Test Kennung:	1.3.6.1.4.1.25623.1.0.64693
Kategorie:	Mandrake Local Security Checks
Titel:	Mandrake Security Advisory MDVSA-2009:221 (libneon0.27)
Zusammenfassung:	The remote host is missing an update to libneon0.27;announced via advisory MDVSA-2009:221.
Beschreibung:	Summary: The remote host is missing an update to libneon0.27 announced via advisory MDVSA-2009:221. Vulnerability Insight: Multiple vulnerabilities has been found and corrected in libneon0.27: neon before 0.28.6, when expat is used, does not properly detect recursion during entity expansion, which allows context-dependent attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564 (CVE-2009-2473). neon before 0.28.6, when OpenSSL is used, does not properly handle a '\0' (NUL) character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408 (CVE-2009-2474). This update provides a solution to these vulnerabilities. Affected: 2008.1, 2009.0, 2009.1, Corporate 4.0, Enterprise Server 5.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2003-1564 http://www.reddit.com/r/programming/comments/65843/time_to_upgrade_libxml2 http://xmlsoft.org/news.html http://www.stylusstudio.com/xmldev/200302/post20020.html http://mail.gnome.org/archives/xml/2008-August/msg00034.html http://www.redhat.com/support/errata/RHSA-2008-0886.html http://secunia.com/advisories/31868 Common Vulnerability Exposure (CVE) ID: CVE-2009-2473 36371 http://secunia.com/advisories/36371 ADV-2009-2341 http://www.vupen.com/english/advisories/2009/2341 APPLE-SA-2010-11-10-1 http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html FEDORA-2009-8794 https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00924.html FEDORA-2009-8815 https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00945.html MDVSA-2009:221 http://www.mandriva.com/security/advisories?name=MDVSA-2009:221 RHSA-2013:0131 http://rhn.redhat.com/errata/RHSA-2013-0131.html SUSE-SR:2009:018 http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html [neon] 20090818 CVE-2009-2473: fix for "billion laughs" attack against expat http://lists.manyfish.co.uk/pipermail/neon/2009-August/001045.html [neon] 20090818 neon: release 0.28.6 (SECURITY) http://lists.manyfish.co.uk/pipermail/neon/2009-August/001044.html http://support.apple.com/kb/HT4435 neon-xml-dos(52633) https://exchange.xforce.ibmcloud.com/vulnerabilities/52633 oval:org.mitre.oval:def:9461 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9461 Common Vulnerability Exposure (CVE) ID: CVE-2009-2408 1021030 http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021030.1-1 1022632 http://www.securitytracker.com/id?1022632 36088 http://secunia.com/advisories/36088 36125 http://secunia.com/advisories/36125 36139 http://secunia.com/advisories/36139 36157 http://secunia.com/advisories/36157 36434 http://secunia.com/advisories/36434 36669 http://secunia.com/advisories/36669 37098 http://secunia.com/advisories/37098 56723 http://osvdb.org/56723 ADV-2009-2085 http://www.vupen.com/english/advisories/2009/2085 ADV-2009-3184 http://www.vupen.com/english/advisories/2009/3184 DSA-1874 http://www.debian.org/security/2009/dsa-1874 MDVSA-2009:197 http://www.mandriva.com/security/advisories?name=MDVSA-2009:197 MDVSA-2009:216 http://www.mandriva.com/security/advisories?name=MDVSA-2009:216 MDVSA-2009:217 http://www.mandriva.com/security/advisories?name=MDVSA-2009:217 RHSA-2009:1207 http://www.redhat.com/support/errata/RHSA-2009-1207.html RHSA-2009:1432 http://www.redhat.com/support/errata/RHSA-2009-1432.html SUSE-SA:2009:048 http://www.novell.com/linux/security/advisories/2009_48_firefox.html USN-810-1 http://www.ubuntu.com/usn/usn-810-1 USN-810-2 https://usn.ubuntu.com/810-2/ [oss-security] 20090903 More CVE-2009-2408 like issues http://marc.info/?l=oss-security&m=125198917018936&w=2 http://isc.sans.org/diary.html?storyid=7003 http://www.mozilla.org/security/announce/2009/mfsa2009-42.html http://www.openldap.org/devel/cvsweb.cgi/libraries/libldap/tls_m.c.diff?r1=1.8&r2=1.11&f=h http://www.wired.com/threatlevel/2009/07/kaminsky/ https://bugzilla.redhat.com/show_bug.cgi?id=510251 oval:org.mitre.oval:def:10751 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10751 oval:org.mitre.oval:def:8458 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8458 Common Vulnerability Exposure (CVE) ID: CVE-2009-2474 36079 http://www.securityfocus.com/bid/36079 36799 http://secunia.com/advisories/36799 USN-835-1 http://www.ubuntu.com/usn/usn-835-1 [neon] 20090818 CVE-2009-2474: fix handling of NUL in SSL cert subject names http://lists.manyfish.co.uk/pipermail/neon/2009-August/001046.html oval:org.mitre.oval:def:11721 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11721
Copyright	Copyright (C) 2009 E-Soft Inc.

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.