Family: Mandrake Local Security Checks --> Category: infos
MDKSA-2006:112: gd Vulnerability Scan
Vulnerability Scan Summary
Check for the version of the gd package
Detailed Explanation for this Vulnerability Test
The remote host is missing the patch for the advisory MDKSA-2006:112 (gd).
The LZW decoding in the gdImageCreateFromGifPtr function in the Thomas
Boutell graphics draw (GD) library (aka libgd) 2.0.33 allows remote
attackers to cause a denial of service (CPU consumption) via malformed
GIF data that causes an infinite loop.
gd-2.0.15 in Corporate 3.0 is not affected by this issue.
Packages have been patched to correct this issue.
Solution : http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:112
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.