Test ID:	1.3.6.1.4.1.25623.1.0.68732
Category:	Mandrake Local Security Checks
Title:	Mandriva Security Advisory MDVSA-2011:003 (MHonArc)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing an update to MHonArc announced via advisory MDVSA-2011:003. Multiple vulnerabilities has been found and corrected in MHonArc: MHonArc 2.6.16 allows remote attackers to cause a denial of service (CPU consumption) via start tags that are placed within other start tags, as demonstrated by a dy>dy>dy>dy> sequence, a different vulnerability than CVE-2010-4524 (CVE-2010-1677). Cross-site scripting (XSS) vulnerability in lib/mhtxthtml.pl in MHonArc 2.6.16 allows remote attackers to inject arbitrary web script or HTML via a malformed start tag and end tag for a SCRIPT element, as demonstrated by ipt> and ipt> sequences (CVE-2010-4524). Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&products_id=490 The updated packages have been upgraded to the latest version (2.6.18) which is not vulnerable to these issues. Affected: 2009.0, 2010.0, 2010.1, Corporate 4.0, Enterprise Server 5.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. http://www.securityspace.com/smysecure/catid.html?in=MDVSA-2011:003 Risk factor : Medium CVSS Score: 5.0
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2010-4524 42694 http://secunia.com/advisories/42694 45528 http://www.securityfocus.com/bid/45528 ADV-2010-3344 http://www.vupen.com/english/advisories/2010/3344 ADV-2011-0067 http://www.vupen.com/english/advisories/2011/0067 MDVSA-2011:003 http://lists.mandriva.com/security-announce/2011-01/msg00004.php [mhonarc-dev] 20101230 [bug #32013] CVE-2010-4524: Improper escaping of certain HTML sequences (XSS) http://www.mail-archive.com/mhonarc-dev%40mhonarc.org/msg01296.html [oss-security] 20101221 CVE Request -- MHonArc: Improper escaping of certain HTML sequences (XSS) http://openwall.com/lists/oss-security/2010/12/21/4 [oss-security] 20101221 Re: CVE Request -- MHonArc: Improper escaping of certain HTML sequences (XSS) http://openwall.com/lists/oss-security/2010/12/21/7 http://openwall.com/lists/oss-security/2010/12/22/4 http://openwall.com/lists/oss-security/2010/12/22/5 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=607693 http://savannah.nongnu.org/bugs/?32013 https://bugzilla.redhat.com/show_bug.cgi?id=664718 Common Vulnerability Exposure (CVE) ID: CVE-2010-1677 http://www.mail-archive.com/mhonarc-dev@mhonarc.org/msg01297.html XForce ISS Database: mhonarc-start-tags-dos(64656) https://exchange.xforce.ibmcloud.com/vulnerabilities/64656
Copyright	Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.