Test Kennung:	1.3.6.1.4.1.25623.1.0.55953
Kategorie:	Mandrake Local Security Checks
Titel:	Mandrake Security Advisory MDKSA-2005:224 (curl)
Zusammenfassung:	NOSUMMARY
Beschreibung:	Description: The remote host is missing an update to curl announced via advisory MDKSA-2005:224. Stefan Esser discovered that libcurl's URL parser function can have a malloced buffer overflows in two ways if given a too long URL. It cannot be triggered by a redirect, which makes remote exploitation unlikely, but can be passed directly to libcurl (allowing for local exploitation) and could also be used to break out of PHP's safe_mode/ open_basedir. This vulnerability only exists in libcurl and curl 7.11.2 up to and including 7.15.0, which means that Corporate Server 2.1 and Corporate 3.0 are not vulnerable. The updated packages have been patched to correct the problem. As well, updated php-curl packages are available that provide a new curl PHP module compiled against the fixed code. Affected: 10.1, 10.2, 2006.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. http://www.securityspace.com/smysecure/catid.html?in=MDKSA-2005:224 http://www.dyadsecurity.com/perl-0002.html http://curl.haxx.se/docs/adv_20051207.html Risk factor : Medium CVSS Score: 4.6
Querverweis:	BugTraq ID: 17951 BugTraq ID: 15756 Common Vulnerability Exposure (CVE) ID: CVE-2005-4077 http://lists.apple.com/archives/security-announce/2006/May/msg00003.html http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html http://www.securityfocus.com/bid/15756 http://www.securityfocus.com/bid/17951 Bugtraq: 20051207 Advisory 24/2005: libcurl URL parsing vulnerability (Google Search) http://www.securityfocus.com/archive/1/418849/100/0/threaded Cert/CC Advisory: TA06-132A http://www.us-cert.gov/cas/techalerts/TA06-132A.html Debian Security Information: DSA-919 (Google Search) http://www.debian.org/security/2005/dsa-919 http://www.redhat.com/archives/fedora-announce-list/2005-December/msg00020.html http://www.gentoo.org/security/en/glsa/glsa-200512-09.xml http://www.gentoo.org/security/en/glsa/glsa-200603-25.xml http://www.mandriva.com/security/advisories?name=MDKSA-2005:224 http://qa.openoffice.org/issues/show_bug.cgi?id=59032 http://www.hardened-php.net/advisory_242005.109.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10855 http://www.redhat.com/support/errata/RHSA-2005-875.html SCO Security Bulletin: SCOSA-2006.16 ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.16/SCOSA-2006.16.txt http://secunia.com/advisories/17907 http://secunia.com/advisories/17960 http://secunia.com/advisories/17961 http://secunia.com/advisories/17965 http://secunia.com/advisories/17977 http://secunia.com/advisories/18105 http://secunia.com/advisories/18188 http://secunia.com/advisories/18336 http://secunia.com/advisories/19261 http://secunia.com/advisories/19433 http://secunia.com/advisories/19457 http://secunia.com/advisories/20077 http://www.trustix.org/errata/2005/0072/ https://usn.ubuntu.com/228-1/ http://www.vupen.com/english/advisories/2005/2791 http://www.vupen.com/english/advisories/2006/0960 http://www.vupen.com/english/advisories/2006/1779 http://www.vupen.com/english/advisories/2008/0924/references
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.