Test ID:	1.3.6.1.4.1.25623.1.0.64675
Category:	Mandrake Local Security Checks
Title:	Mandrake Security Advisory MDVSA-2009:203 (curl)
Summary:	The remote host is missing an update to curl;announced via advisory MDVSA-2009:203.
Description:	Summary: The remote host is missing an update to curl announced via advisory MDVSA-2009:203. Vulnerability Insight: A vulnerability has been found and corrected in curl: lib/ssluse.c in cURL and libcurl 7.4 through 7.19.5, when OpenSSL is used, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408 (CVE-2009-2417). This update provides a solution to this vulnerability. Affected: 2008.1, 2009.0, Corporate 3.0, Corporate 4.0, Enterprise Server 5.0, Multi Network Firewall 2.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2009-2408 1021030 http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021030.1-1 1022632 http://www.securitytracker.com/id?1022632 36088 http://secunia.com/advisories/36088 36125 http://secunia.com/advisories/36125 36139 http://secunia.com/advisories/36139 36157 http://secunia.com/advisories/36157 36434 http://secunia.com/advisories/36434 36669 http://secunia.com/advisories/36669 37098 http://secunia.com/advisories/37098 56723 http://osvdb.org/56723 ADV-2009-2085 http://www.vupen.com/english/advisories/2009/2085 ADV-2009-3184 http://www.vupen.com/english/advisories/2009/3184 DSA-1874 http://www.debian.org/security/2009/dsa-1874 MDVSA-2009:197 http://www.mandriva.com/security/advisories?name=MDVSA-2009:197 MDVSA-2009:216 http://www.mandriva.com/security/advisories?name=MDVSA-2009:216 MDVSA-2009:217 http://www.mandriva.com/security/advisories?name=MDVSA-2009:217 RHSA-2009:1207 http://www.redhat.com/support/errata/RHSA-2009-1207.html RHSA-2009:1432 http://www.redhat.com/support/errata/RHSA-2009-1432.html SUSE-SA:2009:048 http://www.novell.com/linux/security/advisories/2009_48_firefox.html SUSE-SR:2009:018 http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html USN-810-1 http://www.ubuntu.com/usn/usn-810-1 USN-810-2 https://usn.ubuntu.com/810-2/ [oss-security] 20090903 More CVE-2009-2408 like issues http://marc.info/?l=oss-security&m=125198917018936&w=2 http://isc.sans.org/diary.html?storyid=7003 http://www.mozilla.org/security/announce/2009/mfsa2009-42.html http://www.openldap.org/devel/cvsweb.cgi/libraries/libldap/tls_m.c.diff?r1=1.8&r2=1.11&f=h http://www.wired.com/threatlevel/2009/07/kaminsky/ https://bugzilla.redhat.com/show_bug.cgi?id=510251 oval:org.mitre.oval:def:10751 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10751 oval:org.mitre.oval:def:8458 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8458 Common Vulnerability Exposure (CVE) ID: CVE-2009-2417 20090824 rPSA-2009-0124-1 curl http://www.securityfocus.com/archive/1/506055/100/0/threaded 20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components http://www.securityfocus.com/archive/1/507985/100/0/threaded 36032 http://www.securityfocus.com/bid/36032 36238 http://secunia.com/advisories/36238 36475 http://secunia.com/advisories/36475 37471 http://secunia.com/advisories/37471 45047 http://secunia.com/advisories/45047 ADV-2009-2263 http://www.vupen.com/english/advisories/2009/2263 ADV-2009-3316 http://www.vupen.com/english/advisories/2009/3316 APPLE-SA-2010-03-29-1 http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html USN-1158-1 http://www.ubuntu.com/usn/USN-1158-1 curl-certificate-security-bypass(52405) https://exchange.xforce.ibmcloud.com/vulnerabilities/52405 http://curl.haxx.se/CVE-2009-2417/curl-7.10.6-CVE-2009-2417.patch http://curl.haxx.se/CVE-2009-2417/curl-7.11.0-CVE-2009-2417.patch http://curl.haxx.se/CVE-2009-2417/curl-7.12.1-CVE-2009-2417.patch http://curl.haxx.se/CVE-2009-2417/curl-7.15.1-CVE-2009-2417.patch http://curl.haxx.se/CVE-2009-2417/curl-7.15.5-CVE-2009-2417.patch http://curl.haxx.se/CVE-2009-2417/curl-7.16.4-CVE-2009-2417.patch http://curl.haxx.se/CVE-2009-2417/curl-7.18.1-CVE-2009-2417.patch http://curl.haxx.se/CVE-2009-2417/curl-7.19.0-CVE-2009-2417.patch http://curl.haxx.se/CVE-2009-2417/curl-7.19.5-CVE-2009-2417.patch http://curl.haxx.se/docs/adv_20090812.txt http://shibboleth.internet2.edu/secadv/secadv_20090817.txt http://support.apple.com/kb/HT4077 http://wiki.rpath.com/Advisories:rPSA-2009-0124 http://www.vmware.com/security/advisories/VMSA-2009-0016.html oval:org.mitre.oval:def:10114 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10114 oval:org.mitre.oval:def:8542 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8542
Copyright	Copyright (C) 2009 E-Soft Inc.

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.