Ubuntu Local Security Checks : Ubuntu Update for lynx-cur USN-1642-1

Búsqueda de Vulnerabilidad		Buscar 219043 Descripciones CVE y 99761 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.841235

Categoría: Ubuntu Local Security Checks

Título: Ubuntu Update for lynx-cur USN-1642-1

Resumen: Ubuntu Update for Linux kernel vulnerabilities USN-1642-1

Descripción: Summary:
Ubuntu Update for Linux kernel vulnerabilities USN-1642-1

Vulnerability Insight:
Dan Rosenberg discovered a heap-based buffer overflow in Lynx. If a user
were tricked into opening a specially crafted page, a remote attacker could
cause a denial of service via application crash, or possibly execute
arbitrary code as the user invoking the program. This issue only affected
Ubuntu 10.04 LTS. (CVE-2010-2810)

It was discovered that Lynx did not properly verify that an HTTPS
certificate was signed by a trusted certificate authority. This could allow
an attacker to perform a 'man in the middle' (MITM) attack which would make
the user believe their connection is secure, but is actually being
monitored. This update changes the behavior of Lynx such that self-signed
certificates no longer validate. Users requiring the previous behavior can
use the 'FORCE_SSL_PROMPT' option in lynx.cfg. (CVE-2012-5821)

Affected Software/OS:
lynx-cur on Ubuntu 12.10,
Ubuntu 12.04 LTS,
Ubuntu 11.10,
Ubuntu 10.04 LTS

Solution:
Please Install the Updated Packages.

CVSS Score:
6.8

CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2010-2810
http://marc.info/?l=oss-security&m=128151768510564&w=2
http://marc.info/?l=oss-security&m=128152412221677&w=2
http://www.ubuntu.com/usn/USN-1642-1
http://www.vupen.com/english/advisories/2010/2042
XForce ISS Database: lynx-converttoidna-bo(61007)
https://exchange.xforce.ibmcloud.com/vulnerabilities/61007
Common Vulnerability Exposure (CVE) ID: CVE-2012-5821
http://www.mandriva.com/security/advisories?name=MDVSA-2013:101
http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf
XForce ISS Database: lynx-ssl-spoofing(79930)
https://exchange.xforce.ibmcloud.com/vulnerabilities/79930

Copyright Copyright (c) 2012 Greenbone Networks GmbH

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.841235
Categoría:	Ubuntu Local Security Checks
Título:	Ubuntu Update for lynx-cur USN-1642-1
Resumen:	Ubuntu Update for Linux kernel vulnerabilities USN-1642-1
Descripción:	Summary: Ubuntu Update for Linux kernel vulnerabilities USN-1642-1 Vulnerability Insight: Dan Rosenberg discovered a heap-based buffer overflow in Lynx. If a user were tricked into opening a specially crafted page, a remote attacker could cause a denial of service via application crash, or possibly execute arbitrary code as the user invoking the program. This issue only affected Ubuntu 10.04 LTS. (CVE-2010-2810) It was discovered that Lynx did not properly verify that an HTTPS certificate was signed by a trusted certificate authority. This could allow an attacker to perform a 'man in the middle' (MITM) attack which would make the user believe their connection is secure, but is actually being monitored. This update changes the behavior of Lynx such that self-signed certificates no longer validate. Users requiring the previous behavior can use the 'FORCE_SSL_PROMPT' option in lynx.cfg. (CVE-2012-5821) Affected Software/OS: lynx-cur on Ubuntu 12.10, Ubuntu 12.04 LTS, Ubuntu 11.10, Ubuntu 10.04 LTS Solution: Please Install the Updated Packages. CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2010-2810 http://marc.info/?l=oss-security&m=128151768510564&w=2 http://marc.info/?l=oss-security&m=128152412221677&w=2 http://www.ubuntu.com/usn/USN-1642-1 http://www.vupen.com/english/advisories/2010/2042 XForce ISS Database: lynx-converttoidna-bo(61007) https://exchange.xforce.ibmcloud.com/vulnerabilities/61007 Common Vulnerability Exposure (CVE) ID: CVE-2012-5821 http://www.mandriva.com/security/advisories?name=MDVSA-2013:101 http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf XForce ISS Database: lynx-ssl-spoofing(79930) https://exchange.xforce.ibmcloud.com/vulnerabilities/79930
Copyright	Copyright (c) 2012 Greenbone Networks GmbH