ID de Prueba:	1.3.6.1.4.1.25623.1.0.56997
Categoría:	Mandrake Local Security Checks
Título:	Mandrake Security Advisory MDKSA-2006:108 (xine-lib)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to xine-lib announced via advisory MDKSA-2006:108. A buffer overflow in the HTTP Plugin (xineplug_inp_http.so) for xine-lib 1.1.1 allows remote attackers to cause a denial of service (application crash) via a long reply from an HTTP server, as demonstrated using gxine 0.5.6. (CVE-2006-2802) In addition, a possible buffer overflow exists in the AVI demuxer, similar in nature to CVE-2006-1502 for MPlayer. The Corporate 3 release of xine-lib does not have this issue. The updated packages have been patched to correct these issues. Affected: 10.2, 2006.0, Corporate 3.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. https://secure1.securityspace.com/smysecure/catid.html?in=MDKSA-2006:108 Risk factor : High CVSS Score: 5.1
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2006-2802 BugTraq ID: 18187 http://www.securityfocus.com/bid/18187 Debian Security Information: DSA-1105 (Google Search) http://www.debian.org/security/2006/dsa-1105 https://www.exploit-db.com/exploits/1852 http://security.gentoo.org/glsa/glsa-200609-08.xml http://www.mandriva.com/security/advisories?name=MDKSA-2006:108 http://www.osvdb.org/25936 http://secunia.com/advisories/20369 http://secunia.com/advisories/20549 http://secunia.com/advisories/20766 http://secunia.com/advisories/20828 http://secunia.com/advisories/20942 http://secunia.com/advisories/21919 SuSE Security Announcement: SUSE-SR:2006:014 (Google Search) http://lists.suse.com/archive/suse-security-announce/2006-Jun/0008.html https://usn.ubuntu.com/295-1/ XForce ISS Database: xinelib-xinepluginphttp-bo(26972) https://exchange.xforce.ibmcloud.com/vulnerabilities/26972 Common Vulnerability Exposure (CVE) ID: CVE-2006-1502 BugTraq ID: 17295 http://www.securityfocus.com/bid/17295 Bugtraq: 20060329 [xfocus-SD-060329]MPlayer: Multiple integer overflows (Google Search) http://www.securityfocus.com/archive/1/429251/100/0/threaded http://lists.grok.org.uk/pipermail/full-disclosure/2006-March/044615.html http://www.gentoo.org/security/en/glsa/glsa-200605-01.xml http://www.mandriva.com/security/advisories?name=MDKSA-2006:068 http://www.xfocus.org/advisories/200603/11.html http://www.osvdb.org/24246 http://www.osvdb.org/24247 http://securitytracker.com/id?1015842 http://secunia.com/advisories/19418 http://secunia.com/advisories/19565 http://secunia.com/advisories/19919 http://securityreason.com/securityalert/532 http://securityreason.com/securityalert/647 http://www.vupen.com/english/advisories/2006/1156 XForce ISS Database: mplayer-asfheader-integer-overflow(25513) https://exchange.xforce.ibmcloud.com/vulnerabilities/25513 XForce ISS Database: mplayer-aviheader-integer-overflow(25514) https://exchange.xforce.ibmcloud.com/vulnerabilities/25514
Copyright	Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.