Mandrake Local Security Checks : Mandrake Security Advisory MDVSA-2009:223 (xerces-c)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.64695

Categoría: Mandrake Local Security Checks

Título: Mandrake Security Advisory MDVSA-2009:223 (xerces-c)

Resumen: The remote host is missing an update to xerces-c;announced via advisory MDVSA-2009:223.

Descripción: Summary:
The remote host is missing an update to xerces-c
announced via advisory MDVSA-2009:223.

Vulnerability Insight:
A vulnerability has been found and corrected in xerces-c:

Stack consumption vulnerability in validators/DTD/DTDScanner.cpp in
Apache Xerces C++ 2.7.0 and 2.8.0 allows context-dependent attackers to
cause a denial of service (application crash) via vectors involving
nested parentheses and invalid byte values in simply nested DTD
structures, as demonstrated by the Codenomicon XML fuzzing framework
(CVE-2009-1885).

This update provides a solution to this vulnerability.

Affected: 2008.1, 2009.0, 2009.1, Enterprise Server 5.0

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

CVSS Score:
4.3

CVSS Vector:
AV:N/AC:M/Au:N/C:N/I:N/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2009-1885
35986
http://www.securityfocus.com/bid/35986
36201
http://secunia.com/advisories/36201
ADV-2009-2196
http://www.vupen.com/english/advisories/2009/2196
FEDORA-2009-8305
https://www.redhat.com/archives/fedora-package-announce/2009-August/msg01001.html
FEDORA-2009-8332
https://www.redhat.com/archives/fedora-package-announce/2009-August/msg01150.html
FEDORA-2009-8345
https://www.redhat.com/archives/fedora-package-announce/2009-August/msg01136.html
FEDORA-2009-8350
https://www.redhat.com/archives/fedora-package-announce/2009-August/msg01099.html
MDVSA-2009:223
http://www.mandriva.com/security/advisories?name=MDVSA-2009:223
http://svn.apache.org/viewvc/xerces/c/trunk/src/xercesc/validators/DTD/DTDScanner.cpp?r1=781488&r2=781487&pathrev=781488&view=patch
http://svn.apache.org/viewvc?view=rev&revision=781488
http://www.cert.fi/en/reports/2009/vulnerability2009085.html
http://www.codenomicon.com/labs/xml/
http://www.networkworld.com/columnists/2009/080509-xml-flaw.html
https://bugzilla.redhat.com/show_bug.cgi?id=515515
xerces-c-dtd-dos(52321)
https://exchange.xforce.ibmcloud.com/vulnerabilities/52321

Copyright Copyright (C) 2009 E-Soft Inc.

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.64695
Categoría:	Mandrake Local Security Checks
Título:	Mandrake Security Advisory MDVSA-2009:223 (xerces-c)
Resumen:	The remote host is missing an update to xerces-c;announced via advisory MDVSA-2009:223.
Descripción:	Summary: The remote host is missing an update to xerces-c announced via advisory MDVSA-2009:223. Vulnerability Insight: A vulnerability has been found and corrected in xerces-c: Stack consumption vulnerability in validators/DTD/DTDScanner.cpp in Apache Xerces C++ 2.7.0 and 2.8.0 allows context-dependent attackers to cause a denial of service (application crash) via vectors involving nested parentheses and invalid byte values in simply nested DTD structures, as demonstrated by the Codenomicon XML fuzzing framework (CVE-2009-1885). This update provides a solution to this vulnerability. Affected: 2008.1, 2009.0, 2009.1, Enterprise Server 5.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2009-1885 35986 http://www.securityfocus.com/bid/35986 36201 http://secunia.com/advisories/36201 ADV-2009-2196 http://www.vupen.com/english/advisories/2009/2196 FEDORA-2009-8305 https://www.redhat.com/archives/fedora-package-announce/2009-August/msg01001.html FEDORA-2009-8332 https://www.redhat.com/archives/fedora-package-announce/2009-August/msg01150.html FEDORA-2009-8345 https://www.redhat.com/archives/fedora-package-announce/2009-August/msg01136.html FEDORA-2009-8350 https://www.redhat.com/archives/fedora-package-announce/2009-August/msg01099.html MDVSA-2009:223 http://www.mandriva.com/security/advisories?name=MDVSA-2009:223 http://svn.apache.org/viewvc/xerces/c/trunk/src/xercesc/validators/DTD/DTDScanner.cpp?r1=781488&r2=781487&pathrev=781488&view=patch http://svn.apache.org/viewvc?view=rev&revision=781488 http://www.cert.fi/en/reports/2009/vulnerability2009085.html http://www.codenomicon.com/labs/xml/ http://www.networkworld.com/columnists/2009/080509-xml-flaw.html https://bugzilla.redhat.com/show_bug.cgi?id=515515 xerces-c-dtd-dos(52321) https://exchange.xforce.ibmcloud.com/vulnerabilities/52321
Copyright	Copyright (C) 2009 E-Soft Inc.