ID de Prueba:	1.3.6.1.4.1.25623.1.0.58492
Categoría:	Mandrake Local Security Checks
Título:	Mandrake Security Advisory MDKSA-2007:153 (gd)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to gd announced via advisory MDKSA-2007:153. GD versions prior to 2.0.35 have a number of bugs which potentially lead to denial of service and possibly other issues. Integer overflow in gdImageCreateTrueColor function in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to have unspecified remote attack vectors and impact. (CVE-2007-3472) The gdImageCreateXbm function in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash) via unspecified vectors involving a gdImageCreate failure. (CVE-2007-3473) Multiple unspecified vulnerabilities in the GIF reader in the GD Graphics Library (libgd) before 2.0.35 allow user-assisted remote attackers to have unspecified attack vectors and impact. (CVE-2007-3474) The GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash) via a GIF image that has no global color map. (CVE-2007-3475) Array index error in gd_gif_in.c in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash and heap corruption) via large color index values in crafted image data, which results in a segmentation fault. (CVE-2007-3476) The (a) imagearc and (b) imagefilledarc functions in GD Graphics Library (libgd) before 2.0.35 allows attackers to cause a denial of service (CPU consumption) via a large (1) start or (2) end angle degree value. (CVE-2007-3477) Race condition in gdImageStringFTEx (gdft_draw_bitmap) in gdft.c in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash) via unspecified vectors, possibly involving truetype font (TTF) support. (CVE-2007-3478) The security issues related to GIF image handling (CVE-2007-3473, CVE-2007-3474, CVE-2007-3475, CVE-2007-3476) do not affect Corporate 3.0, as the version of GD included in these versions does not include GIF support. Updated packages have been patched to prevent these issues. Affected: 2007.0, 2007.1, Corporate 3.0, Corporate 4.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. https://secure1.securityspace.com/smysecure/catid.html?in=MDKSA-2007:153 Risk factor : Medium CVSS Score: 5.0
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2007-3472 BugTraq ID: 24651 http://www.securityfocus.com/bid/24651 Bugtraq: 20070907 FLEA-2007-0052-1 gd (Google Search) http://www.securityfocus.com/archive/1/478796/100/0/threaded http://fedoranews.org/updates/FEDORA-2007-205.shtml http://www.redhat.com/archives/fedora-package-announce/2007-September/msg00311.html http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052854.html http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052848.html http://security.gentoo.org/glsa/glsa-200708-05.xml http://security.gentoo.org/glsa/glsa-200711-34.xml http://security.gentoo.org/glsa/glsa-200805-13.xml http://www.mandriva.com/security/advisories?name=MDKSA-2007:153 http://www.mandriva.com/security/advisories?name=MDKSA-2007:164 http://bugs.libgd.org/?do=details&task_id=89 http://www.secweb.se/en/advisories/gd-gdimagecreatetruecolor-integer-overflow/ http://osvdb.org/37745 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11067 http://www.redhat.com/support/errata/RHSA-2008-0146.html http://secunia.com/advisories/25855 http://secunia.com/advisories/25860 http://secunia.com/advisories/26272 http://secunia.com/advisories/26390 http://secunia.com/advisories/26415 http://secunia.com/advisories/26467 http://secunia.com/advisories/26663 http://secunia.com/advisories/26766 http://secunia.com/advisories/26856 http://secunia.com/advisories/29157 http://secunia.com/advisories/30168 http://secunia.com/advisories/42813 SuSE Security Announcement: SUSE-SR:2007:015 (Google Search) http://www.novell.com/linux/security/advisories/2007_15_sr.html http://www.trustix.org/errata/2007/0024/ http://www.vupen.com/english/advisories/2007/2336 http://www.vupen.com/english/advisories/2011/0022 XForce ISS Database: gd-imagecreatetruecolor-code-execution(35108) https://exchange.xforce.ibmcloud.com/vulnerabilities/35108 Common Vulnerability Exposure (CVE) ID: CVE-2007-3473 http://bugs.libgd.org/?do=details&task_id=94 http://osvdb.org/37744 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11806 XForce ISS Database: gd-imagecreatexbm-dos(35109) https://exchange.xforce.ibmcloud.com/vulnerabilities/35109 Common Vulnerability Exposure (CVE) ID: CVE-2007-3474 http://osvdb.org/37743 XForce ISS Database: gd-gifreader-unspecified(35110) https://exchange.xforce.ibmcloud.com/vulnerabilities/35110 Common Vulnerability Exposure (CVE) ID: CVE-2007-3475 http://www.libgd.org/ReleaseNote020035 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9728 Common Vulnerability Exposure (CVE) ID: CVE-2007-3476 Debian Security Information: DSA-1613 (Google Search) http://www.debian.org/security/2008/dsa-1613 http://osvdb.org/37741 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10348 http://secunia.com/advisories/31168 Common Vulnerability Exposure (CVE) ID: CVE-2007-3477 http://osvdb.org/42062 Common Vulnerability Exposure (CVE) ID: CVE-2007-3478 http://bugs.php.net/bug.php?id=40578 http://osvdb.org/37740
Copyright	Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.