Búsqueda de    
Vulnerabilidad   
    Buscar 219043 Descripciones CVE y
99761 Descripciones de Pruebas,
accesos 10,000+ referencias cruzadas.
Pruebas   CVE   Todos  

ID de Prueba:1.3.6.1.4.1.25623.1.0.66715
Categoría:Mandrake Local Security Checks
Título:Mandriva Security Advisory MDVSA-2010:013 (transmission)
Resumen:NOSUMMARY
Descripción:Description:
The remote host is missing an update to transmission
announced via advisory MDVSA-2010:013.

Multiple vulnerabilities has been found and corrected in transmission:

Cross-site request forgery (CSRF) vulnerability in Transmission 1.5
before 1.53 and 1.6 before 1.61 allows remote attackers to hijack
the authentication of unspecified victims via unknown vectors
(CVE-2009-1757).

Directory traversal vulnerability in libtransmission/metainfo.c in
Transmission 1.22, 1.34, 1.75, and 1.76 allows remote attackers to
overwrite arbitrary files via a .. (dot dot) in a pathname within a
.torrent file (CVE-2010-0012).

The updated packages have been patched to correct these issues.

Affected: 2009.1

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

http://www.securityspace.com/smysecure/catid.html?in=MDVSA-2010:013

Risk factor : High

CVSS Score:
6.8

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2009-1757
http://www.openwall.com/lists/oss-security/2009/05/21/1
Common Vulnerability Exposure (CVE) ID: CVE-2010-0012
Debian Security Information: DSA-1967 (Google Search)
http://www.debian.org/security/2010/dsa-1967
http://www.mail-archive.com/debian-devel-changes@lists.debian.org/msg264483.html
http://www.openwall.com/lists/oss-security/2010/01/06/2
http://www.openwall.com/lists/oss-security/2010/01/06/4
http://secunia.com/advisories/37993
http://secunia.com/advisories/38005
SuSE Security Announcement: SUSE-SA:2010:008 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html
http://www.vupen.com/english/advisories/2010/0071
XForce ISS Database: transmission-name-directory-traversal(55454)
https://exchange.xforce.ibmcloud.com/vulnerabilities/55454
CopyrightCopyright (c) 2010 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.

Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.




© 1998-2024 E-Soft Inc. Todos los derechos reservados.