English | Deutsch | Español | Português
 Benutzerkennung:
 Passwort:
Registrieren
 About:   Dediziert  | Erweitert  | Standard  | Wiederkehrend  | Risikolos  | Desktop  | Basis  | Einmalig  | Sicherheits Siegel  | FAQ
  Preis/Funktionszusammenfassung  | Bestellen  | Neue Anfälligkeiten  | Vertraulichkeit  | Anfälligkeiten Suche
 Anfälligkeitssuche        Suche in 114770 CVE Beschreibungen
und 58768 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.0.63506
Kategorie:Ubuntu Local Security Checks
Titel:Ubuntu USN-726-1 (curl)
Zusammenfassung:Ubuntu USN-726-1 (curl)
Beschreibung:Description:
The remote host is missing an update to curl
announced via advisory USN-726-1.

Details follow:

It was discovered that curl did not enforce any restrictions when following
URL redirects. If a user or automated system were tricked into opening a URL to
an untrusted server, an attacker could use redirects to gain access to abitrary
files. This update changes curl behavior to prevent following file URLs after
a redirect.

Solution:
The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
libcurl3 7.15.1-1ubuntu3.1
libcurl3-gnutls 7.15.1-1ubuntu3.1

Ubuntu 7.10:
libcurl3 7.16.4-2ubuntu1.1
libcurl3-gnutls 7.16.4-2ubuntu1.1

Ubuntu 8.04 LTS:
libcurl3 7.18.0-1ubuntu2.1
libcurl3-gnutls 7.18.0-1ubuntu2.1

Ubuntu 8.10:
libcurl3 7.18.2-1ubuntu4.1
libcurl3-gnutls 7.18.2-1ubuntu4.1

In general, a standard system upgrade is sufficient to effect the
necessary changes.

http://www.securityspace.com/smysecure/catid.html?in=USN-726-1

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2009-0037
Bugtraq: 20090312 rPSA-2009-0042-1 curl (Google Search)
http://www.securityfocus.com/archive/1/archive/1/501757/100/0/threaded
Bugtraq: 20090711 VMSA-2009-0009 ESX Service Console updates for udev, sudo, and curl (Google Search)
http://www.securityfocus.com/archive/1/archive/1/504849/100/0/threaded
http://lists.vmware.com/pipermail/security-announce/2009/000060.html
http://www.withdk.com/2009/03/03/curllibcurl-redirect-arbitrary-file-access/
http://www.withdk.com/archives/Libcurl_arbitrary_file_access.pdf
http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html
Debian Security Information: DSA-1738 (Google Search)
http://www.debian.org/security/2009/dsa-1738
http://security.gentoo.org/glsa/glsa-200903-21.xml
http://www.redhat.com/support/errata/RHSA-2009-0341.html
http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.476602
SuSE Security Announcement: SUSE-SR:2009:006 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00001.html
http://www.ubuntu.com/usn/USN-726-1
BugTraq ID: 33962
http://www.securityfocus.com/bid/33962
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11054
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6074
http://www.securitytracker.com/id?1021783
http://secunia.com/advisories/34138
http://secunia.com/advisories/34202
http://secunia.com/advisories/34255
http://secunia.com/advisories/34259
http://secunia.com/advisories/34237
http://secunia.com/advisories/34251
http://secunia.com/advisories/34399
http://secunia.com/advisories/35766
http://www.vupen.com/english/advisories/2009/0581
http://www.vupen.com/english/advisories/2009/1865
XForce ISS Database: curl-location-security-bypass(49030)
https://exchange.xforce.ibmcloud.com/vulnerabilities/49030
Common Vulnerability Exposure (CVE) ID: CVE-2008-5005
Bugtraq: 20081103 Bitsec Security Advisory: UW/Panda IMAP [dt]mail buffer overflow (Google Search)
http://www.securityfocus.com/archive/1/archive/1/498002/100/0/threaded
http://marc.info/?l=full-disclosure&m=122572590212610&w=4
http://mailman2.u.washington.edu/pipermail/imap-uw/2008-October/002267.html
http://mailman2.u.washington.edu/pipermail/imap-uw/2008-October/002268.html
http://www.openwall.com/lists/oss-security/2008/11/03/3
http://www.openwall.com/lists/oss-security/2008/11/03/4
http://www.openwall.com/lists/oss-security/2008/11/03/5
http://www.bitsec.com/en/rad/bsa-081103.c
http://www.bitsec.com/en/rad/bsa-081103.txt
http://www.washington.edu/alpine/tmailbug.html
Debian Security Information: DSA-1685 (Google Search)
http://www.debian.org/security/2008/dsa-1685
https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00058.html
https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00082.html
http://www.mandriva.com/security/advisories?name=MDVSA-2009:146
RedHat Security Advisories: RHSA-2009:0275
http://rhn.redhat.com/errata/RHSA-2009-0275.html
BugTraq ID: 32072
http://www.securityfocus.com/bid/32072
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10485
http://www.vupen.com/english/advisories/2008/3042
http://securitytracker.com/id?1021131
http://secunia.com/advisories/32483
http://secunia.com/advisories/32512
http://secunia.com/advisories/33142
http://secunia.com/advisories/33996
http://securityreason.com/securityalert/4570
XForce ISS Database: uwimapd-tmail-bo(46281)
https://exchange.xforce.ibmcloud.com/vulnerabilities/46281
Common Vulnerability Exposure (CVE) ID: CVE-2009-0365
Debian Security Information: DSA-1955 (Google Search)
http://www.debian.org/security/2009/dsa-1955
http://www.redhat.com/support/errata/RHSA-2009-0362.html
http://www.redhat.com/support/errata/RHSA-2009-0361.html
SuSE Security Announcement: SUSE-SA:2009:013 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00003.html
SuSE Security Announcement: SUSE-SR:2009:009 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00010.html
http://www.ubuntu.com/usn/USN-727-1
http://www.ubuntu.com/usn/USN-727-2
BugTraq ID: 33966
http://www.securityfocus.com/bid/33966
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10828
http://www.securitytracker.com/id?1021908
http://securitytracker.com/id?1021910
http://securitytracker.com/id?1021911
http://secunia.com/advisories/34177
http://secunia.com/advisories/34473
http://secunia.com/advisories/34067
XForce ISS Database: networkmanager-dbus-info-disclosure(49062)
https://exchange.xforce.ibmcloud.com/vulnerabilities/49062
Common Vulnerability Exposure (CVE) ID: CVE-2009-0619
Cisco Security Advisory: 20090304 Cisco 7600 Series Router Session Border Controller Denial of Service Vulnerability
http://www.cisco.com/en/US/products/products_security_advisory09186a0080a80faa.shtml
BugTraq ID: 33975
http://www.securityfocus.com/bid/33975
http://www.securitytracker.com/id?1021787
XForce ISS Database: cisco-sbc-dos(49055)
https://exchange.xforce.ibmcloud.com/vulnerabilities/49055
Common Vulnerability Exposure (CVE) ID: CVE-2009-0537
http://securityreason.com/achievement_securityalert/60
Bugtraq: 20090305 libc:fts_*():multiple vendors, Denial-of-service (Google Search)
http://www.securityfocus.com/archive/1/archive/1/501505/100/0/threaded
https://www.exploit-db.com/exploits/8163
BugTraq ID: 34008
http://www.securityfocus.com/bid/34008
http://www.securitytracker.com/id?1021818
Common Vulnerability Exposure (CVE) ID: CVE-2009-0775
Debian Security Information: DSA-1751 (Google Search)
http://www.debian.org/security/2009/dsa-1751
https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00769.html
https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00771.html
http://www.mandriva.com/security/advisories?name=MDVSA-2009:075
http://www.redhat.com/support/errata/RHSA-2009-0258.html
http://www.redhat.com/support/errata/RHSA-2009-0315.html
http://www.redhat.com/support/errata/RHSA-2009-0325.html
SuSE Security Announcement: SUSE-SA:2009:012 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00002.html
BugTraq ID: 33990
http://www.securityfocus.com/bid/33990
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5806
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5816
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6207
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7584
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9681
http://www.securitytracker.com/id?1021796
http://secunia.com/advisories/34145
http://secunia.com/advisories/34272
http://secunia.com/advisories/34383
http://secunia.com/advisories/34324
http://secunia.com/advisories/34417
http://secunia.com/advisories/34137
http://secunia.com/advisories/34140
http://www.vupen.com/english/advisories/2009/0632
Common Vulnerability Exposure (CVE) ID: CVE-2007-4850
http://securityreason.com/achievement_securityalert/51
Bugtraq: 20080122 PHP 5.2.5 cURL safe_mode bypass (Google Search)
http://www.securityfocus.com/archive/1/archive/1/486856/100/0/threaded
Bugtraq: 20080527 rPSA-2008-0178-1 php php-mysql php-pgsql (Google Search)
http://www.securityfocus.com/archive/1/archive/1/492671/100/0/threaded
http://lists.grok.org.uk/pipermail/full-disclosure/2008-January/059849.html
http://www.openwall.com/lists/oss-security/2008/05/02/2
http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html
http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html
http://www.mandriva.com/security/advisories?name=MDVSA-2009:022
http://www.mandriva.com/security/advisories?name=MDVSA-2009:023
http://www.ubuntu.com/usn/usn-628-1
BugTraq ID: 27413
http://www.securityfocus.com/bid/27413
BugTraq ID: 29009
http://www.securityfocus.com/bid/29009
BugTraq ID: 31681
http://www.securityfocus.com/bid/31681
http://www.vupen.com/english/advisories/2008/1412
http://www.vupen.com/english/advisories/2008/2268
http://www.vupen.com/english/advisories/2008/2780
http://secunia.com/advisories/30048
http://secunia.com/advisories/30411
http://secunia.com/advisories/31200
http://secunia.com/advisories/31326
http://secunia.com/advisories/32222
http://securityreason.com/securityalert/3562
XForce ISS Database: php-curlinit-security-bypass(39852)
https://exchange.xforce.ibmcloud.com/vulnerabilities/39852
XForce ISS Database: php-safemode-directive-security-bypass(42134)
https://exchange.xforce.ibmcloud.com/vulnerabilities/42134
Common Vulnerability Exposure (CVE) ID: CVE-2008-5557
Bugtraq: 20090302 rPSA-2009-0035-1 php php-cgi php-imap php-mcrypt php-mysql php-mysqli php-pgsql php-soap php-xsl php5 php5-cgi php5-imap php5-mcrypt php5-mysql php5-mysqli php5-pear php5-pgsql php5-soap php5-xsl (Google Search)
http://www.securityfocus.com/archive/1/archive/1/501376/100/0/threaded
http://archives.neohapsis.com/archives/fulldisclosure/2008-12/0477.html
http://lists.apple.com/archives/security-announce/2009/May/msg00002.html
Debian Security Information: DSA-1789 (Google Search)
http://www.debian.org/security/2009/dsa-1789
https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01451.html
https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01465.html
HPdes Security Advisory: HPSBUX02431
http://marc.info/?l=bugtraq&m=124654546101607&w=2
HPdes Security Advisory: SSRT090085
HPdes Security Advisory: HPSBUX02465
http://marc.info/?l=bugtraq&m=125631037611762&w=2
HPdes Security Advisory: SSRT090192
HPdes Security Advisory: HPSBMA02492
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02029444
HPdes Security Advisory: SSRT100079
http://www.mandriva.com/security/advisories?name=MDVSA-2009:045
http://www.redhat.com/support/errata/RHSA-2009-0350.html
SuSE Security Announcement: SUSE-SR:2009:004 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html
SuSE Security Announcement: SUSE-SR:2009:008 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html
Cert/CC Advisory: TA09-133A
http://www.us-cert.gov/cas/techalerts/TA09-133A.html
BugTraq ID: 32948
http://www.securityfocus.com/bid/32948
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10286
http://securitytracker.com/id?1021482
http://secunia.com/advisories/34642
http://secunia.com/advisories/35003
http://secunia.com/advisories/35074
http://secunia.com/advisories/35306
http://secunia.com/advisories/35650
http://www.vupen.com/english/advisories/2009/1297
XForce ISS Database: php-multibyte-bo(47525)
https://exchange.xforce.ibmcloud.com/vulnerabilities/47525
Common Vulnerability Exposure (CVE) ID: CVE-2009-0754
http://www.openwall.com/lists/oss-security/2009/01/30/1
http://www.openwall.com/lists/oss-security/2009/02/03/3
http://www.openwall.com/lists/oss-security/2009/02/25/3
http://www.ubuntulinux.org/support/documentation/usn/usn-761-1
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11035
http://www.securitytracker.com/id?1021979
http://secunia.com/advisories/34830
http://secunia.com/advisories/35007
Common Vulnerability Exposure (CVE) ID: CVE-2009-0544
http://www.openwall.com/lists/oss-security/2009/02/07/1
http://www.openwall.com/lists/oss-security/2009/02/12/5
http://www.gentoo.org/security/en/glsa/glsa-200903-11.xml
http://www.mandriva.com/security/advisories?name=MDVSA-2009:049
http://www.mandriva.com/security/advisories?name=MDVSA-2009:050
SuSE Security Announcement: SUSE-SR:2009:010 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html
BugTraq ID: 33674
http://www.securityfocus.com/bid/33674
http://secunia.com/advisories/34199
http://secunia.com/advisories/35065
XForce ISS Database: pycrypto-arc2module-bo(48617)
https://exchange.xforce.ibmcloud.com/vulnerabilities/48617
CopyrightCopyright (c) 2009 E-Soft Inc. http://www.securityspace.com

Dies ist nur einer von 58768 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Registrierung eines neuen Benutzers
Email:
Benutzerkennung:
Passwort:
Bitte schicken Sie mir den monatlichen Newsletter, der mich über die neuesten Services, Verbesserungen und Umfragen informiert.
Bitte schicken Sie mir eine Anfälligkeitstest Benachrichtigung, wenn ein neuer Test hinzugefügt wird.
   Datenschutz
Anmeldung für registrierte Benutzer
 
Benutzerkennung:   
Passwort:  

 Benutzerkennung oder Passwort vergessen?
Email/Benutzerkennung:




Startseite | Über uns | Kontakt | Partnerprogramme | Developer APIs | Datenschutz | Mailinglisten | Missbrauch
Sicherheits Überprüfungen | Verwaltete DNS | Netzwerk Überwachung | Webseiten Analysator | Internet Recherche Berichte
Web Sonde | Whois

© 1998-2017 E-Soft Inc. Alle Rechte vorbehalten.