 |
Inicial ▼ Bookkeeping
Online ▼ Auditorias ▼
DNS
Administrado ▼
Acerca de DNS
Ordenar/Renovar
Preguntas Frecuentes
AUP
Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password Monitoreo
de Redes ▼
Enterprise
Avanzado
Estándarr
Prueba
Preguntas Frecuentes
Resumen de Precio/Funciones
Ordenar
Muestras
Configure/Status Alert Profiles | ||
| ID de Prueba: | 1.3.6.1.4.1.25623.1.1.10.2014.0548 |
| Categoría: | Mageia Linux Local Security Checks |
| Título: | Mageia: Security Advisory (MGASA-2014-0548) |
| Resumen: | The remote host is missing an update for the 'smack' package(s) announced via the MGASA-2014-0548 advisory. |
| Descripción: | Summary: The remote host is missing an update for the 'smack' package(s) announced via the MGASA-2014-0548 advisory. Vulnerability Insight: Updated smack packages fix security vulnerabilities: The ServerTrustManager component in the Ignite Realtime Smack XMPP API before 4.0.0-rc1 does not verify basicConstraints and nameConstraints in X.509 certificate chains from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate chain (CVE-2014-0363). The Ignite Realtime Smack XMPP API 4.x before 4.0.2, and 3.x and 2.x when a custom SSLContext is used, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate (CVE-2014-5075). Affected Software/OS: 'smack' package(s) on Mageia 4. Solution: Please install the updated package(s). CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P |
| Referencia Cruzada: |
Common Vulnerability Exposure (CVE) ID: CVE-2014-0363 BugTraq ID: 67119 http://www.securityfocus.com/bid/67119 CERT/CC vulnerability note: VU#489228 http://www.kb.cert.org/vuls/id/489228 RedHat Security Advisories: RHSA-2015:1176 http://rhn.redhat.com/errata/RHSA-2015-1176.html http://secunia.com/advisories/59290 http://secunia.com/advisories/59291 Common Vulnerability Exposure (CVE) ID: CVE-2014-5075 BugTraq ID: 69064 http://www.securityfocus.com/bid/69064 http://secunia.com/advisories/59915 |
| Copyright | Copyright (C) 2022 Greenbone AG |
| Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora. |