English | Deutsch | Español
 
Inicial ▼
Página inicial Acerca Nuestro Contáctenos Privacidad Programas de Asociados Testimonios En la Prensa Listas de Correos Abuso Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
 
Auditorias ▼
Inicial Dedicada Avanzada Estándar Periódica Sin Riesgo Escritorio Básica Sello FAQ Resumen de Precio/Funciones Ordenar Nuevas Pruebas Todas las Pruebas Confidencialidad Búsqueda de Vulnerabilidad Ejecutar Auditoría Programador IP Permissions Auditorías Personalizadas Cola Recordatorio Sellos Informes Estilos de Informes
DNS
Administrado ▼
Acerca de DNS Ordenar/Renovar Preguntas Frecuentes AUP Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password
Monitoreo
de Redes ▼
Enterprise Avanzado Estándarr Prueba Preguntas Frecuentes Resumen de Precio/Funciones Ordenar Muestras
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Iniciar sesión/Registrarse 
 
 Búsqueda de    
Vulnerabilidad   		     Buscar 324607 Descripciones CVE y
146377 Descripciones de Pruebas,
accesos 10,000+ referencias cruzadas.
Pruebas   CVE   Todos  

ID de Prueba:1.3.6.1.4.1.25623.1.0.69400
Categoría:Mandrake Local Security Checks
Título:Mandriva Security Advisory MDVSA-2011:064 (libtiff)
Resumen:NOSUMMARY
Descripción:Description:
The remote host is missing an update to libtiff
announced via advisory MDVSA-2011:064.

Multiple vulnerabilities were discovered and corrected in libtiff:

Buffer overflow in LibTIFF allows remote attackers to execute arbitrary
code or cause a denial of service (application crash) via a crafted
TIFF image with JPEG encoding (CVE-2011-0191).

Heap-based buffer overflow in the thunder (aka ThunderScan) decoder
in tif_thunder.c in LibTIFF 3.9.4 and earlier allows remote attackers
to execute arbitrary code via crafted THUNDER_2BITDELTAS data in a
.tiff file that has an unexpected BitsPerSample value (CVE-2011-1167).

Packages for 2009.0 are provided as of the Extended Maintenance
Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490

The updated packages have been patched to correct these issues.

Affected: 2009.0, 2010.0, 2010.1, Corporate 4.0, Enterprise Server 5.0

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

https://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2011:064

Risk factor : Critical

CVSS Score:
9.3

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2011-0191
http://lists.apple.com/archives/security-announce/2011/Mar/msg00000.html
http://lists.apple.com/archives/security-announce/2011//Mar/msg00003.html
http://lists.apple.com/archives/security-announce/2011//Mar/msg00004.html
http://lists.apple.com/archives/security-announce/2011//Mar/msg00005.html
http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html
BugTraq ID: 46657
http://www.securityfocus.com/bid/46657
Debian Security Information: DSA-2210 (Google Search)
http://www.debian.org/security/2011/dsa-2210
http://www.mandriva.com/security/advisories?name=MDVSA-2011:064
http://secunia.com/advisories/43934
SuSE Security Announcement: SUSE-SR:2011:005 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html
SuSE Security Announcement: SUSE-SR:2011:009 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html
http://www.vupen.com/english/advisories/2011/0845
http://www.vupen.com/english/advisories/2011/0859
Common Vulnerability Exposure (CVE) ID: CVE-2011-1167
1025257
http://www.securitytracker.com/id?1025257
20110321 ZDI-11-107: Libtiff ThunderCode Decoder THUNDER_2BITDELTAS Remote Code Execution Vulnerability
http://www.securityfocus.com/archive/1/517101/100/0/threaded
43900
http://secunia.com/advisories/43900
43934
43974
http://secunia.com/advisories/43974
44117
http://secunia.com/advisories/44117
44135
http://secunia.com/advisories/44135
46951
http://www.securityfocus.com/bid/46951
50726
http://secunia.com/advisories/50726
71256
http://www.osvdb.org/71256
8165
http://securityreason.com/securityalert/8165
ADV-2011-0795
http://www.vupen.com/english/advisories/2011/0795
ADV-2011-0845
ADV-2011-0859
ADV-2011-0860
http://www.vupen.com/english/advisories/2011/0860
ADV-2011-0905
http://www.vupen.com/english/advisories/2011/0905
ADV-2011-0930
http://www.vupen.com/english/advisories/2011/0930
ADV-2011-0960
http://www.vupen.com/english/advisories/2011/0960
APPLE-SA-2012-02-01-1
http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html
APPLE-SA-2012-05-09-1
http://lists.apple.com/archives/security-announce/2012/May/msg00001.html
APPLE-SA-2012-09-19-1
http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html
DSA-2210
FEDORA-2011-3827
http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057840.html
FEDORA-2011-3836
http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057763.html
GLSA-201209-02
http://security.gentoo.org/glsa/glsa-201209-02.xml
MDVSA-2011:064
RHSA-2011:0392
http://www.redhat.com/support/errata/RHSA-2011-0392.html
SSA:2011-098-01
http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.587820
SUSE-SR:2011:009
USN-1102-1
http://ubuntu.com/usn/usn-1102-1
http://blackberry.com/btsc/KB27244
http://bugzilla.maptools.org/show_bug.cgi?id=2300
http://support.apple.com/kb/HT5130
http://support.apple.com/kb/HT5281
http://support.apple.com/kb/HT5503
http://www.zerodayinitiative.com/advisories/ZDI-11-107
https://bugzilla.redhat.com/show_bug.cgi?id=684939
libtiff-thundercode-decoder-bo(66247)
https://exchange.xforce.ibmcloud.com/vulnerabilities/66247
CopyrightCopyright (c) 2011 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.

Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.



© 1998-2025 E-Soft Inc. Todos los derechos reservados.