Mandrake Local Security Checks : Mandrake Security Advisory MDKSA-2006:153 (binutils)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.57315

Categoría: Mandrake Local Security Checks

Título: Mandrake Security Advisory MDKSA-2006:153 (binutils)

Resumen: NOSUMMARY

Descripción: Description:

The remote host is missing an update to binutils
announced via advisory MDKSA-2006:153.

A stack-based buffer overflow in messages.c in the GNU as (gas)
assembler in Free Software Foundation GNU Binutils before 20050721
allows attackers to execute arbitrary code via a .c file with crafted
inline assembly code (CVE-2005-4807).

Buffer overflow in getsym in tekhex.c in libbfd in Free Software
Foundation GNU Binutils before 20060423, as used by GNU strings, allows
context-dependent attackers to cause a denial of service (application
crash) and possibly execute arbitrary code via a file with a crafted
Tektronix Hex Format (TekHex?) record in which the length character is
not a valid hexadecimal character (CVE-2006-2362).

The updated packages have been patched to correct these issues.

Affected: 2006.0, Corporate 3.0

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

https://secure1.securityspace.com/smysecure/catid.html?in=MDKSA-2006:153

Risk factor : High

CVSS Score:
7.5

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2005-4807
BugTraq ID: 19555
http://www.securityfocus.com/bid/19555
http://bugs.gentoo.org/show_bug.cgi?id=99464
http://www.osvdb.org/27960
http://secunia.com/advisories/21508
http://secunia.com/advisories/21530
http://www.ubuntu.com/usn/usn-336-1
http://www.vupen.com/english/advisories/2006/3307
Common Vulnerability Exposure (CVE) ID: CVE-2006-2362
http://lists.apple.com/archives/security-announce/2007/Oct/msg00001.html
BugTraq ID: 17950
http://www.securityfocus.com/bid/17950
http://www.mail-archive.com/bug-binutils@gnu.org/msg01516.html
http://www.securitytracker.com/id?1018872
http://secunia.com/advisories/20188
http://secunia.com/advisories/20531
http://secunia.com/advisories/20550
http://secunia.com/advisories/22932
http://secunia.com/advisories/27441
SuSE Security Announcement: SUSE-SR:2006:026 (Google Search)
http://www.novell.com/linux/security/advisories/2006_26_sr.html
http://www.trustix.org/errata/2006/0034/
http://www.ubuntu.com/usn/usn-292-1
http://www.vupen.com/english/advisories/2006/1924
http://www.vupen.com/english/advisories/2007/3665
XForce ISS Database: binutils-libbfd-bo(26644)
https://exchange.xforce.ibmcloud.com/vulnerabilities/26644

Copyright Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.57315
Categoría:	Mandrake Local Security Checks
Título:	Mandrake Security Advisory MDKSA-2006:153 (binutils)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to binutils announced via advisory MDKSA-2006:153. A stack-based buffer overflow in messages.c in the GNU as (gas) assembler in Free Software Foundation GNU Binutils before 20050721 allows attackers to execute arbitrary code via a .c file with crafted inline assembly code (CVE-2005-4807). Buffer overflow in getsym in tekhex.c in libbfd in Free Software Foundation GNU Binutils before 20060423, as used by GNU strings, allows context-dependent attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a file with a crafted Tektronix Hex Format (TekHex?) record in which the length character is not a valid hexadecimal character (CVE-2006-2362). The updated packages have been patched to correct these issues. Affected: 2006.0, Corporate 3.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. https://secure1.securityspace.com/smysecure/catid.html?in=MDKSA-2006:153 Risk factor : High CVSS Score: 7.5
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2005-4807 BugTraq ID: 19555 http://www.securityfocus.com/bid/19555 http://bugs.gentoo.org/show_bug.cgi?id=99464 http://www.osvdb.org/27960 http://secunia.com/advisories/21508 http://secunia.com/advisories/21530 http://www.ubuntu.com/usn/usn-336-1 http://www.vupen.com/english/advisories/2006/3307 Common Vulnerability Exposure (CVE) ID: CVE-2006-2362 http://lists.apple.com/archives/security-announce/2007/Oct/msg00001.html BugTraq ID: 17950 http://www.securityfocus.com/bid/17950 http://www.mail-archive.com/bug-binutils@gnu.org/msg01516.html http://www.securitytracker.com/id?1018872 http://secunia.com/advisories/20188 http://secunia.com/advisories/20531 http://secunia.com/advisories/20550 http://secunia.com/advisories/22932 http://secunia.com/advisories/27441 SuSE Security Announcement: SUSE-SR:2006:026 (Google Search) http://www.novell.com/linux/security/advisories/2006_26_sr.html http://www.trustix.org/errata/2006/0034/ http://www.ubuntu.com/usn/usn-292-1 http://www.vupen.com/english/advisories/2006/1924 http://www.vupen.com/english/advisories/2007/3665 XForce ISS Database: binutils-libbfd-bo(26644) https://exchange.xforce.ibmcloud.com/vulnerabilities/26644
Copyright	Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com