Test ID:	1.3.6.1.4.1.25623.1.0.64581
Category:	FreeBSD Local Security Checks
Title:	FreeBSD Ports: mono
Summary:	NOSUMMARY
Description:	Description: The remote host is missing an update to the system as announced in the referenced advisory. The following package is affected: mono CVE-2009-0217 The design of the W3C XML Signature Syntax and Processing (XMLDsig) recommendation, as implemented in products including (1) the Oracle Security Developer Tools component in Oracle Application Server 10.1.2.3, 10.1.3.4, and 10.1.4.3IM (2) the WebLogic Server component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, and 8.1 SP6 (3) Mono before 2.4.2.2 (4) XML Security Library before 1.2.12 (5) IBM WebSphere Application Server Versions 6.0 through 6.0.2.33, 6.1 through 6.1.0.23, and 7.0 through 7.0.0.1 and other products uses a parameter that defines an HMAC truncation length (HMACOutputLength) but does not require a minimum for this length, which allows attackers to spoof HMAC-based signatures and bypass authentication by specifying a truncation length with a small number of bits. Solution: Update your system with the appropriate patches or software upgrades. http://secunia.com/advisories/35852/ http://www.kb.cert.org/vuls/id/466161 http://www.vuxml.org/freebsd/708c65a5-7c58-11de-a994-0030843d3802.html CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2009-0217 AIX APAR: PK80596 http://www-01.ibm.com/support/docview.wss?rs=180&context=SSEQTP&dc=D400&uid=swg24023545&loc=en_US&cs=UTF-8&lang=en&rss=ct180websphere AIX APAR: PK80627 http://www-01.ibm.com/support/docview.wss?rs=180&context=SSEQTP&dc=D400&uid=swg24023723&loc=en_US&cs=UTF-8&lang=en&rss=ct180websphere http://lists.apple.com/archives/security-announce/2009/Sep/msg00000.html BugTraq ID: 35671 http://www.securityfocus.com/bid/35671 Cert/CC Advisory: TA09-294A http://www.us-cert.gov/cas/techalerts/TA09-294A.html Cert/CC Advisory: TA10-159B http://www.us-cert.gov/cas/techalerts/TA10-159B.html CERT/CC vulnerability note: VU#466161 http://www.kb.cert.org/vuls/id/466161 Debian Security Information: DSA-1995 (Google Search) http://www.debian.org/security/2010/dsa-1995 https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00310.html https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00325.html https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00494.html https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00505.html http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml HPdes Security Advisory: HPSBUX02476 http://marc.info/?l=bugtraq&m=125787273209737&w=2 HPdes Security Advisory: SSRT090250 http://www.mandriva.com/security/advisories?name=MDVSA-2009:209 http://www.w3.org/QA/2009/07/hmac_truncation_in_xml_signatu.html Microsoft Security Bulletin: MS10-041 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-041 http://osvdb.org/55895 http://osvdb.org/55907 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10186 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7158 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8717 RedHat Security Advisories: RHSA-2009:1200 https://rhn.redhat.com/errata/RHSA-2009-1200.html RedHat Security Advisories: RHSA-2009:1201 https://rhn.redhat.com/errata/RHSA-2009-1201.html RedHat Security Advisories: RHSA-2009:1428 https://rhn.redhat.com/errata/RHSA-2009-1428.html RedHat Security Advisories: RHSA-2009:1636 https://rhn.redhat.com/errata/RHSA-2009-1636.html RedHat Security Advisories: RHSA-2009:1637 https://rhn.redhat.com/errata/RHSA-2009-1637.html RedHat Security Advisories: RHSA-2009:1649 https://rhn.redhat.com/errata/RHSA-2009-1649.html RedHat Security Advisories: RHSA-2009:1650 https://rhn.redhat.com/errata/RHSA-2009-1650.html http://www.redhat.com/support/errata/RHSA-2009-1694.html http://www.securitytracker.com/id?1022561 http://www.securitytracker.com/id?1022567 http://www.securitytracker.com/id?1022661 http://secunia.com/advisories/34461 http://secunia.com/advisories/35776 http://secunia.com/advisories/35852 http://secunia.com/advisories/35853 http://secunia.com/advisories/35854 http://secunia.com/advisories/35855 http://secunia.com/advisories/35858 http://secunia.com/advisories/36162 http://secunia.com/advisories/36176 http://secunia.com/advisories/36180 http://secunia.com/advisories/36494 http://secunia.com/advisories/37300 http://secunia.com/advisories/37671 http://secunia.com/advisories/37841 http://secunia.com/advisories/38567 http://secunia.com/advisories/38568 http://secunia.com/advisories/38695 http://secunia.com/advisories/38921 http://secunia.com/advisories/41818 http://secunia.com/advisories/60799 http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020710.1-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-263429-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-269208-1 SuSE Security Announcement: SUSE-SA:2009:053 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00002.html SuSE Security Announcement: SUSE-SA:2010:017 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00005.html https://usn.ubuntu.com/826-1/ http://www.ubuntu.com/usn/USN-903-1 http://www.vupen.com/english/advisories/2009/1900 http://www.vupen.com/english/advisories/2009/1908 http://www.vupen.com/english/advisories/2009/1909 http://www.vupen.com/english/advisories/2009/1911 http://www.vupen.com/english/advisories/2009/2543 http://www.vupen.com/english/advisories/2009/3122 http://www.vupen.com/english/advisories/2010/0366 http://www.vupen.com/english/advisories/2010/0635
Copyright	Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.