Mageia Linux Local Security Checks : Mageia: Security Advisory (MGASA-2015-0165)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.1.10.2015.0165

Categoría: Mageia Linux Local Security Checks

Título: Mageia: Security Advisory (MGASA-2015-0165)

Resumen: The remote host is missing an update for the 'lftp' package(s) announced via the MGASA-2015-0165 advisory.

Descripción: Summary:
The remote host is missing an update for the 'lftp' package(s) announced via the MGASA-2015-0165 advisory.

Vulnerability Insight:
Updated lftp packages fix security vulnerability:

lftp incorrectly validates wildcard SSL certificates containing literal
IP addresses, so under certain conditions, it would allow and use a wildcard
match specified in the CN field, allowing a malicious server to participate
in a MITM attack or just fool users into believing that it is a legitimate
site (CVE-2014-0139).

lftp was affected by this issue as it uses code from cURL for checking SSL
certificates. The curl package was fixed in MGASA-2014-0153.

Affected Software/OS:
'lftp' package(s) on Mageia 4.

Solution:
Please install the updated package(s).

CVSS Score:
5.8

CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:N

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2014-0139
Debian Security Information: DSA-2902 (Google Search)
http://www.debian.org/security/2014/dsa-2902
http://www.mandriva.com/security/advisories?name=MDVSA-2015:213
http://secunia.com/advisories/57836
http://secunia.com/advisories/57966
http://secunia.com/advisories/57968
http://secunia.com/advisories/58615
http://secunia.com/advisories/59458
SuSE Security Announcement: openSUSE-SU-2014:0530 (Google Search)
http://lists.opensuse.org/opensuse-updates/2014-04/msg00042.html
http://www.ubuntu.com/usn/USN-2167-1

Copyright Copyright (C) 2022 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.1.10.2015.0165
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2015-0165)
Resumen:	The remote host is missing an update for the 'lftp' package(s) announced via the MGASA-2015-0165 advisory.
Descripción:	Summary: The remote host is missing an update for the 'lftp' package(s) announced via the MGASA-2015-0165 advisory. Vulnerability Insight: Updated lftp packages fix security vulnerability: lftp incorrectly validates wildcard SSL certificates containing literal IP addresses, so under certain conditions, it would allow and use a wildcard match specified in the CN field, allowing a malicious server to participate in a MITM attack or just fool users into believing that it is a legitimate site (CVE-2014-0139). lftp was affected by this issue as it uses code from cURL for checking SSL certificates. The curl package was fixed in MGASA-2014-0153. Affected Software/OS: 'lftp' package(s) on Mageia 4. Solution: Please install the updated package(s). CVSS Score: 5.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2014-0139 Debian Security Information: DSA-2902 (Google Search) http://www.debian.org/security/2014/dsa-2902 http://www.mandriva.com/security/advisories?name=MDVSA-2015:213 http://secunia.com/advisories/57836 http://secunia.com/advisories/57966 http://secunia.com/advisories/57968 http://secunia.com/advisories/58615 http://secunia.com/advisories/59458 SuSE Security Announcement: openSUSE-SU-2014:0530 (Google Search) http://lists.opensuse.org/opensuse-updates/2014-04/msg00042.html http://www.ubuntu.com/usn/USN-2167-1
Copyright	Copyright (C) 2022 Greenbone AG