English | Deutsch | Español | Português
 Benutzerkennung:
 Passwort:
Registrieren
 About:   Dediziert  | Erweitert  | Standard  | Wiederkehrend  | Risikolos  | Desktop  | Basis  | Einmalig  | Sicherheits Siegel  | FAQ
  Preis/Funktionszusammenfassung  | Bestellen  | Neue Anfälligkeiten  | Vertraulichkeit  | Anfälligkeiten Suche
 Anfälligkeitssuche        Suche in 73247 CVE Beschreibungen
und 39212 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.0.902193
Kategorie:Windows : Microsoft Bulletins
Titel:Microsoft .NET Framework XML HMAC Truncation Vulnerability (981343)
Zusammenfassung:Check for the version of System.Security.dll file
Beschreibung:
Overview: This host is missing a critical security update according to
Microsoft Bulletin MS10-041.

Vulnerability Insight:
The issue is caused by an error in the XML Signature Syntax and Processing
(XMLDsig) implementation that rely on the 'HMACOutputLength' parameter to
determine the number of bytes of the signature to be verified.

Impact:
Successful exploitation will allow the attackers to forge an XML signature that
will be accepted as valid or to bypass security restrictions.

Impact Level: System/Application.

Affected Software/OS:
Microsoft .NET Framework 3.5/SP 1
Microsoft .NET Framework 1.1 SP 1
Microsoft .NET Framework 1.0 SP 3
Microsoft .NET Framework 2.0 SP 1/SP 2

Fix:
Run Windows Update and update the listed hotfixes or download and
update mentioned hotfixes in the advisory from the below link,
http://technet.microsoft.com/en-us/security/bulletin/MS10-041

References:
http://support.microsoft.com/kb/981343
http://www.vupen.com/english/advisories/2010/1398
http://technet.microsoft.com/en-us/security/bulletin/MS10-041
Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2009-0217
http://www.w3.org/QA/2009/07/hmac_truncation_in_xml_signatu.html
AIX APAR: PK80596
http://www-01.ibm.com/support/docview.wss?rs=180&context=SSEQTP&dc=D400&uid=swg24023545&loc=en_US&cs=UTF-8&lang=en&rss=ct180websphere
AIX APAR: PK80627
http://www-01.ibm.com/support/docview.wss?rs=180&context=SSEQTP&dc=D400&uid=swg24023723&loc=en_US&cs=UTF-8&lang=en&rss=ct180websphere
http://lists.apple.com/archives/security-announce/2009/Sep/msg00000.html
Debian Security Information: DSA-1995 (Google Search)
http://www.debian.org/security/2010/dsa-1995
https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00310.html
https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00325.html
https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00494.html
https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00505.html
HPdes Security Advisory: HPSBUX02476
http://marc.info/?l=bugtraq&m=125787273209737&w=2
HPdes Security Advisory: SSRT090250
http://www.mandriva.com/security/advisories?name=MDVSA-2009:209
Microsoft Security Bulletin: MS10-041
http://www.microsoft.com/technet/security/bulletin/ms10-041.mspx
RedHat Security Advisories: RHSA-2009:1200
https://rhn.redhat.com/errata/RHSA-2009-1200.html
RedHat Security Advisories: RHSA-2009:1201
https://rhn.redhat.com/errata/RHSA-2009-1201.html
RedHat Security Advisories: RHSA-2009:1428
https://rhn.redhat.com/errata/RHSA-2009-1428.html
RedHat Security Advisories: RHSA-2009:1636
https://rhn.redhat.com/errata/RHSA-2009-1636.html
RedHat Security Advisories: RHSA-2009:1637
https://rhn.redhat.com/errata/RHSA-2009-1637.html
RedHat Security Advisories: RHSA-2009:1649
https://rhn.redhat.com/errata/RHSA-2009-1649.html
RedHat Security Advisories: RHSA-2009:1650
https://rhn.redhat.com/errata/RHSA-2009-1650.html
http://www.redhat.com/support/errata/RHSA-2009-1694.html
http://sunsolve.sun.com/search/document.do?assetkey=1-66-263429-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-269208-1
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020710.1-1
SuSE Security Announcement: SUSE-SA:2009:053 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00002.html
SuSE Security Announcement: SUSE-SA:2010:017 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00005.html
http://www.ubuntulinux.org/support/documentation/usn/usn-826-1
http://www.ubuntu.com/usn/USN-903-1
Cert/CC Advisory: TA09-294A
http://www.us-cert.gov/cas/techalerts/TA09-294A.html
Cert/CC Advisory: TA10-159B
http://www.us-cert.gov/cas/techalerts/TA10-159B.html
CERT/CC vulnerability note: VU#466161
http://www.kb.cert.org/vuls/id/466161
BugTraq ID: 35671
http://www.securityfocus.com/bid/35671
http://osvdb.org/55895
http://osvdb.org/55907
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10186
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:7158
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:8717
http://www.securitytracker.com/id?1022561
http://www.securitytracker.com/id?1022567
http://www.securitytracker.com/id?1022661
http://secunia.com/advisories/35776
http://secunia.com/advisories/35853
http://secunia.com/advisories/35854
http://secunia.com/advisories/35855
http://secunia.com/advisories/35858
http://secunia.com/advisories/36162
http://secunia.com/advisories/36176
http://secunia.com/advisories/36180
http://secunia.com/advisories/35852
http://secunia.com/advisories/36494
http://secunia.com/advisories/37300
http://secunia.com/advisories/37671
http://secunia.com/advisories/37841
http://secunia.com/advisories/38567
http://secunia.com/advisories/38568
http://secunia.com/advisories/38695
http://secunia.com/advisories/38921
http://www.vupen.com/english/advisories/2009/1900
http://www.vupen.com/english/advisories/2009/1908
http://www.vupen.com/english/advisories/2009/1911
http://www.vupen.com/english/advisories/2009/1909
http://www.vupen.com/english/advisories/2009/2543
http://www.vupen.com/english/advisories/2009/3122
http://www.vupen.com/english/advisories/2010/0366
http://www.vupen.com/english/advisories/2010/0635
CopyrightCopyright (C) 2010 SecPod

Dies ist nur einer von 39212 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Registrierung eines neuen Benutzers
Email:
Benutzerkennung:
Passwort:
Bitte schicken Sie mir den monatlichen Newsletter, der mich über die neuesten Services, Verbesserungen und Umfragen informiert.
Bitte schicken Sie mir eine Anfälligkeitstest Benachrichtigung, wenn ein neuer Test hinzugefügt wird.
   Datenschutz
Anmeldung für registrierte Benutzer
 
Benutzerkennung:   
Passwort:  

 Benutzerkennung oder Passwort vergessen?
Email/Benutzerkennung:




Startseite | Über uns | Kontakt | Partnerprogramme | Datenschutz | Mailinglisten | Missbrauch
Sicherheits Überprüfungen | Verwaltete DNS | Netzwerk Überwachung | Webseiten Analysator | Internet Recherche Berichte
Web Sonde | Whois

© 1998-2014 E-Soft Inc. Alle Rechte vorbehalten.