Startseite ▼ Bookkeeping
Online ▼ Sicherheits
Überprüfungs ▼
Verwaltetes
DNS ▼
Info
Bestellen/Erneuern
FAQ
AUP
Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password Netzwerk
Überwachung ▼
Enterprise
Erweiterte
Standard
Gratis Test
FAQ
Preis/Funktionszusammenfassung
Bestellen
Beispiele
Konfigurieren/Status Alarm Profile | |||
Test Kennung: | 1.3.6.1.4.1.25623.1.0.69672 |
Kategorie: | Mandrake Local Security Checks |
Titel: | Mandriva Security Advisory MDVSA-2011:098 (ruby) |
Zusammenfassung: | NOSUMMARY |
Beschreibung: | Description: The remote host is missing an update to ruby announced via advisory MDVSA-2011:098. Multiple vulnerabilities have been identified and fixed in ruby: Cross-site scripting (XSS) vulnerability in the WEBrick HTTP server in Ruby allows remote attackers to inject arbitrary web script or HTML via a crafted URI that triggers a UTF-7 error page (CVE-2010-0541). The safe-level feature in Ruby allows context-dependent attackers to modify strings via the Exception#to_s method, as demonstrated by changing an intended pathname (CVE-2011-1005). The VpMemAlloc function in bigdecimal.c in the BigDecimal class in Ruby does not properly allocate memory, which allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving creation of a large BigDecimal value within a 64-bit process, related to an integer truncation issue. (CVE-2011-0188). The updated packages have been patched to correct this issue. Affected: Corporate 4.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. https://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2011:098 Risk factor : High CVSS Score: 6.8 |
Querverweis: |
Common Vulnerability Exposure (CVE) ID: CVE-2010-0541 http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html BugTraq ID: 40871 http://www.securityfocus.com/bid/40871 BugTraq ID: 40895 http://www.securityfocus.com/bid/40895 http://www.mandriva.com/security/advisories?name=MDVSA-2011:097 http://www.mandriva.com/security/advisories?name=MDVSA-2011:098 http://www.redhat.com/support/errata/RHSA-2011-0908.html http://www.redhat.com/support/errata/RHSA-2011-0909.html http://secunia.com/advisories/40220 http://www.vupen.com/english/advisories/2010/1481 Common Vulnerability Exposure (CVE) ID: CVE-2011-1005 http://lists.apple.com/archives/security-announce/2012/May/msg00001.html BugTraq ID: 46458 http://www.securityfocus.com/bid/46458 http://lists.fedoraproject.org/pipermail/package-announce/2011-March/054422.html http://lists.fedoraproject.org/pipermail/package-announce/2011-March/054436.html http://www.openwall.com/lists/oss-security/2011/02/21/2 http://www.openwall.com/lists/oss-security/2011/02/21/5 http://osvdb.org/70957 http://www.redhat.com/support/errata/RHSA-2011-0910.html http://secunia.com/advisories/43420 http://secunia.com/advisories/43573 http://www.vupen.com/english/advisories/2011/0539 Common Vulnerability Exposure (CVE) ID: CVE-2011-0188 http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html http://www.securitytracker.com/id?1025236 |
Copyright | Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com |
Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten. |