Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | |||
Test ID: | 1.3.6.1.4.1.25623.1.0.65751 |
Category: | Ubuntu Local Security Checks |
Title: | Ubuntu USN-844-1 (mimetex) |
Summary: | NOSUMMARY |
Description: | Description: The remote host is missing an update to mimetex announced via advisory USN-844-1. Details follow: Chris Evans discovered that mimeTeX incorrectly handled certain long tags. An attacker could exploit this with a crafted mimeTeX expression and cause a denial of service or possibly execute arbitrary code. (CVE-2009-1382) Chris Evans discovered that mimeTeX contained certain directives that may be unsuitable for handling untrusted user input. This update fixed the issue by disabling the \input and \counter tags. (CVE-2009-2459) Solution: The problem can be corrected by upgrading your system to the following package versions: Ubuntu 8.04 LTS: mimetex 1.50-1ubuntu0.8.04.1 Ubuntu 8.10: mimetex 1.50-1ubuntu0.8.10.1 Ubuntu 9.04: mimetex 1.50-1ubuntu0.9.04.1 In general, a standard system upgrade is sufficient to effect the necessary changes. https://secure1.securityspace.com/smysecure/catid.html?in=USN-844-1 CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C |
Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2009-1382 Bugtraq: 20090713 [oCERT-2009-010] mimeTeX and mathTeX buffer overflows and commandinjection (Google Search) http://www.securityfocus.com/archive/1/504919/100/0/threaded http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039314.html http://groups.google.com/group/comp.text.tex/browse_thread/thread/5d56d3d744351578 http://scary.beasts.org/security/CESA-2009-009.html http://www.ocert.org/advisories/ocert-2009-010.html http://secunia.com/advisories/35752 http://secunia.com/advisories/35816 http://www.vupen.com/english/advisories/2009/1875 http://www.vupen.com/english/advisories/2010/0877 XForce ISS Database: mimetex-mimetex-bo(51794) https://exchange.xforce.ibmcloud.com/vulnerabilities/51794 Common Vulnerability Exposure (CVE) ID: CVE-2009-2459 |
Copyright | Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com |
This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |