Test Kennung:	1.3.6.1.4.1.25623.1.0.71580
Kategorie:	Gentoo Local Security Checks
Titel:	Gentoo Security Advisory GLSA 201206-13 (mono mono-debugger)
Zusammenfassung:	The remote host is missing updates announced in;advisory GLSA 201206-13.
Beschreibung:	Summary: The remote host is missing updates announced in advisory GLSA 201206-13. Vulnerability Insight: Multiple vulnerabilities were found in Mono, the worst of which allowing for the remote execution of arbitrary code. Solution: All Mono debugger users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=dev-util/mono-debugger-2.8.1-r1' All Mono users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=dev-lang/mono-2.10.2-r1' CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2009-0217 AIX APAR: PK80596 http://www-01.ibm.com/support/docview.wss?rs=180&context=SSEQTP&dc=D400&uid=swg24023545&loc=en_US&cs=UTF-8&lang=en&rss=ct180websphere AIX APAR: PK80627 http://www-01.ibm.com/support/docview.wss?rs=180&context=SSEQTP&dc=D400&uid=swg24023723&loc=en_US&cs=UTF-8&lang=en&rss=ct180websphere http://lists.apple.com/archives/security-announce/2009/Sep/msg00000.html BugTraq ID: 35671 http://www.securityfocus.com/bid/35671 Cert/CC Advisory: TA09-294A http://www.us-cert.gov/cas/techalerts/TA09-294A.html Cert/CC Advisory: TA10-159B http://www.us-cert.gov/cas/techalerts/TA10-159B.html CERT/CC vulnerability note: VU#466161 http://www.kb.cert.org/vuls/id/466161 Debian Security Information: DSA-1995 (Google Search) http://www.debian.org/security/2010/dsa-1995 https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00310.html https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00325.html https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00494.html https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00505.html http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml HPdes Security Advisory: HPSBUX02476 http://marc.info/?l=bugtraq&m=125787273209737&w=2 HPdes Security Advisory: SSRT090250 http://www.mandriva.com/security/advisories?name=MDVSA-2009:209 http://www.w3.org/QA/2009/07/hmac_truncation_in_xml_signatu.html Microsoft Security Bulletin: MS10-041 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-041 http://osvdb.org/55895 http://osvdb.org/55907 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10186 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7158 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8717 RedHat Security Advisories: RHSA-2009:1200 https://rhn.redhat.com/errata/RHSA-2009-1200.html RedHat Security Advisories: RHSA-2009:1201 https://rhn.redhat.com/errata/RHSA-2009-1201.html RedHat Security Advisories: RHSA-2009:1428 https://rhn.redhat.com/errata/RHSA-2009-1428.html RedHat Security Advisories: RHSA-2009:1636 https://rhn.redhat.com/errata/RHSA-2009-1636.html RedHat Security Advisories: RHSA-2009:1637 https://rhn.redhat.com/errata/RHSA-2009-1637.html RedHat Security Advisories: RHSA-2009:1649 https://rhn.redhat.com/errata/RHSA-2009-1649.html RedHat Security Advisories: RHSA-2009:1650 https://rhn.redhat.com/errata/RHSA-2009-1650.html http://www.redhat.com/support/errata/RHSA-2009-1694.html http://www.securitytracker.com/id?1022561 http://www.securitytracker.com/id?1022567 http://www.securitytracker.com/id?1022661 http://secunia.com/advisories/34461 http://secunia.com/advisories/35776 http://secunia.com/advisories/35852 http://secunia.com/advisories/35853 http://secunia.com/advisories/35854 http://secunia.com/advisories/35855 http://secunia.com/advisories/35858 http://secunia.com/advisories/36162 http://secunia.com/advisories/36176 http://secunia.com/advisories/36180 http://secunia.com/advisories/36494 http://secunia.com/advisories/37300 http://secunia.com/advisories/37671 http://secunia.com/advisories/37841 http://secunia.com/advisories/38567 http://secunia.com/advisories/38568 http://secunia.com/advisories/38695 http://secunia.com/advisories/38921 http://secunia.com/advisories/41818 http://secunia.com/advisories/60799 http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020710.1-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-263429-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-269208-1 SuSE Security Announcement: SUSE-SA:2009:053 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00002.html SuSE Security Announcement: SUSE-SA:2010:017 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00005.html https://usn.ubuntu.com/826-1/ http://www.ubuntu.com/usn/USN-903-1 http://www.vupen.com/english/advisories/2009/1900 http://www.vupen.com/english/advisories/2009/1908 http://www.vupen.com/english/advisories/2009/1909 http://www.vupen.com/english/advisories/2009/1911 http://www.vupen.com/english/advisories/2009/2543 http://www.vupen.com/english/advisories/2009/3122 http://www.vupen.com/english/advisories/2010/0366 http://www.vupen.com/english/advisories/2010/0635 Common Vulnerability Exposure (CVE) ID: CVE-2010-3332 BugTraq ID: 43316 http://www.securityfocus.com/bid/43316 http://isc.sans.edu/diary.html?storyid=9568 http://pentonizer.com/general-programming/aspnet-poet-vulnerability-what-else-can-i-do/ http://threatpost.com/en_us/blogs/new-crypto-attack-affects-millions-aspnet-apps-091310 http://twitter.com/thaidn/statuses/24832350146 http://www.dotnetnuke.com/Community/Blogs/tabid/825/EntryId/2799/Oracle-Padding-Vulnerability-in-ASP-NET.aspx http://www.ekoparty.org/juliano-rizzo-2010.php http://www.theinquirer.net/inquirer/news/1732956/security-researchers-destroy-microsoft-aspnet-security http://www.troyhunt.com/2010/09/fear-uncertainty-and-and-padding-oracle.html Microsoft Security Bulletin: MS10-070 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-070 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12365 http://securitytracker.com/id?1024459 http://secunia.com/advisories/41409 http://www.vupen.com/english/advisories/2010/2429 http://www.vupen.com/english/advisories/2010/2751 XForce ISS Database: ms-aspdotnet-padding-info-disclosure(61898) https://exchange.xforce.ibmcloud.com/vulnerabilities/61898 Common Vulnerability Exposure (CVE) ID: CVE-2010-3369 http://secunia.com/advisories/42348 Common Vulnerability Exposure (CVE) ID: CVE-2010-4159 42174 http://secunia.com/advisories/42174 44810 http://www.securityfocus.com/bid/44810 ADV-2010-3059 http://www.vupen.com/english/advisories/2010/3059 MDVSA-2010:240 http://www.mandriva.com/security/advisories?name=MDVSA-2010:240 [mono-patches] 20101012 [mono/mono] d3985be4: Search for dllimported shared libs in the base directory, not cwd. http://lists.ximian.com/pipermail/mono-patches/2010-October/177900.html [oss-security] 20101110 CVE request: mono loading shared libs from cwd http://marc.info/?l=oss-security&m=128939873515821&w=2 [oss-security] 20101110 Re: CVE request: mono loading shared libs from cwd http://marc.info/?l=oss-security&m=128939912716499&w=2 http://marc.info/?l=oss-security&m=128941802415318&w=2 http://www.mono-project.com/Vulnerabilities#Mono_Runtime_Insecure_Native_Library_Loading https://bugzilla.novell.com/show_bug.cgi?id=641915 https://github.com/mono/mono/commit/8e890a3bf80a4620e417814dc14886b1bbd17625 Common Vulnerability Exposure (CVE) ID: CVE-2010-4225 BugTraq ID: 45711 http://www.securityfocus.com/bid/45711 http://osvdb.org/70312 http://secunia.com/advisories/42842 http://www.vupen.com/english/advisories/2011/0051 XForce ISS Database: mono-modmono-source-disclosure(64532) https://exchange.xforce.ibmcloud.com/vulnerabilities/64532 Common Vulnerability Exposure (CVE) ID: CVE-2010-4254 15974 http://www.exploit-db.com/exploits/15974 42373 http://secunia.com/advisories/42373 42877 http://secunia.com/advisories/42877 45051 http://www.securityfocus.com/bid/45051 ADV-2011-0076 http://www.vupen.com/english/advisories/2011/0076 SUSE-SR:2010:024 http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html SUSE-SR:2011:001 http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00003.html http://www.mono-project.com/Vulnerabilities#Moonlight_Generic_Constraints_Bypass_Vulnerability https://bugzilla.novell.com/show_bug.cgi?id=654136 https://bugzilla.novell.com/show_bug.cgi?id=655847 https://github.com/mono/mono/commit/4905ef1130feb26c3150b28b97e4a96752e0d399 https://github.com/mono/mono/commit/65292a69c837b8a5f7a392d34db63de592153358 https://github.com/mono/mono/commit/cf1ec146f7c6acdc6697032b3aaafc68ffacdcac Common Vulnerability Exposure (CVE) ID: CVE-2011-0989 BugTraq ID: 47208 http://www.securityfocus.com/bid/47208 http://lists.opensuse.org/opensuse-updates/2011-04/msg00024.html http://openwall.com/lists/oss-security/2011/04/06/14 http://secunia.com/advisories/44002 http://secunia.com/advisories/44076 http://www.vupen.com/english/advisories/2011/0904 XForce ISS Database: momo-runtime-security-bypass(66624) https://exchange.xforce.ibmcloud.com/vulnerabilities/66624 Common Vulnerability Exposure (CVE) ID: CVE-2011-0990 XForce ISS Database: momo-arraycopy-security-bypass(66625) https://exchange.xforce.ibmcloud.com/vulnerabilities/66625 Common Vulnerability Exposure (CVE) ID: CVE-2011-0991 XForce ISS Database: momo-dynamicmethod-code-execution(66626) https://exchange.xforce.ibmcloud.com/vulnerabilities/66626 Common Vulnerability Exposure (CVE) ID: CVE-2011-0992 XForce ISS Database: momo-monothread-info-disclosure(66627) https://exchange.xforce.ibmcloud.com/vulnerabilities/66627
Copyright	Copyright (C) 2012 E-Soft Inc.

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.