Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.50921
Category:Mandrake Local Security Checks
Title:Mandrake Security Advisory MDKSA-2005:002 (wxGTK2)
Summary:NOSUMMARY
Description:Description:

The remote host is missing an update to wxGTK2
announced via advisory MDKSA-2005:002.

Several vulnerabilities have been discovered in the libtiff package

wxGTK2 uses a libtiff code tree, so it may have the same
vulnerabilities:

iDefense reported the possibility of remote exploitation of an integer
overflow in libtiff that may allow for the execution of arbitrary code.

The overflow occurs in the parsing of TIFF files set with the
STRIPOFFSETS flag.

iDefense also reported a heap-based buffer overflow vulnerability
within the LibTIFF package could allow attackers to execute arbitrary
code. (CVE-2004-1308)

The vulnerability specifically exists due to insufficient validation of
user-supplied data when calculating the size of a directory entry.

The updated packages are patched to protect against these
vulnerabilities.

Affected versions: 10.0, 10.1

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

https://secure1.securityspace.com/smysecure/catid.html?in=MDKSA-2005:002
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1183
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1308

Risk factor : Critical

CVSS Score:
10.0

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2004-1308
http://lists.apple.com/archives/security-announce/2005/May/msg00001.html
Cert/CC Advisory: TA05-136A
http://www.us-cert.gov/cas/techalerts/TA05-136A.html
CERT/CC vulnerability note: VU#125598
http://www.kb.cert.org/vuls/id/125598
Conectiva Linux advisory: CLA-2005:920
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000920
Debian Security Information: DSA-617 (Google Search)
http://www.debian.org/security/2004/dsa-617
http://www.idefense.com/application/poi/display?id=174&type=vulnerabilities
http://www.mandriva.com/security/advisories?name=MDKSA-2005:052
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100117
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9392
http://www.redhat.com/support/errata/RHSA-2005-019.html
http://www.redhat.com/support/errata/RHSA-2005-035.html
http://secunia.com/advisories/13776
http://sunsolve.sun.com/search/document.do?assetkey=1-26-101677-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-201072-1
SuSE Security Announcement: SUSE-SA:2005:001 (Google Search)
http://www.novell.com/linux/security/advisories/2005_01_libtiff_tiff.html
XForce ISS Database: libtiff-tiff-tdircount-bo(18637)
https://exchange.xforce.ibmcloud.com/vulnerabilities/18637
Common Vulnerability Exposure (CVE) ID: CVE-2004-1183
BugTraq ID: 12173
http://www.securityfocus.com/bid/12173
Bugtraq: 20050106 [USN-54-1] TIFF library tool vulnerability (Google Search)
http://marc.info/?l=bugtraq&m=110503635113419&w=2
Debian Security Information: DSA-626 (Google Search)
http://www.debian.org/security/2004/dsa-626
http://security.gentoo.org/glsa/glsa-200501-06.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2005:001
http://www.mandriva.com/security/advisories?name=MDKSA-2005:002
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9743
http://secunia.com/advisories/13728/
XForce ISS Database: libtiff-tiffdump-bo(18782)
https://exchange.xforce.ibmcloud.com/vulnerabilities/18782
CopyrightCopyright (c) 2005 E-Soft Inc. http://www.securityspace.com

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2024 E-Soft Inc. All rights reserved.