 |
Inicial ▼ Bookkeeping
Online ▼ Auditorias ▼
DNS
Administrado ▼
Acerca de DNS
Ordenar/Renovar
Preguntas Frecuentes
AUP
Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password Monitoreo
de Redes ▼
Enterprise
Avanzado
Estándarr
Prueba
Preguntas Frecuentes
Resumen de Precio/Funciones
Ordenar
Muestras
Configure/Status Alert Profiles | ||
| ID de Prueba: | 1.3.6.1.4.1.25623.1.0.831311 |
| Categoría: | Mandrake Local Security Checks |
| Título: | Mandriva Update for xfig MDVSA-2011:010 (xfig) |
| Resumen: | The remote host is missing an update for the 'xfig'; package(s) announced via the referenced advisory. |
| Descripción: | Summary: The remote host is missing an update for the 'xfig' package(s) announced via the referenced advisory. Vulnerability Insight: Multiple vulnerabilities has been found and corrected in xfig: Stack-based buffer overflow in the read_1_3_textobject function in f_readold.c in Xfig 3.2.5b and earlier, and in the read_textobject function in read1_3.c in fig2dev in Transfig 3.2.5a and earlier, allows remote attackers to execute arbitrary code via a long string in a malformed .fig file that uses the 1.3 file format. NOTE: some of these details are obtained from third party information (CVE-2009-4227). Stack consumption vulnerability in u_bound.c in Xfig 3.2.5b and earlier allows remote attackers to cause a denial of service (application crash) via a long string in a malformed .fig file that uses the 1.3 file format, possibly related to the readfp_fig function in f_read.c (CVE-2009-4228). Stack-based buffer overflow in Xfig 3.2.4 and 3.2.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a FIG image with a crafted color definition (CVE-2010-4262). Packages for 2009.0 are provided as of the Extended Maintenance Program. The updated packages have been patched to correct these issues. Affected Software/OS: xfig on Mandriva Linux 2009.0, Mandriva Linux 2009.0/X86_64, Mandriva Linux 2010.0, Mandriva Linux 2010.0/X86_64, Mandriva Linux 2010.1, Mandriva Linux 2010.1/X86_64 Solution: Please Install the Updated Packages. CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P |
| Referencia Cruzada: |
Common Vulnerability Exposure (CVE) ID: CVE-2009-4227 BugTraq ID: 37193 http://www.securityfocus.com/bid/37193 http://www.mandriva.com/security/advisories?name=MDVSA-2011:010 http://www.openwall.com/lists/oss-security/2009/12/03/2 http://secunia.com/advisories/37571 http://secunia.com/advisories/37577 http://www.vupen.com/english/advisories/2011/0108 XForce ISS Database: xfig-read13textobject-bo(54525) https://exchange.xforce.ibmcloud.com/vulnerabilities/54525 Common Vulnerability Exposure (CVE) ID: CVE-2009-4228 Common Vulnerability Exposure (CVE) ID: CVE-2010-4262 42579 http://secunia.com/advisories/42579 45177 http://www.securityfocus.com/bid/45177 ADV-2010-3232 http://www.vupen.com/english/advisories/2010/3232 ADV-2011-0108 FEDORA-2010-18589 http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052247.html MDVSA-2011:010 [oss-security] 20101203 CVE Request -- Xfig: Stack-based buffer overflow by processing FIG image with crafted color definition http://www.openwall.com/lists/oss-security/2010/12/03/2 [oss-security] 20101206 Re: CVE Request -- Xfig: Stack-based buffer overflow by processing FIG image with crafted color definition http://www.openwall.com/lists/oss-security/2010/12/06/8 https://bugzilla.redhat.com/show_bug.cgi?id=657981 https://bugzilla.redhat.com/show_bug.cgi?id=659676 |
| Copyright | Copyright (C) 2011 Greenbone AG |
| Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora. |