Mandrake Local Security Checks : Mandriva Security Advisory MDVSA-2010:165 (libHX)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.68250

Categoría: Mandrake Local Security Checks

Título: Mandriva Security Advisory MDVSA-2010:165 (libHX)

Resumen: NOSUMMARY

Descripción: Description:
The remote host is missing an update to libHX
announced via advisory MDVSA-2010:165.

A vulnerability has been found and corrected in libHX:

Heap-based buffer overflow in the HX_split function in string.c in
libHX before 3.6 allows remote attackers to execute arbitrary code
or cause a denial of service (application crash) via a string that
is inconsistent with the expected number of fields (CVE-2010-2947).

The updated packages have been patched to correct this issue.

Affected: 2009.0, 2009.1, 2010.0, 2010.1

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

https://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2010:165

Risk factor : Critical

CVSS Score:
10.0

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2010-2947
42592
http://www.securityfocus.com/bid/42592
ADV-2010-2232
http://www.vupen.com/english/advisories/2010/2232
MDVSA-2010:165
http://www.mandriva.com/security/advisories?name=MDVSA-2010:165
SUSE-SR:2010:019
http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html
[oss-security] 20100820 CVE Request: heap-based buffer overflow in libHX
http://www.openwall.com/lists/oss-security/2010/08/20/5
[oss-security] 20100820 Re: CVE Request: heap-based buffer overflow in libHX
http://www.openwall.com/lists/oss-security/2010/08/20/12
http://libhx.git.sourceforge.net/git/gitweb.cgi?p=libhx/libhx%3Ba=commit%3Bh=904a46f90dd3f046bfac0b64a5e813d7cd4fca59
https://bugzilla.redhat.com/show_bug.cgi?id=625866

Copyright Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.68250
Categoría:	Mandrake Local Security Checks
Título:	Mandriva Security Advisory MDVSA-2010:165 (libHX)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to libHX announced via advisory MDVSA-2010:165. A vulnerability has been found and corrected in libHX: Heap-based buffer overflow in the HX_split function in string.c in libHX before 3.6 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a string that is inconsistent with the expected number of fields (CVE-2010-2947). The updated packages have been patched to correct this issue. Affected: 2009.0, 2009.1, 2010.0, 2010.1 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. https://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2010:165 Risk factor : Critical CVSS Score: 10.0
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2010-2947 42592 http://www.securityfocus.com/bid/42592 ADV-2010-2232 http://www.vupen.com/english/advisories/2010/2232 MDVSA-2010:165 http://www.mandriva.com/security/advisories?name=MDVSA-2010:165 SUSE-SR:2010:019 http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html [oss-security] 20100820 CVE Request: heap-based buffer overflow in libHX http://www.openwall.com/lists/oss-security/2010/08/20/5 [oss-security] 20100820 Re: CVE Request: heap-based buffer overflow in libHX http://www.openwall.com/lists/oss-security/2010/08/20/12 http://libhx.git.sourceforge.net/git/gitweb.cgi?p=libhx/libhx%3Ba=commit%3Bh=904a46f90dd3f046bfac0b64a5e813d7cd4fca59 https://bugzilla.redhat.com/show_bug.cgi?id=625866
Copyright	Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com