ID de Prueba:	1.3.6.1.4.1.25623.1.0.64675
Categoría:	Mandrake Local Security Checks
Título:	Mandrake Security Advisory MDVSA-2009:203 (curl)
Resumen:	The remote host is missing an update to curl;announced via advisory MDVSA-2009:203.
Descripción:	Summary: The remote host is missing an update to curl announced via advisory MDVSA-2009:203. Vulnerability Insight: A vulnerability has been found and corrected in curl: lib/ssluse.c in cURL and libcurl 7.4 through 7.19.5, when OpenSSL is used, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408 (CVE-2009-2417). This update provides a solution to this vulnerability. Affected: 2008.1, 2009.0, Corporate 3.0, Corporate 4.0, Enterprise Server 5.0, Multi Network Firewall 2.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2009-2408 1021030 http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021030.1-1 1022632 http://www.securitytracker.com/id?1022632 36088 http://secunia.com/advisories/36088 36125 http://secunia.com/advisories/36125 36139 http://secunia.com/advisories/36139 36157 http://secunia.com/advisories/36157 36434 http://secunia.com/advisories/36434 36669 http://secunia.com/advisories/36669 37098 http://secunia.com/advisories/37098 56723 http://osvdb.org/56723 ADV-2009-2085 http://www.vupen.com/english/advisories/2009/2085 ADV-2009-3184 http://www.vupen.com/english/advisories/2009/3184 DSA-1874 http://www.debian.org/security/2009/dsa-1874 MDVSA-2009:197 http://www.mandriva.com/security/advisories?name=MDVSA-2009:197 MDVSA-2009:216 http://www.mandriva.com/security/advisories?name=MDVSA-2009:216 MDVSA-2009:217 http://www.mandriva.com/security/advisories?name=MDVSA-2009:217 RHSA-2009:1207 http://www.redhat.com/support/errata/RHSA-2009-1207.html RHSA-2009:1432 http://www.redhat.com/support/errata/RHSA-2009-1432.html SUSE-SA:2009:048 http://www.novell.com/linux/security/advisories/2009_48_firefox.html SUSE-SR:2009:018 http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html USN-810-1 http://www.ubuntu.com/usn/usn-810-1 USN-810-2 https://usn.ubuntu.com/810-2/ [oss-security] 20090903 More CVE-2009-2408 like issues http://marc.info/?l=oss-security&m=125198917018936&w=2 http://isc.sans.org/diary.html?storyid=7003 http://www.mozilla.org/security/announce/2009/mfsa2009-42.html http://www.openldap.org/devel/cvsweb.cgi/libraries/libldap/tls_m.c.diff?r1=1.8&r2=1.11&f=h http://www.wired.com/threatlevel/2009/07/kaminsky/ https://bugzilla.redhat.com/show_bug.cgi?id=510251 oval:org.mitre.oval:def:10751 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10751 oval:org.mitre.oval:def:8458 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8458 Common Vulnerability Exposure (CVE) ID: CVE-2009-2417 20090824 rPSA-2009-0124-1 curl http://www.securityfocus.com/archive/1/506055/100/0/threaded 20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components http://www.securityfocus.com/archive/1/507985/100/0/threaded 36032 http://www.securityfocus.com/bid/36032 36238 http://secunia.com/advisories/36238 36475 http://secunia.com/advisories/36475 37471 http://secunia.com/advisories/37471 45047 http://secunia.com/advisories/45047 ADV-2009-2263 http://www.vupen.com/english/advisories/2009/2263 ADV-2009-3316 http://www.vupen.com/english/advisories/2009/3316 APPLE-SA-2010-03-29-1 http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html USN-1158-1 http://www.ubuntu.com/usn/USN-1158-1 curl-certificate-security-bypass(52405) https://exchange.xforce.ibmcloud.com/vulnerabilities/52405 http://curl.haxx.se/CVE-2009-2417/curl-7.10.6-CVE-2009-2417.patch http://curl.haxx.se/CVE-2009-2417/curl-7.11.0-CVE-2009-2417.patch http://curl.haxx.se/CVE-2009-2417/curl-7.12.1-CVE-2009-2417.patch http://curl.haxx.se/CVE-2009-2417/curl-7.15.1-CVE-2009-2417.patch http://curl.haxx.se/CVE-2009-2417/curl-7.15.5-CVE-2009-2417.patch http://curl.haxx.se/CVE-2009-2417/curl-7.16.4-CVE-2009-2417.patch http://curl.haxx.se/CVE-2009-2417/curl-7.18.1-CVE-2009-2417.patch http://curl.haxx.se/CVE-2009-2417/curl-7.19.0-CVE-2009-2417.patch http://curl.haxx.se/CVE-2009-2417/curl-7.19.5-CVE-2009-2417.patch http://curl.haxx.se/docs/adv_20090812.txt http://shibboleth.internet2.edu/secadv/secadv_20090817.txt http://support.apple.com/kb/HT4077 http://wiki.rpath.com/Advisories:rPSA-2009-0124 http://www.vmware.com/security/advisories/VMSA-2009-0016.html oval:org.mitre.oval:def:10114 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10114 oval:org.mitre.oval:def:8542 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8542
Copyright	Copyright (C) 2009 E-Soft Inc.

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.