ID de Prueba:	1.3.6.1.4.1.25623.1.0.66021
Categoría:	Mandrake Local Security Checks
Título:	Mandrake Security Advisory MDVSA-2009:264 (gd)
Resumen:	The remote host is missing an update to gd;announced via advisory MDVSA-2009:264.
Descripción:	Summary: The remote host is missing an update to gd announced via advisory MDVSA-2009:264. Vulnerability Insight: Multiple integer overflows in libgd in PHP before 5.2.4 allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large (1) srcW or (2) srcH value to the (a) gdImageCopyResized function, or a large (3) sy (height) or (4) sx (width) value to the (b) gdImageCreate or the (c) gdImageCreateTrueColor function. (CVE-2007-3996) The updated packages have been patched to prevent this. Affected: Corporate 3.0, Multi Network Firewall 2.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2007-3996 Debian Security Information: DSA-1613 (Google Search) http://www.debian.org/security/2008/dsa-1613 https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00354.html http://www.gentoo.org/security/en/glsa/glsa-200710-02.xml http://security.gentoo.org/glsa/glsa-200712-13.xml http://www.mandriva.com/security/advisories?name=MDKSA-2007:187 http://secweb.se/en/advisories/php-imagecopyresized-integer-overflow/ http://secweb.se/en/advisories/php-imagecreatetruecolor-integer-overflow/ https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11147 http://www.redhat.com/support/errata/RHSA-2007-0888.html RedHat Security Advisories: RHSA-2007:0889 http://rhn.redhat.com/errata/RHSA-2007-0889.html http://www.redhat.com/support/errata/RHSA-2007-0890.html http://www.redhat.com/support/errata/RHSA-2007-0891.html http://secunia.com/advisories/26642 http://secunia.com/advisories/26822 http://secunia.com/advisories/26838 http://secunia.com/advisories/26871 http://secunia.com/advisories/26895 http://secunia.com/advisories/26930 http://secunia.com/advisories/26967 http://secunia.com/advisories/27102 http://secunia.com/advisories/27351 http://secunia.com/advisories/27377 http://secunia.com/advisories/27545 http://secunia.com/advisories/28009 http://secunia.com/advisories/28147 http://secunia.com/advisories/28658 http://secunia.com/advisories/31168 http://securityreason.com/securityalert/3103 SuSE Security Announcement: SUSE-SA:2008:004 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00006.html http://www.trustix.org/errata/2007/0026/ http://www.ubuntu.com/usn/usn-557-1 http://www.vupen.com/english/advisories/2007/3023 XForce ISS Database: php-gdimagecopyresized-bo(36383) https://exchange.xforce.ibmcloud.com/vulnerabilities/36383 XForce ISS Database: php-gdimagecreate-bo(36382) https://exchange.xforce.ibmcloud.com/vulnerabilities/36382
Copyright	Copyright (C) 2009 E-Soft Inc.

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.