ID de Prueba:	1.3.6.1.4.1.25623.1.0.67998
Categoría:	FreeBSD Local Security Checks
Título:	FreeBSD Ports: p5-libwww
Resumen:	The remote host is missing an update to the system; as announced in the referenced advisory.
Descripción:	Summary: The remote host is missing an update to the system as announced in the referenced advisory. Vulnerability Insight: The following package is affected: p5-libwww CVE-2010-2253 lwp-download in libwww-perl before 5.835 does not reject downloads to filenames that begin with a . (dot) character, which allows remote servers to create or overwrite files via (1) a 3xx redirect to a URL with a crafted filename or (2) a Content-Disposition header that suggests a crafted filename, and possibly execute arbitrary code as a consequence of writing to a dotfile in a home directory. Solution: Update your system with the appropriate patches or software upgrades. CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2010-2253 http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050232.html http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050245.html http://www.ocert.org/advisories/ocert-2010-001.html http://marc.info/?l=oss-security&m=127411372529485&w=2 http://marc.info/?l=oss-security&m=127611288927500&w=2 http://www.ubuntu.com/usn/USN-981-1 http://www.vupen.com/english/advisories/2010/2872
Copyright	Copyright (C) 2010 E-Soft Inc.

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.