Amazon Linux Local Security Checks : Amazon Linux: Security Advisory (ALAS-2013-210)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.120435

Categoría: Amazon Linux Local Security Checks

Título: Amazon Linux: Security Advisory (ALAS-2013-210)

Resumen: The remote host is missing an update for the 'curl' package(s) announced via the ALAS-2013-210 advisory.

Descripción: Summary:
The remote host is missing an update for the 'curl' package(s) announced via the ALAS-2013-210 advisory.

Vulnerability Insight:
The tailMatch function in cookie.c in cURL and libcurl before 7.30.0 does not properly match the path domain when sending cookies, which allows remote attackers to steal cookies via a matching suffix in the domain of a URL.

Affected Software/OS:
'curl' package(s) on Amazon Linux.

Solution:
Please install the updated package(s).

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:N

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2013-1944
http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html
BugTraq ID: 59058
http://www.securityfocus.com/bid/59058
Debian Security Information: DSA-2660 (Google Search)
http://www.debian.org/security/2012/dsa-2660
http://lists.fedoraproject.org/pipermail/package-announce/2013-April/102711.html
http://lists.fedoraproject.org/pipermail/package-announce/2013-April/102056.html
http://lists.fedoraproject.org/pipermail/package-announce/2013-May/104598.html
http://lists.fedoraproject.org/pipermail/package-announce/2013-May/104207.html
http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106606.html
http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105539.html
http://www.mandriva.com/security/advisories?name=MDVSA-2013:151
https://bugzilla.redhat.com/show_bug.cgi?id=950577
https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0121
http://www.osvdb.org/92316
RedHat Security Advisories: RHSA-2013:0771
http://rhn.redhat.com/errata/RHSA-2013-0771.html
http://secunia.com/advisories/53044
http://secunia.com/advisories/53051
http://secunia.com/advisories/53097
SuSE Security Announcement: openSUSE-SU-2013:0876 (Google Search)
http://lists.opensuse.org/opensuse-updates/2013-06/msg00013.html
SuSE Security Announcement: openSUSE-SU-2013:0879 (Google Search)
http://lists.opensuse.org/opensuse-updates/2013-06/msg00016.html
http://www.ubuntu.com/usn/USN-1801-1

Copyright Copyright (C) 2015 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.120435
Categoría:	Amazon Linux Local Security Checks
Título:	Amazon Linux: Security Advisory (ALAS-2013-210)
Resumen:	The remote host is missing an update for the 'curl' package(s) announced via the ALAS-2013-210 advisory.
Descripción:	Summary: The remote host is missing an update for the 'curl' package(s) announced via the ALAS-2013-210 advisory. Vulnerability Insight: The tailMatch function in cookie.c in cURL and libcurl before 7.30.0 does not properly match the path domain when sending cookies, which allows remote attackers to steal cookies via a matching suffix in the domain of a URL. Affected Software/OS: 'curl' package(s) on Amazon Linux. Solution: Please install the updated package(s). CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2013-1944 http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html BugTraq ID: 59058 http://www.securityfocus.com/bid/59058 Debian Security Information: DSA-2660 (Google Search) http://www.debian.org/security/2012/dsa-2660 http://lists.fedoraproject.org/pipermail/package-announce/2013-April/102711.html http://lists.fedoraproject.org/pipermail/package-announce/2013-April/102056.html http://lists.fedoraproject.org/pipermail/package-announce/2013-May/104598.html http://lists.fedoraproject.org/pipermail/package-announce/2013-May/104207.html http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106606.html http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105539.html http://www.mandriva.com/security/advisories?name=MDVSA-2013:151 https://bugzilla.redhat.com/show_bug.cgi?id=950577 https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0121 http://www.osvdb.org/92316 RedHat Security Advisories: RHSA-2013:0771 http://rhn.redhat.com/errata/RHSA-2013-0771.html http://secunia.com/advisories/53044 http://secunia.com/advisories/53051 http://secunia.com/advisories/53097 SuSE Security Announcement: openSUSE-SU-2013:0876 (Google Search) http://lists.opensuse.org/opensuse-updates/2013-06/msg00013.html SuSE Security Announcement: openSUSE-SU-2013:0879 (Google Search) http://lists.opensuse.org/opensuse-updates/2013-06/msg00016.html http://www.ubuntu.com/usn/USN-1801-1
Copyright	Copyright (C) 2015 Greenbone AG