Gentoo Local Security Checks : Gentoo Security Advisory GLSA 201210-01 (w3m)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.72517

Categoría: Gentoo Local Security Checks

Título: Gentoo Security Advisory GLSA 201210-01 (w3m)

Resumen: The remote host is missing updates announced in;advisory GLSA 201210-01.

Descripción: Summary:
The remote host is missing updates announced in
advisory GLSA 201210-01.

Vulnerability Insight:
An error in the hostname matching of w3m might enable remote
attackers to conduct man-in-the-middle attacks.

Solution:
All w3m users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose '>=www-client/w3m-0.5.2-r4'

CVSS Score:
6.8

CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2010-2074
1024252
http://www.securitytracker.com/id?1024252
40134
http://secunia.com/advisories/40134
40733
http://secunia.com/advisories/40733
40837
http://www.securityfocus.com/bid/40837
65538
http://osvdb.org/65538
ADV-2010-1467
http://www.vupen.com/english/advisories/2010/1467
ADV-2010-1879
http://www.vupen.com/english/advisories/2010/1879
ADV-2010-1928
http://www.vupen.com/english/advisories/2010/1928
FEDORA-2010-10369
http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044401.html
RHSA-2010:0565
http://www.redhat.com/support/errata/RHSA-2010-0565.html
SUSE-SR:2010:014
http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html
[oss-security] 20100614 CVE Request: w3m does not check null bytes CN/subjAltName
http://www.openwall.com/lists/oss-security/2010/06/14/4

Copyright Copyright (C) 2012 E-Soft Inc.

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.72517
Categoría:	Gentoo Local Security Checks
Título:	Gentoo Security Advisory GLSA 201210-01 (w3m)
Resumen:	The remote host is missing updates announced in;advisory GLSA 201210-01.
Descripción:	Summary: The remote host is missing updates announced in advisory GLSA 201210-01. Vulnerability Insight: An error in the hostname matching of w3m might enable remote attackers to conduct man-in-the-middle attacks. Solution: All w3m users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=www-client/w3m-0.5.2-r4' CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2010-2074 1024252 http://www.securitytracker.com/id?1024252 40134 http://secunia.com/advisories/40134 40733 http://secunia.com/advisories/40733 40837 http://www.securityfocus.com/bid/40837 65538 http://osvdb.org/65538 ADV-2010-1467 http://www.vupen.com/english/advisories/2010/1467 ADV-2010-1879 http://www.vupen.com/english/advisories/2010/1879 ADV-2010-1928 http://www.vupen.com/english/advisories/2010/1928 FEDORA-2010-10369 http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044401.html RHSA-2010:0565 http://www.redhat.com/support/errata/RHSA-2010-0565.html SUSE-SR:2010:014 http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html [oss-security] 20100614 CVE Request: w3m does not check null bytes CN/subjAltName http://www.openwall.com/lists/oss-security/2010/06/14/4
Copyright	Copyright (C) 2012 E-Soft Inc.