English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 145615 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.66415
Category:Mandrake Local Security Checks
Title:Mandriva Security Advisory MDVSA-2009:322 (mono)
Summary:The remote host is missing an update to mono;announced via advisory MDVSA-2009:322.
Description:Summary:
The remote host is missing an update to mono
announced via advisory MDVSA-2009:322.

Vulnerability Insight:
Multiple vulnerabilities has been found and corrected in mono:

IOActive Inc. found a buffer overflow in Mono.Math.BigInteger class
in Mono 1.2.5.1 and previous versions, which allows arbitrary code
execution by context-dependent attackers (CVE-2007-5197).

Multiple cross-site scripting (XSS) vulnerabilities in the ASP.net
class libraries in Mono 2.0 and earlier allow remote attackers to
inject arbitrary web script or HTML via crafted attributes related to
(1) HtmlControl.cs (PreProcessRelativeReference), (2) HtmlForm.cs
(RenderAttributes), (3) HtmlInputButton (RenderAttributes),
(4) HtmlInputRadioButton (RenderAttributes), and (5) HtmlSelect
(RenderChildren) (CVE-2008-3422).

CRLF injection vulnerability in Sys.Web in Mono 2.0 and earlier allows
remote attackers to inject arbitrary HTTP headers and conduct HTTP
response splitting attacks via CRLF sequences in the query string
(CVE-2008-3906).

The XML HMAC signature system did not correctly check certain
lengths. If an attacker sent a truncated HMAC, it could bypass
authentication, leading to potential privilege escalation
(CVE-2009-0217).

Packages for 2008.0 are being provided due to extended support for
Corporate products.

The updated packages have been patched to fix these issues.

Affected: 2008.0

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2007-5197
BugTraq ID: 26279
http://www.securityfocus.com/bid/26279
Debian Security Information: DSA-1397 (Google Search)
http://www.debian.org/security/2007/dsa-1397
https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00249.html
http://www.gentoo.org/security/en/glsa/glsa-200711-10.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2007:218
http://www.securitytracker.com/id?1018892
http://secunia.com/advisories/27439
http://secunia.com/advisories/27493
http://secunia.com/advisories/27511
http://secunia.com/advisories/27583
http://secunia.com/advisories/27612
http://secunia.com/advisories/27639
http://secunia.com/advisories/27937
SuSE Security Announcement: SUSE-SR:2007:023 (Google Search)
http://www.novell.com/linux/security/advisories/2007_23_sr.html
http://www.ubuntu.com/usn/usn-553-1
http://www.vupen.com/english/advisories/2007/3716
XForce ISS Database: mono-big-integer-bo(38248)
https://exchange.xforce.ibmcloud.com/vulnerabilities/38248
Common Vulnerability Exposure (CVE) ID: CVE-2008-3422
BugTraq ID: 30471
http://www.securityfocus.com/bid/30471
http://lists.ximian.com/pipermail/mono-devel-list/2008-July/028633.html
http://secunia.com/advisories/31338
http://secunia.com/advisories/31982
http://secunia.com/advisories/36494
SuSE Security Announcement: SUSE-SR:2008:018 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html
https://usn.ubuntu.com/826-1/
XForce ISS Database: mono-aspnet-xss(44229)
https://exchange.xforce.ibmcloud.com/vulnerabilities/44229
Common Vulnerability Exposure (CVE) ID: CVE-2008-3906
BugTraq ID: 30867
http://www.securityfocus.com/bid/30867
Bugtraq: 20080930 rPSA-2008-0286-1 mono (Google Search)
http://www.securityfocus.com/archive/1/496845/100/0/threaded
http://www.mandriva.com/security/advisories?name=MDVSA-2008:210
http://www.openwall.com/lists/oss-security/2008/08/27/6
http://secunia.com/advisories/31643
http://www.vupen.com/english/advisories/2008/2443
XForce ISS Database: mono-sysweb-xss(44740)
https://exchange.xforce.ibmcloud.com/vulnerabilities/44740
Common Vulnerability Exposure (CVE) ID: CVE-2009-0217
AIX APAR: PK80596
http://www-01.ibm.com/support/docview.wss?rs=180&context=SSEQTP&dc=D400&uid=swg24023545&loc=en_US&cs=UTF-8&lang=en&rss=ct180websphere
AIX APAR: PK80627
http://www-01.ibm.com/support/docview.wss?rs=180&context=SSEQTP&dc=D400&uid=swg24023723&loc=en_US&cs=UTF-8&lang=en&rss=ct180websphere
http://lists.apple.com/archives/security-announce/2009/Sep/msg00000.html
BugTraq ID: 35671
http://www.securityfocus.com/bid/35671
Cert/CC Advisory: TA09-294A
http://www.us-cert.gov/cas/techalerts/TA09-294A.html
Cert/CC Advisory: TA10-159B
http://www.us-cert.gov/cas/techalerts/TA10-159B.html
CERT/CC vulnerability note: VU#466161
http://www.kb.cert.org/vuls/id/466161
Debian Security Information: DSA-1995 (Google Search)
http://www.debian.org/security/2010/dsa-1995
https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00310.html
https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00325.html
https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00494.html
https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00505.html
http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml
HPdes Security Advisory: HPSBUX02476
http://marc.info/?l=bugtraq&m=125787273209737&w=2
HPdes Security Advisory: SSRT090250
http://www.mandriva.com/security/advisories?name=MDVSA-2009:209
http://www.w3.org/QA/2009/07/hmac_truncation_in_xml_signatu.html
Microsoft Security Bulletin: MS10-041
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-041
http://osvdb.org/55895
http://osvdb.org/55907
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10186
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7158
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8717
RedHat Security Advisories: RHSA-2009:1200
https://rhn.redhat.com/errata/RHSA-2009-1200.html
RedHat Security Advisories: RHSA-2009:1201
https://rhn.redhat.com/errata/RHSA-2009-1201.html
RedHat Security Advisories: RHSA-2009:1428
https://rhn.redhat.com/errata/RHSA-2009-1428.html
RedHat Security Advisories: RHSA-2009:1636
https://rhn.redhat.com/errata/RHSA-2009-1636.html
RedHat Security Advisories: RHSA-2009:1637
https://rhn.redhat.com/errata/RHSA-2009-1637.html
RedHat Security Advisories: RHSA-2009:1649
https://rhn.redhat.com/errata/RHSA-2009-1649.html
RedHat Security Advisories: RHSA-2009:1650
https://rhn.redhat.com/errata/RHSA-2009-1650.html
http://www.redhat.com/support/errata/RHSA-2009-1694.html
http://www.securitytracker.com/id?1022561
http://www.securitytracker.com/id?1022567
http://www.securitytracker.com/id?1022661
http://secunia.com/advisories/34461
http://secunia.com/advisories/35776
http://secunia.com/advisories/35852
http://secunia.com/advisories/35853
http://secunia.com/advisories/35854
http://secunia.com/advisories/35855
http://secunia.com/advisories/35858
http://secunia.com/advisories/36162
http://secunia.com/advisories/36176
http://secunia.com/advisories/36180
http://secunia.com/advisories/37300
http://secunia.com/advisories/37671
http://secunia.com/advisories/37841
http://secunia.com/advisories/38567
http://secunia.com/advisories/38568
http://secunia.com/advisories/38695
http://secunia.com/advisories/38921
http://secunia.com/advisories/41818
http://secunia.com/advisories/60799
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020710.1-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-263429-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-269208-1
SuSE Security Announcement: SUSE-SA:2009:053 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00002.html
SuSE Security Announcement: SUSE-SA:2010:017 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00005.html
http://www.ubuntu.com/usn/USN-903-1
http://www.vupen.com/english/advisories/2009/1900
http://www.vupen.com/english/advisories/2009/1908
http://www.vupen.com/english/advisories/2009/1909
http://www.vupen.com/english/advisories/2009/1911
http://www.vupen.com/english/advisories/2009/2543
http://www.vupen.com/english/advisories/2009/3122
http://www.vupen.com/english/advisories/2010/0366
http://www.vupen.com/english/advisories/2010/0635
CopyrightCopyright (C) 2009 E-Soft Inc.

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.