CentOS Local Security Checks : CentOS Update for w3m CESA-2010:0565 centos5 i386

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.880594

Categoría: CentOS Local Security Checks

Título: CentOS Update for w3m CESA-2010:0565 centos5 i386

Resumen: The remote host is missing an update for the 'w3m'; package(s) announced via the referenced advisory.

Descripción: Summary:
The remote host is missing an update for the 'w3m'
package(s) announced via the referenced advisory.

Vulnerability Insight:
The w3m program is a pager (or text file viewer) that can also be used as a
text mode web browser.

It was discovered that w3m is affected by the previously published 'null
prefix attack', caused by incorrect handling of NULL characters in X.509
certificates. If an attacker is able to get a carefully-crafted certificate
signed by a trusted Certificate Authority, the attacker could use the
certificate during a man-in-the-middle attack and potentially confuse w3m
into accepting it by mistake. (CVE-2010-2074)

All w3m users should upgrade to these updated packages, which contain a
backported patch to correct this issue.

Affected Software/OS:
w3m on CentOS 5

Solution:
Please install the updated packages.

CVSS Score:
6.8

CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2010-2074
1024252
http://www.securitytracker.com/id?1024252
40134
http://secunia.com/advisories/40134
40733
http://secunia.com/advisories/40733
40837
http://www.securityfocus.com/bid/40837
65538
http://osvdb.org/65538
ADV-2010-1467
http://www.vupen.com/english/advisories/2010/1467
ADV-2010-1879
http://www.vupen.com/english/advisories/2010/1879
ADV-2010-1928
http://www.vupen.com/english/advisories/2010/1928
FEDORA-2010-10369
http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044401.html
RHSA-2010:0565
http://www.redhat.com/support/errata/RHSA-2010-0565.html
SUSE-SR:2010:014
http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html
[oss-security] 20100614 CVE Request: w3m does not check null bytes CN/subjAltName
http://www.openwall.com/lists/oss-security/2010/06/14/4

Copyright Copyright (C) 2011 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.880594
Categoría:	CentOS Local Security Checks
Título:	CentOS Update for w3m CESA-2010:0565 centos5 i386
Resumen:	The remote host is missing an update for the 'w3m'; package(s) announced via the referenced advisory.
Descripción:	Summary: The remote host is missing an update for the 'w3m' package(s) announced via the referenced advisory. Vulnerability Insight: The w3m program is a pager (or text file viewer) that can also be used as a text mode web browser. It was discovered that w3m is affected by the previously published 'null prefix attack', caused by incorrect handling of NULL characters in X.509 certificates. If an attacker is able to get a carefully-crafted certificate signed by a trusted Certificate Authority, the attacker could use the certificate during a man-in-the-middle attack and potentially confuse w3m into accepting it by mistake. (CVE-2010-2074) All w3m users should upgrade to these updated packages, which contain a backported patch to correct this issue. Affected Software/OS: w3m on CentOS 5 Solution: Please install the updated packages. CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2010-2074 1024252 http://www.securitytracker.com/id?1024252 40134 http://secunia.com/advisories/40134 40733 http://secunia.com/advisories/40733 40837 http://www.securityfocus.com/bid/40837 65538 http://osvdb.org/65538 ADV-2010-1467 http://www.vupen.com/english/advisories/2010/1467 ADV-2010-1879 http://www.vupen.com/english/advisories/2010/1879 ADV-2010-1928 http://www.vupen.com/english/advisories/2010/1928 FEDORA-2010-10369 http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044401.html RHSA-2010:0565 http://www.redhat.com/support/errata/RHSA-2010-0565.html SUSE-SR:2010:014 http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html [oss-security] 20100614 CVE Request: w3m does not check null bytes CN/subjAltName http://www.openwall.com/lists/oss-security/2010/06/14/4
Copyright	Copyright (C) 2011 Greenbone AG