Test Kennung:	1.3.6.1.4.1.25623.1.0.67289
Kategorie:	FreeBSD Local Security Checks
Titel:	FreeBSD Ports: irssi
Zusammenfassung:	The remote host is missing an update to the system; as announced in the referenced advisory.
Beschreibung:	Summary: The remote host is missing an update to the system as announced in the referenced advisory. Vulnerability Insight: The following packages are affected: irssi zh-irssi irssi-devel CVE-2010-1155 Irssi before 0.8.15, when SSL is used, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) field or a Subject Alternative Name field of the X.509 certificate, which allows man-in-the-middle attackers to spoof IRC servers via an arbitrary certificate. CVE-2010-1156 core/nicklist.c in Irssi before 0.8.15 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors related to an attempted fuzzy nick match at the instant that a victim leaves a channel. Solution: Update your system with the appropriate patches or software upgrades. CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2010-1155 39365 http://secunia.com/advisories/39365 39620 http://secunia.com/advisories/39620 39797 http://secunia.com/advisories/39797 ADV-2010-0856 http://www.vupen.com/english/advisories/2010/0856 ADV-2010-0987 http://www.vupen.com/english/advisories/2010/0987 ADV-2010-1107 http://www.vupen.com/english/advisories/2010/1107 ADV-2010-1110 http://www.vupen.com/english/advisories/2010/1110 FEDORA-2010-6629 http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041054.html SSA:2010-116-01 http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.497301 SUSE-SR:2010:011 http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html USN-929-1 http://www.ubuntu.com/usn/USN-929-1 [oss-security] 20100411 CVE request: irssi 0.8.15 http://marc.info/?l=oss-security&m=127098845125270&w=2 [oss-security] 20100412 Re: CVE request: irssi 0.8.15 http://marc.info/?l=oss-security&m=127110132019166&w=2 [oss-security] 20100413 Re: CVE request: irssi 0.8.15 http://marc.info/?l=oss-security&m=127116251220784&w=2 http://marc.info/?l=oss-security&m=127119240204394&w=2 http://github.com/ensc/irssi-proxy/commit/85bbc05b21678e80423815d2ef1dfe26208491ab http://irssi.org/news http://irssi.org/news/ChangeLog irssi-hostname-mitm(57790) https://exchange.xforce.ibmcloud.com/vulnerabilities/57790 Common Vulnerability Exposure (CVE) ID: CVE-2010-1156 1023845 http://securitytracker.com/id?1023845 http://marc.info/?l=oss-security&m=127111071631857&w=2 http://marc.info/?l=oss-security&m=127115784314970&w=2 http://svn.irssi.org/cgi-bin/viewvc.cgi/irssi/trunk/src/core/nicklist.c?root=irssi&r1=4922&r2=5126 irssi-unspecified-dos(57791) https://exchange.xforce.ibmcloud.com/vulnerabilities/57791
Copyright	Copyright (C) 2010 E-Soft Inc.

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.