
17679
http://secunia.com/advisories/17679
17828
http://secunia.com/advisories/17828
18186
http://secunia.com/advisories/18186
ADV-2005-2418
http://www.vupen.com/english/advisories/2005/2418
DSA-904
http://www.debian.org/security/2005/dsa-904
MDKSA-2005:217
http://www.mandriva.com/security/advisories?name=MDKSA-2005:217
RHSA-2005:843
http://www.redhat.com/support/errata/RHSA-2005-843.html
SUSE-SR:2005:028
http://www.novell.com/linux/security/advisories/2005_28_sr.html
USN-218-1
https://usn.ubuntu.com/218-1/
oval:org.mitre.oval:def:11165
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11165
Common Vulnerability Exposure (CVE) ID: CVE-2005-3662
15427
http://www.securityfocus.com/bid/15427
18517
http://secunia.com/advisories/18517
20060101-01-U
ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U
http://sourceforge.net/project/shownotes.php?release_id=370545
oval:org.mitre.oval:def:9583
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9583

Copyright Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.55928
Categoría:	Mandrake Local Security Checks
Título:	Mandrake Security Advisory MDKSA-2005:217 (netpbm)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to netpbm announced via advisory MDKSA-2005:217. Greg Roelofs discovered and fixed several buffer overflows in pnmtopng which is also included in netpbm, a collection of graphic conversion utilities, that can lead to the execution of arbitrary code via a specially crafted PNM file. Multiple buffer overflows in pnmtopng in netpbm 10.0 and earlier allow attackers to execute arbitrary code via a crafted PNM file. (CVE-2005-3632) An off-by-one buffer overflow in pnmtopng, when using the -alpha command line option, allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PNM file with exactly 256 colors. (CVE-2005-3662) The updated packages have been patched to correct this problem. Affected: 10.1, Corporate 2.1, Corporate 3.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. https://secure1.securityspace.com/smysecure/catid.html?in=MDKSA-2005:217 Risk factor : Medium CVSS Score: 4.6
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2005-3632 15514 http://www.securityfocus.com/bid/15514 17544 http://secunia.com/advisories/17544 17671 http://secunia.com/advisories/17671 17679 http://secunia.com/advisories/17679 17828 http://secunia.com/advisories/17828 18186 http://secunia.com/advisories/18186 ADV-2005-2418 http://www.vupen.com/english/advisories/2005/2418 DSA-904 http://www.debian.org/security/2005/dsa-904 MDKSA-2005:217 http://www.mandriva.com/security/advisories?name=MDKSA-2005:217 RHSA-2005:843 http://www.redhat.com/support/errata/RHSA-2005-843.html SUSE-SR:2005:028 http://www.novell.com/linux/security/advisories/2005_28_sr.html USN-218-1 https://usn.ubuntu.com/218-1/ oval:org.mitre.oval:def:11165 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11165 Common Vulnerability Exposure (CVE) ID: CVE-2005-3662 15427 http://www.securityfocus.com/bid/15427 18517 http://secunia.com/advisories/18517 20060101-01-U ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U http://sourceforge.net/project/shownotes.php?release_id=370545 oval:org.mitre.oval:def:9583 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9583
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com