ID de Prueba:	1.3.6.1.4.1.25623.1.0.64179
Categoría:	Mandrake Local Security Checks
Título:	Mandrake Security Advisory MDVSA-2009:128 (libmodplug)
Resumen:	The remote host is missing an update to libmodplug;announced via advisory MDVSA-2009:128.
Descripción:	Summary: The remote host is missing an update to libmodplug announced via advisory MDVSA-2009:128. Vulnerability Insight: Multiple security vulnerabilities has been identified and fixed in libmodplug: Integer overflow in the CSoundFile::ReadMed function (src/load_med.cpp) in libmodplug before 0.8.6, as used in gstreamer-plugins and other products, allows context-dependent attackers to execute arbitrary code via a MED file with a crafted (1) song comment or (2) song name, which triggers a heap-based buffer overflow (CVE-2009-1438). Buffer overflow in the PATinst function in src/load_pat.cpp in libmodplug before 0.8.7 allows user-assisted remote attackers to cause a denial of service and possibly execute arbitrary code via a long instrument name (CVE-2009-1513). The updated packages have been patched to prevent this. Affected: 2008.1, 2009.0, 2009.1 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2009-1438 BugTraq ID: 30801 http://www.securityfocus.com/bid/30801 Debian Security Information: DSA-1850 (Google Search) http://www.debian.org/security/2009/dsa-1850 Debian Security Information: DSA-1851 (Google Search) http://www.debian.org/security/2009/dsa-1851 http://www.redhat.com/archives/fedora-package-announce/2009-April/msg00907.html http://www.redhat.com/archives/fedora-package-announce/2009-April/msg00908.html http://security.gentoo.org/glsa/glsa-200907-07.xml http://www.mandriva.com/security/advisories?name=MDVSA-2009:128 http://modplug-xmms.cvs.sourceforge.net/viewvc/modplug-xmms/libmodplug/src/load_med.cpp?r1=1.1&r2=1.2 http://www.openwall.com/lists/oss-security/2009/04/21/4 http://osvdb.org/53801 http://secunia.com/advisories/34797 http://secunia.com/advisories/34930 http://secunia.com/advisories/35026 http://secunia.com/advisories/35685 http://secunia.com/advisories/35736 http://secunia.com/advisories/36158 http://secunia.com/advisories/36183 SuSE Security Announcement: SUSE-SR:2009:012 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html http://www.ubuntu.com/usn/USN-771-1 http://www.vupen.com/english/advisories/2009/1104 XForce ISS Database: libmodplug-csoundfilereadmed-bo(50388) https://exchange.xforce.ibmcloud.com/vulnerabilities/50388 Common Vulnerability Exposure (CVE) ID: CVE-2009-1513 BugTraq ID: 34747 http://www.securityfocus.com/bid/34747 http://www.openwall.com/lists/oss-security/2009/04/29/5 http://osvdb.org/54109 http://secunia.com/advisories/34927 http://www.vupen.com/english/advisories/2009/1200
Copyright	Copyright (C) 2009 E-Soft Inc.

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.