Trustix Local Security Checks : Trustix Security Advisory TSLSA-2006-0036 (fcron, libtiff)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.56975

Categoría: Trustix Local Security Checks

Título: Trustix Security Advisory TSLSA-2006-0036 (fcron, libtiff)

Resumen: NOSUMMARY

Descripción: Description:

The remote host is missing updates announced in
advisory TSLSA-2006-0036.

fcron < TSL 3.0 > < TSL 2.2 > < TSEL 2 >
- Patched to fix buffer overflow due to a bug in make_msg(), Bug #1754.

libtiff < TSL 3.0 > < TSL 2.2 > < TSEL 2 >
- SECURITY Fix: gpe92 has discovered a vulnerability in LibTIFF caused
due to a boundary error within tiff2pdf when handling a TIFF file with
a DocumentName tag that contains UTF-8 characters. This can be
exploited to cause a stack-based buffer overflow and may allow
arbitrary code execution.
- Stack-based buffer overflow in the tiffsplit command in libtiff might
allow attackers to execute arbitrary code via a long filename.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the names CVE-2006-2193 and CVE-2006-2656 these issues.

Solution:
Update your system with the packages as indicated in
the referenced security advisory.

https://secure1.securityspace.com/smysecure/catid.html?in=TSLSA-2006-0036

Risk factor : High

CVSS Score:
7.5

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2006-2193
BugTraq ID: 18331
http://www.securityfocus.com/bid/18331
Debian Security Information: DSA-1091 (Google Search)
http://www.debian.org/security/2006/dsa-1091
http://security.gentoo.org/glsa/glsa-200607-03.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2006:102
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9788
http://www.redhat.com/support/errata/RHSA-2008-0848.html
http://secunia.com/advisories/20488
http://secunia.com/advisories/20501
http://secunia.com/advisories/20520
http://secunia.com/advisories/20693
http://secunia.com/advisories/20766
http://secunia.com/advisories/21002
http://secunia.com/advisories/27181
http://secunia.com/advisories/27222
http://secunia.com/advisories/27832
http://secunia.com/advisories/31670
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103160-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-201331-1
SuSE Security Announcement: SUSE-SR:2006:014 (Google Search)
http://lists.suse.com/archive/suse-security-announce/2006-Jun/0008.html
https://usn.ubuntu.com/289-1/
http://www.vupen.com/english/advisories/2006/2197
http://www.vupen.com/english/advisories/2007/3486
http://www.vupen.com/english/advisories/2007/4034
XForce ISS Database: libtiff-tiff2pdf-bo(26991)
https://exchange.xforce.ibmcloud.com/vulnerabilities/26991
Common Vulnerability Exposure (CVE) ID: CVE-2006-2656
20060524 tiffsplit (libtiff <= 3.8.2) bss & stack buffer overflow...
http://marc.info/?l=vuln-dev&m=114857412916909&w=2
20501
20520
20766
21002
DSA-1091
FEDORA-2006-591
https://www.redhat.com/archives/fedora-package-announce/2006-May/msg00127.html
GLSA-200607-03
MDKSA-2006:095
http://www.mandriva.com/security/advisories?name=MDKSA-2006:095
SUSE-SR:2006:014
USN-289-1

Copyright Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.56975
Categoría:	Trustix Local Security Checks
Título:	Trustix Security Advisory TSLSA-2006-0036 (fcron, libtiff)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory TSLSA-2006-0036. fcron < TSL 3.0 > < TSL 2.2 > < TSEL 2 > - Patched to fix buffer overflow due to a bug in make_msg(), Bug #1754. libtiff < TSL 3.0 > < TSL 2.2 > < TSEL 2 > - SECURITY Fix: gpe92 has discovered a vulnerability in LibTIFF caused due to a boundary error within tiff2pdf when handling a TIFF file with a DocumentName tag that contains UTF-8 characters. This can be exploited to cause a stack-based buffer overflow and may allow arbitrary code execution. - Stack-based buffer overflow in the tiffsplit command in libtiff might allow attackers to execute arbitrary code via a long filename. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2006-2193 and CVE-2006-2656 these issues. Solution: Update your system with the packages as indicated in the referenced security advisory. https://secure1.securityspace.com/smysecure/catid.html?in=TSLSA-2006-0036 Risk factor : High CVSS Score: 7.5
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2006-2193 BugTraq ID: 18331 http://www.securityfocus.com/bid/18331 Debian Security Information: DSA-1091 (Google Search) http://www.debian.org/security/2006/dsa-1091 http://security.gentoo.org/glsa/glsa-200607-03.xml http://www.mandriva.com/security/advisories?name=MDKSA-2006:102 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9788 http://www.redhat.com/support/errata/RHSA-2008-0848.html http://secunia.com/advisories/20488 http://secunia.com/advisories/20501 http://secunia.com/advisories/20520 http://secunia.com/advisories/20693 http://secunia.com/advisories/20766 http://secunia.com/advisories/21002 http://secunia.com/advisories/27181 http://secunia.com/advisories/27222 http://secunia.com/advisories/27832 http://secunia.com/advisories/31670 http://sunsolve.sun.com/search/document.do?assetkey=1-26-103160-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-201331-1 SuSE Security Announcement: SUSE-SR:2006:014 (Google Search) http://lists.suse.com/archive/suse-security-announce/2006-Jun/0008.html https://usn.ubuntu.com/289-1/ http://www.vupen.com/english/advisories/2006/2197 http://www.vupen.com/english/advisories/2007/3486 http://www.vupen.com/english/advisories/2007/4034 XForce ISS Database: libtiff-tiff2pdf-bo(26991) https://exchange.xforce.ibmcloud.com/vulnerabilities/26991 Common Vulnerability Exposure (CVE) ID: CVE-2006-2656 20060524 tiffsplit (libtiff <= 3.8.2) bss & stack buffer overflow... http://marc.info/?l=vuln-dev&m=114857412916909&w=2 20501 20520 20766 21002 DSA-1091 FEDORA-2006-591 https://www.redhat.com/archives/fedora-package-announce/2006-May/msg00127.html GLSA-200607-03 MDKSA-2006:095 http://www.mandriva.com/security/advisories?name=MDKSA-2006:095 SUSE-SR:2006:014 USN-289-1
Copyright	Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com