ID de Prueba:	1.3.6.1.4.1.25623.1.0.831308
Categoría:	Mandrake Local Security Checks
Título:	Mandriva Update for gif2png MDVSA-2011:009 (gif2png)
Resumen:	The remote host is missing an update for the 'gif2png'; package(s) announced via the referenced advisory.
Descripción:	Summary: The remote host is missing an update for the 'gif2png' package(s) announced via the referenced advisory. Vulnerability Insight: A vulnerability has been found and corrected in gif2png: Stack-based buffer overflow in gif2png.c in gif2png 2.5.3 and earlier might allow context-dependent attackers to execute arbitrary code via a long command-line argument, as demonstrated by a CGI program that launches gif2png (CVE-2009-5018). Buffer overflow in gif2png.c in gif2png 2.5.3 and earlier might allow context-dependent attackers to cause a denial of service (application crash) or have unspecified other impact via a GIF file that contains many images, leading to long extensions such as .p100 for PNG output files, as demonstrated by a CGI program that launches gif2png, a different vulnerability than CVE-2009-5018 (CVE-2010-4694). Packages for 2009.0 are provided as of the Extended Maintenance Program. The updated packages have been patched to correct this issue. Affected Software/OS: gif2png on Mandriva Linux 2009.0, Mandriva Linux 2009.0/X86_64, Mandriva Linux 2010.0, Mandriva Linux 2010.0/X86_64, Mandriva Linux 2010.1, Mandriva Linux 2010.1/X86_64 Solution: Please Install the Updated Packages. CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2009-5018 20091213 [gif2png] long filename Buffer Overrun http://lists.grok.org.uk/pipermail/full-disclosure/2009-December/072009.html 41801 http://www.securityfocus.com/bid/41801 42796 http://secunia.com/advisories/42796 ADV-2010-3036 http://www.vupen.com/english/advisories/2010/3036 ADV-2011-0023 http://www.vupen.com/english/advisories/2011/0023 ADV-2011-0107 http://www.vupen.com/english/advisories/2011/0107 FEDORA-2010-0358 http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051229.html GLSA-201101-01 http://security.gentoo.org/glsa/glsa-201101-01.xml MDVSA-2011:009 http://www.mandriva.com/security/advisories?name=MDVSA-2011:009 [oss-security] 20101121 CVE Request: gif2png: command-line buffer overflow problem http://openwall.com/lists/oss-security/2010/11/21/1 [oss-security] 20101121 Re: CVE Request: gif2png: command-line buffer overflow problem http://openwall.com/lists/oss-security/2010/11/22/1 http://openwall.com/lists/oss-security/2010/11/22/3 [oss-security] 20101122 Re: CVE Request: gif2png: command-line buffer overflow problem http://openwall.com/lists/oss-security/2010/11/22/12 gif2png-commandline-bo(64820) https://exchange.xforce.ibmcloud.com/vulnerabilities/64820 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=550978 http://bugs.gentoo.org/show_bug.cgi?id=346501 http://cvs.fedoraproject.org/viewvc/rpms/gif2png/devel/gif2png-overflow.patch?root=extras&view=log https://bugzilla.redhat.com/show_bug.cgi?id=547515 Common Vulnerability Exposure (CVE) ID: CVE-2010-4694 BugTraq ID: 45815 http://www.securityfocus.com/bid/45815 http://security.gentoo.org/glsa/glsa-201203-15.xml XForce ISS Database: gif2png-gif-bo(64754) https://exchange.xforce.ibmcloud.com/vulnerabilities/64754
Copyright	Copyright (C) 2011 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.