ID de Prueba:	1.3.6.1.4.1.25623.1.0.57821
Categoría:	Mandrake Local Security Checks
Título:	Mandrake Security Advisory MDKSA-2007:027 (xine-ui)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to xine-ui announced via advisory MDKSA-2007:027. Format string vulnerability in the errors_create_window function in errors.c in xine-ui allows attackers to execute arbitrary code via unknown vectors. (CVE-2007-0254) XINE 0.99.4 allows user-assisted remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a certain M3U file that contains a long #EXTINF line and contains format string specifiers in an invalid udp:// URI, possibly a variant of CVE-2007-0017. (CVE-2007-0255) The updated packages have been patched to correct these issues. Affected: 2007.0, Corporate 3.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. https://secure1.securityspace.com/smysecure/catid.html?in=MDKSA-2007:027 Risk factor : Critical CVSS Score: 10.0
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2007-0254 BugTraq ID: 22002 http://www.securityfocus.com/bid/22002 Bugtraq: 20070111 Xine-ui format string Vulnerabilties. (Google Search) http://www.securityfocus.com/archive/1/456590/100/0/threaded http://security.gentoo.org/glsa/glsa-200701-18.xml http://www.mandriva.com/security/advisories?name=MDKSA-2007:027 http://www.mandriva.com/security/advisories?name=MDKSA-2007:154 http://osvdb.org/31594 http://secunia.com/advisories/23709 http://secunia.com/advisories/23891 http://secunia.com/advisories/23931 XForce ISS Database: xineui-errorscreatewindow-format-string(31505) https://exchange.xforce.ibmcloud.com/vulnerabilities/31505 Common Vulnerability Exposure (CVE) ID: CVE-2007-0017 BugTraq ID: 21852 http://www.securityfocus.com/bid/21852 Debian Security Information: DSA-1252 (Google Search) http://www.debian.org/security/2007/dsa-1252 http://security.gentoo.org/glsa/glsa-200701-24.xml http://applefun.blogspot.com/2007/01/moab-02-01-2007-vlc-media-player-udp.html http://landonf.bikemonkey.org/code/macosx/MOAB_Day_2.20070103045559.6753.timor.html http://projects.info-pull.com/moab/MOAB-02-01-2007.html http://www.via.ecp.fr/via/ml/vlc-devel/2007-01/msg00005.html http://osvdb.org/31163 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14313 http://securitytracker.com/id?1017464 http://secunia.com/advisories/23592 http://secunia.com/advisories/23829 http://secunia.com/advisories/23910 http://secunia.com/advisories/23971 SuSE Security Announcement: SUSE-SA:2007:013 (Google Search) http://www.novell.com/linux/security/advisories/2007_13_xine.html http://www.vupen.com/english/advisories/2007/0026 XForce ISS Database: vlcmediaplayer-udp-format-string(31226) https://exchange.xforce.ibmcloud.com/vulnerabilities/31226 Common Vulnerability Exposure (CVE) ID: CVE-2007-0255 BugTraq ID: 22252 http://www.securityfocus.com/bid/22252 Bugtraq: 20070110 VLC Format String Vulnerability also in XINE (Google Search) http://www.securityfocus.com/archive/1/456523/100/0/threaded http://osvdb.org/31666
Copyright	Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.