Red Hat Local Security Checks : RedHat Security Advisory RHSA-2011:0918

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.69801

Categoría: Red Hat Local Security Checks

Título: RedHat Security Advisory RHSA-2011:0918

Resumen: NOSUMMARY

Descripción: Description:
The remote host is missing updates announced in
advisory RHSA-2011:0918.

cURL provides the libcurl library and a command line tool for downloading
files from servers using various protocols, including HTTP, FTP, and LDAP.

It was found that cURL always performed credential delegation when
authenticating with GSSAPI. A rogue server could use this flaw to obtain
the client's credentials and impersonate that client to other servers that
are using GSSAPI. (CVE-2011-2192)

Users of curl should upgrade to these updated packages, which contain a
backported patch to correct this issue. All running applications using
libcurl must be restarted for the update to take effect.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2011-0918.html
http://curl.haxx.se/docs/adv_20110623.html

Risk factor : Medium

CVSS Score:
4.3

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2011-2192
1025713
http://www.securitytracker.com/id?1025713
45047
http://secunia.com/advisories/45047
45067
http://secunia.com/advisories/45067
45088
http://secunia.com/advisories/45088
45144
http://secunia.com/advisories/45144
45181
http://secunia.com/advisories/45181
48256
http://secunia.com/advisories/48256
APPLE-SA-2012-02-01-1
http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html
DSA-2271
http://www.debian.org/security/2011/dsa-2271
FEDORA-2011-8586
http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061992.html
FEDORA-2011-8640
http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062287.html
GLSA-201203-02
http://security.gentoo.org/glsa/glsa-201203-02.xml
MDVSA-2011:116
http://www.mandriva.com/security/advisories?name=MDVSA-2011:116
RHSA-2011:0918
http://www.redhat.com/support/errata/RHSA-2011-0918.html
USN-1158-1
http://www.ubuntu.com/usn/USN-1158-1
http://curl.haxx.se/curl-gssapi-delegation.patch
http://curl.haxx.se/docs/adv_20110623.html
http://support.apple.com/kb/HT5130
https://bugzilla.redhat.com/show_bug.cgi?id=711454

Copyright Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.69801
Categoría:	Red Hat Local Security Checks
Título:	RedHat Security Advisory RHSA-2011:0918
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory RHSA-2011:0918. cURL provides the libcurl library and a command line tool for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. It was found that cURL always performed credential delegation when authenticating with GSSAPI. A rogue server could use this flaw to obtain the client's credentials and impersonate that client to other servers that are using GSSAPI. (CVE-2011-2192) Users of curl should upgrade to these updated packages, which contain a backported patch to correct this issue. All running applications using libcurl must be restarted for the update to take effect. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2011-0918.html http://curl.haxx.se/docs/adv_20110623.html Risk factor : Medium CVSS Score: 4.3
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2011-2192 1025713 http://www.securitytracker.com/id?1025713 45047 http://secunia.com/advisories/45047 45067 http://secunia.com/advisories/45067 45088 http://secunia.com/advisories/45088 45144 http://secunia.com/advisories/45144 45181 http://secunia.com/advisories/45181 48256 http://secunia.com/advisories/48256 APPLE-SA-2012-02-01-1 http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html DSA-2271 http://www.debian.org/security/2011/dsa-2271 FEDORA-2011-8586 http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061992.html FEDORA-2011-8640 http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062287.html GLSA-201203-02 http://security.gentoo.org/glsa/glsa-201203-02.xml MDVSA-2011:116 http://www.mandriva.com/security/advisories?name=MDVSA-2011:116 RHSA-2011:0918 http://www.redhat.com/support/errata/RHSA-2011-0918.html USN-1158-1 http://www.ubuntu.com/usn/USN-1158-1 http://curl.haxx.se/curl-gssapi-delegation.patch http://curl.haxx.se/docs/adv_20110623.html http://support.apple.com/kb/HT5130 https://bugzilla.redhat.com/show_bug.cgi?id=711454
Copyright	Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com