English | Deutsch | Español
 
Inicial ▼
Página inicial Acerca Nuestro Contáctenos Privacidad Programas de Asociados Testimonios En la Prensa Listas de Correos Abuso Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
 
Auditorias ▼
Inicial Dedicada Avanzada Estándar Periódica Sin Riesgo Escritorio Básica Sello FAQ Resumen de Precio/Funciones Ordenar Nuevas Pruebas Todas las Pruebas Confidencialidad Búsqueda de Vulnerabilidad Ejecutar Auditoría Programador IP Permissions Auditorías Personalizadas Cola Recordatorio Sellos Informes Estilos de Informes
DNS
Administrado ▼
Acerca de DNS Ordenar/Renovar Preguntas Frecuentes AUP Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password
Monitoreo
de Redes ▼
Enterprise Avanzado Estándarr Prueba Preguntas Frecuentes Resumen de Precio/Funciones Ordenar Muestras
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Iniciar sesión/Registrarse 
 
 Búsqueda de    
Vulnerabilidad   		     Buscar 324607 Descripciones CVE y
145615 Descripciones de Pruebas,
accesos 10,000+ referencias cruzadas.
Pruebas   CVE   Todos  

ID de Prueba:1.3.6.1.4.1.25623.1.0.831573
Categoría:Mandrake Local Security Checks
Título:Mandriva Update for curl MDVSA-2012:058 (curl)
Resumen:The remote host is missing an update for the 'curl'; package(s) announced via the referenced advisory.
Descripción:Summary:
The remote host is missing an update for the 'curl'
package(s) announced via the referenced advisory.

Vulnerability Insight:
Multiple vulnerabilities has been found and corrected in curl:

curl is vulnerable to a SSL CBC IV vulnerability when built to use
OpenSSL for the SSL/TLS layer. A work-around has been added to mitigate
the problem (CVE-2011-3389).

curl is vulnerable to a data injection attack for certain protocols
through control characters embedded or percent-encoded in URLs
(CVE-2012-0036).

The updated packages have been patched to correct these issues.

Affected Software/OS:
curl on Mandriva Linux 2011.0,
Mandriva Linux 2010.1

Solution:
Please Install the Updated Packages.

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2011-3389
http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html
http://lists.apple.com/archives/Security-announce/2011//Oct/msg00002.html
http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html
http://lists.apple.com/archives/security-announce/2012/May/msg00001.html
http://lists.apple.com/archives/security-announce/2012/Jul/msg00001.html
http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html
http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html
BugTraq ID: 49388
http://www.securityfocus.com/bid/49388
BugTraq ID: 49778
http://www.securityfocus.com/bid/49778
Cert/CC Advisory: TA12-010A
http://www.us-cert.gov/cas/techalerts/TA12-010A.html
CERT/CC vulnerability note: VU#864643
http://www.kb.cert.org/vuls/id/864643
Debian Security Information: DSA-2398 (Google Search)
http://www.debian.org/security/2012/dsa-2398
http://security.gentoo.org/glsa/glsa-201203-02.xml
http://security.gentoo.org/glsa/glsa-201406-32.xml
HPdes Security Advisory: HPSBMU02742
http://marc.info/?l=bugtraq&m=132872385320240&w=2
HPdes Security Advisory: HPSBMU02797
http://marc.info/?l=bugtraq&m=134254957702612&w=2
HPdes Security Advisory: HPSBMU02799
http://marc.info/?l=bugtraq&m=134254866602253&w=2
HPdes Security Advisory: HPSBMU02900
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862
HPdes Security Advisory: HPSBUX02730
http://marc.info/?l=bugtraq&m=132750579901589&w=2
HPdes Security Advisory: HPSBUX02760
http://marc.info/?l=bugtraq&m=133365109612558&w=2
HPdes Security Advisory: HPSBUX02777
http://marc.info/?l=bugtraq&m=133728004526190&w=2
HPdes Security Advisory: SSRT100710
HPdes Security Advisory: SSRT100740
HPdes Security Advisory: SSRT100805
HPdes Security Advisory: SSRT100854
HPdes Security Advisory: SSRT100867
http://www.mandriva.com/security/advisories?name=MDVSA-2012:058
http://ekoparty.org/2011/juliano-rizzo.php
http://eprint.iacr.org/2004/111
http://eprint.iacr.org/2006/136
http://isc.sans.edu/diary/SSL+TLS+part+3+/11635
http://vnhacker.blogspot.com/2011/09/beast.html
http://www.educatedguesswork.org/2011/09/security_impact_of_the_rizzodu.html
http://www.insecure.cl/Beast-SSL.rar
https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02
Microsoft Security Bulletin: MS12-006
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-006
http://osvdb.org/74829
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14752
http://www.redhat.com/support/errata/RHSA-2011-1384.html
http://www.redhat.com/support/errata/RHSA-2012-0006.html
RedHat Security Advisories: RHSA-2012:0508
http://rhn.redhat.com/errata/RHSA-2012-0508.html
RedHat Security Advisories: RHSA-2013:1455
http://rhn.redhat.com/errata/RHSA-2013-1455.html
http://www.securitytracker.com/id?1025997
http://www.securitytracker.com/id?1026103
http://www.securitytracker.com/id?1026704
http://www.securitytracker.com/id/1029190
http://secunia.com/advisories/45791
http://secunia.com/advisories/47998
http://secunia.com/advisories/48256
http://secunia.com/advisories/48692
http://secunia.com/advisories/48915
http://secunia.com/advisories/48948
http://secunia.com/advisories/49198
http://secunia.com/advisories/55322
http://secunia.com/advisories/55350
http://secunia.com/advisories/55351
SuSE Security Announcement: SUSE-SU-2012:0114 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00049.html
SuSE Security Announcement: SUSE-SU-2012:0122 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00051.html
SuSE Security Announcement: SUSE-SU-2012:0602 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00009.html
SuSE Security Announcement: openSUSE-SU-2012:0030 (Google Search)
https://hermes.opensuse.org/messages/13154861
SuSE Security Announcement: openSUSE-SU-2012:0063 (Google Search)
https://hermes.opensuse.org/messages/13155432
SuSE Security Announcement: openSUSE-SU-2020:0086 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html
http://www.ubuntu.com/usn/USN-1263-1
Common Vulnerability Exposure (CVE) ID: CVE-2012-0036
1032924
http://www.securitytracker.com/id/1032924
48256
51665
http://www.securityfocus.com/bid/51665
APPLE-SA-2012-05-09-1
DSA-2398
GLSA-201203-02
HPSBMU02786
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041
MDVSA-2012:058
SSRT100877
http://curl.haxx.se/curl-url-sanitize.patch
http://curl.haxx.se/docs/adv_20120124.html
http://support.apple.com/kb/HT5281
http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
https://bugzilla.redhat.com/show_bug.cgi?id=773457
https://github.com/bagder/curl/commit/75ca568fa1c19de4c5358fed246686de8467c238
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03760en_us
CopyrightCopyright (C) 2012 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.

Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.



© 1998-2025 E-Soft Inc. Todos los derechos reservados.