English | Deutsch | Español | Português
 UserID:
 Passwd:
new user
 About:   Dedicated  | Advanced  | Standard  | Recurring  | No Risk  | Desktop  | Basic  | Single  | Security Seal  | FAQ
  Price/Feature Summary  | Order  | New Vulnerabilities  | Confidentiality  | Vulnerability Search
 Vulnerability   
Search   
    Search 76783 CVE descriptions
and 40246 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.64693
Category:Mandrake Local Security Checks
Title:Mandrake Security Advisory MDVSA-2009:221 (libneon0.27)
Summary:Mandrake Security Advisory MDVSA-2009:221 (libneon0.27)
Description:The remote host is missing an update to libneon0.27
announced via advisory MDVSA-2009:221.

Multiple vulnerabilities has been found and corrected in libneon0.27:

neon before 0.28.6, when expat is used, does not properly detect
recursion during entity expansion, which allows context-dependent
attackers to cause a denial of service (memory and CPU consumption)
via a crafted XML document containing a large number of nested entity
references, a similar issue to CVE-2003-1564 (CVE-2009-2473).

neon before 0.28.6, when OpenSSL is used, does not properly handle a
'\0' (NUL) character in a domain name in the subject's Common Name
(CN) field of an X.509 certificate, which allows man-in-the-middle
attackers to spoof arbitrary SSL servers via a crafted certificate
issued by a legitimate Certification Authority, a related issue to
CVE-2009-2408 (CVE-2009-2474).

This update provides a solution to these vulnerabilities.

Affected: 2008.1, 2009.0, 2009.1, Corporate 4.0, Enterprise Server 5.0

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

http://www.securityspace.com/smysecure/catid.html?in=MDVSA-2009:221
Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2003-1564
http://www.stylusstudio.com/xmldev/200302/post20020.html
http://mail.gnome.org/archives/xml/2008-August/msg00034.html
http://www.reddit.com/r/programming/comments/65843/time_to_upgrade_libxml2
http://xmlsoft.org/news.html
http://www.redhat.com/support/errata/RHSA-2008-0886.html
http://secunia.com/advisories/31868
Common Vulnerability Exposure (CVE) ID: CVE-2009-2473
http://lists.manyfish.co.uk/pipermail/neon/2009-August/001045.html
http://lists.manyfish.co.uk/pipermail/neon/2009-August/001044.html
http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html
https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00924.html
https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00945.html
http://www.mandriva.com/security/advisories?name=MDVSA-2009:221
RedHat Security Advisories: RHSA-2013:0131
http://rhn.redhat.com/errata/RHSA-2013-0131.html
SuSE Security Announcement: SUSE-SR:2009:018 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9461
http://secunia.com/advisories/36371
http://www.vupen.com/english/advisories/2009/2341
XForce ISS Database: neon-xml-dos(52633)
http://xforce.iss.net/xforce/xfdb/52633
Common Vulnerability Exposure (CVE) ID: CVE-2009-2408
http://marc.info/?l=oss-security&m=125198917018936&w=2
http://www.wired.com/threatlevel/2009/07/kaminsky/
http://isc.sans.org/diary.html?storyid=7003
Debian Security Information: DSA-1874 (Google Search)
http://www.debian.org/security/2009/dsa-1874
http://www.mandriva.com/security/advisories?name=MDVSA-2009:197
http://www.mandriva.com/security/advisories?name=MDVSA-2009:216
http://www.mandriva.com/security/advisories?name=MDVSA-2009:217
http://www.redhat.com/support/errata/RHSA-2009-1207.html
http://www.redhat.com/support/errata/RHSA-2009-1432.html
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021030.1-1
SuSE Security Announcement: SUSE-SA:2009:048 (Google Search)
http://www.novell.com/linux/security/advisories/2009_48_firefox.html
http://www.ubuntu.com/usn/usn-810-1
http://www.ubuntulinux.org/support/documentation/usn/usn-810-2
http://osvdb.org/56723
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10751
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:8458
http://www.securitytracker.com/id?1022632
http://secunia.com/advisories/36088
http://secunia.com/advisories/36125
http://secunia.com/advisories/36139
http://secunia.com/advisories/36157
http://secunia.com/advisories/36434
http://secunia.com/advisories/37098
http://secunia.com/advisories/36669
http://www.vupen.com/english/advisories/2009/2085
http://www.vupen.com/english/advisories/2009/3184
Common Vulnerability Exposure (CVE) ID: CVE-2009-2474
http://lists.manyfish.co.uk/pipermail/neon/2009-August/001046.html
http://www.ubuntu.com/usn/usn-835-1
BugTraq ID: 36079
http://www.securityfocus.com/bid/36079
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11721
http://secunia.com/advisories/36799
CopyrightCopyright (c) 2009 E-Soft Inc. http://www.securityspace.com

This is only one of 40246 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

New User Registration
Email:
UserID:
Passwd:
Please email me your monthly newsletters, informing the latest services, improvements & surveys.
Please email me a vulnerability test announcement whenever a new test is added.
   Privacy
Registered User Login
 
UserID:   
Passwd:  

 Forgot userid or passwd?
Email/Userid:




Home | About Us | Contact Us | Partner Programs | Developer APIs | Privacy | Mailing Lists | Abuse
Security Audits | Managed DNS | Network Monitoring | Site Analyzer | Internet Research Reports
Web Probe | Whois

© 1998-2014 E-Soft Inc. All rights reserved.