Búsqueda de    
Vulnerabilidad   
    Buscar 219043 Descripciones CVE y
99761 Descripciones de Pruebas,
accesos 10,000+ referencias cruzadas.
Pruebas   CVE   Todos  

ID de Prueba:1.3.6.1.4.1.25623.1.0.60261
Categoría:Mandrake Local Security Checks
Título:Mandrake Security Advisory MDVSA-2008:029 (ruby)
Resumen:NOSUMMARY
Descripción:Description:

The remote host is missing an update to ruby
announced via advisory MDVSA-2008:029.

Ruby network libraries Net::HTTP, Net::IMAP, Net::FTPTLS, Net::Telnet,
Net::POP3, and Net::SMTP, up to Ruby version 1.8.6 are affected by a
possible man-in-the-middle attack, when using SSL, due to a missing
check of the CN (common name) attribute in SSL certificates against
the server's hostname.

The updated packages have been patched to prevent the issue.

Affected: 2007.0, 2007.1, 2008.0, Corporate 3.0, Corporate 4.0

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

http://www.securityspace.com/smysecure/catid.html?in=MDVSA-2008:029

Risk factor : High

CVSS Score:
6.9

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2008-5162
BugTraq ID: 32447
http://www.securityfocus.com/bid/32447
FreeBSD Security Advisory: FreeBSD-SA-08:11
http://security.freebsd.org/advisories/FreeBSD-SA-08:11.arc4random.asc
http://osvdb.org/50137
http://securitytracker.com/id?1021276
http://secunia.com/advisories/32871
Common Vulnerability Exposure (CVE) ID: CVE-2007-5770
http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html
BugTraq ID: 26421
http://www.securityfocus.com/bid/26421
Cert/CC Advisory: TA07-352A
http://www.us-cert.gov/cas/techalerts/TA07-352A.html
Debian Security Information: DSA-1410 (Google Search)
http://www.debian.org/security/2007/dsa-1410
Debian Security Information: DSA-1411 (Google Search)
http://www.debian.org/security/2007/dsa-1411
Debian Security Information: DSA-1412 (Google Search)
http://www.debian.org/security/2007/dsa-1412
http://www.mandriva.com/security/advisories?name=MDVSA-2008:029
https://bugzilla.redhat.com/show_bug.cgi?id=362081
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11025
http://www.redhat.com/support/errata/RHSA-2007-0961.html
http://www.redhat.com/support/errata/RHSA-2007-0965.html
http://www.securitytracker.com/id?1018938
http://secunia.com/advisories/26985
http://secunia.com/advisories/27576
http://secunia.com/advisories/27673
http://secunia.com/advisories/27756
http://secunia.com/advisories/27764
http://secunia.com/advisories/27769
http://secunia.com/advisories/27818
http://secunia.com/advisories/28136
http://secunia.com/advisories/28645
http://secunia.com/advisories/29556
SuSE Security Announcement: SUSE-SR:2007:024 (Google Search)
http://www.novell.com/linux/security/advisories/2007_24_sr.html
http://www.ubuntu.com/usn/usn-596-1
http://www.vupen.com/english/advisories/2007/4238
CopyrightCopyright (c) 2008 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.

Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.




© 1998-2024 E-Soft Inc. Todos los derechos reservados.