ID de Prueba:	1.3.6.1.4.1.25623.1.0.880703
Categoría:	CentOS Local Security Checks
Título:	CentOS Update for seamonkey CESA-2009:1185 centos3 i386
Resumen:	The remote host is missing an update for the 'seamonkey'; package(s) announced via the referenced advisory.
Descripción:	Summary: The remote host is missing an update for the 'seamonkey' package(s) announced via the referenced advisory. Vulnerability Insight: SeaMonkey is an open source Web browser, email and newsgroup client, IRC chat client, and HTML editor. Moxie Marlinspike reported a heap overflow flaw in a regular expression parser in the NSS library (provided by SeaMonkey) used to match common names in certificates. A malicious website could present a carefully-crafted certificate in such a way as to trigger the heap overflow, leading to a crash or, possibly, arbitrary code execution with the permissions of the user running SeaMonkey. (CVE-2009-2404) Note: in order to exploit this issue without further user interaction, the carefully-crafted certificate would need to be signed by a Certificate Authority trusted by SeaMonkey, otherwise SeaMonkey presents the victim with a warning that the certificate is untrusted. Only if the user then accepts the certificate will the overflow take place. All SeaMonkey users should upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the updated packages, SeaMonkey must be restarted for the update to take effect. Affected Software/OS: seamonkey on CentOS 3 Solution: Please install the updated packages. CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2009-2404 1021030 http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021030.1-1 1021699 http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021699.1-1 273910 http://sunsolve.sun.com/search/document.do?assetkey=1-66-273910-1 35891 http://www.securityfocus.com/bid/35891 36088 http://secunia.com/advisories/36088 36102 http://secunia.com/advisories/36102 36125 http://secunia.com/advisories/36125 36139 http://secunia.com/advisories/36139 36157 http://secunia.com/advisories/36157 36434 http://secunia.com/advisories/36434 37098 http://secunia.com/advisories/37098 39428 http://secunia.com/advisories/39428 ADV-2009-2085 http://www.vupen.com/english/advisories/2009/2085 DSA-1874 http://www.debian.org/security/2009/dsa-1874 MDVSA-2009:197 http://www.mandriva.com/security/advisories?name=MDVSA-2009:197 MDVSA-2009:216 http://www.mandriva.com/security/advisories?name=MDVSA-2009:216 RHSA-2009:1185 http://rhn.redhat.com/errata/RHSA-2009-1185.html RHSA-2009:1207 http://www.redhat.com/support/errata/RHSA-2009-1207.html SUSE-SA:2009:048 http://www.novell.com/linux/security/advisories/2009_48_firefox.html TA10-103B http://www.us-cert.gov/cas/techalerts/TA10-103B.html USN-810-1 http://www.ubuntu.com/usn/usn-810-1 USN-810-2 https://usn.ubuntu.com/810-2/ http://www.blackhat.com/presentations/bh-usa-09/MARLINSPIKE/BHUSA09-Marlinspike-DefeatSSL-SLIDES.pdf http://www.mozilla.org/security/announce/2009/mfsa2009-43.html http://www.oracle.com/technetwork/topics/security/cpuapr2010-099504.html https://bugzilla.redhat.com/show_bug.cgi?id=512912 oval:org.mitre.oval:def:11174 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11174 oval:org.mitre.oval:def:8658 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8658
Copyright	Copyright (C) 2011 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.