Mandriva Linux Security Advisory : mono (MDVSA-2009:268)

NASLDB: Mandriva Linux Security Advisory : mono (MDVSA-2009:268)

General

ID: 42095
Name: Mandriva Linux Security Advisory : mono (MDVSA-2009:268)

Summary: Checks rpm output for the updated packages

Credits: Tenable Network Security, Inc.

Classification

Risk: –

CVSS: –
CVSS Base Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N
CVSS Temporal Vector: –

Port: 0
Family: Mandriva Local Security Checks
Type: Local

Description

Multiple vulnerabilities has been found and corrected in mono :

Multiple cross-site scripting (XSS) vulnerabilities in the ASP.net
class libraries in Mono 2.0 and earlier allow remote attackers to
inject arbitrary web script or HTML via crafted attributes related to
(1) HtmlControl.cs (PreProcessRelativeReference), (2) HtmlForm.cs
(RenderAttributes), (3) HtmlInputButton (RenderAttributes), (4)
HtmlInputRadioButton (RenderAttributes), and (5) HtmlSelect
(RenderChildren) (CVE-2008-3422).

The XML HMAC signature system did not correctly check certain lengths.
If an attacker sent a truncated HMAC, it could bypass authentication,
leading to potential privilege escalation (CVE-2009-0217).

This update fixes these vulnerabilities.

Exploiting

Exploit Available: –
Exploitability Ease: –

Sources

CVE: CVE-2008-3422
OSVDB: –
Bugtraq: –
scipID: –

Timeline

Vulnerability Disclosure: –
Patch Release: 2009/10/12
Plugin Release: 2009/10/13

Plugin

Version: 1.10
Filename: mandriva_MDVSA-2009-268.nasl
Filesize: 7676 bytes
MD5 Hash: c1eba01591e4920e9c7dd8f55ff933fb

Identification: Host/local_checks_enabled
Require Keys: Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list
Dependencies: "ssh_get_info.nasl"

Letzte Plugins

Letzte Plugins

scip AG