CentOS Local Security Checks : CentOS Update for w3m CESA-2010:0565 centos5 i386

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 146377 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.880594

Kategorie: CentOS Local Security Checks

Titel: CentOS Update for w3m CESA-2010:0565 centos5 i386

Zusammenfassung: The remote host is missing an update for the 'w3m'; package(s) announced via the referenced advisory.

Beschreibung: Summary:
The remote host is missing an update for the 'w3m'
package(s) announced via the referenced advisory.

Vulnerability Insight:
The w3m program is a pager (or text file viewer) that can also be used as a
text mode web browser.

It was discovered that w3m is affected by the previously published 'null
prefix attack', caused by incorrect handling of NULL characters in X.509
certificates. If an attacker is able to get a carefully-crafted certificate
signed by a trusted Certificate Authority, the attacker could use the
certificate during a man-in-the-middle attack and potentially confuse w3m
into accepting it by mistake. (CVE-2010-2074)

All w3m users should upgrade to these updated packages, which contain a
backported patch to correct this issue.

Affected Software/OS:
w3m on CentOS 5

Solution:
Please install the updated packages.

CVSS Score:
6.8

CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2010-2074
1024252
http://www.securitytracker.com/id?1024252
40134
http://secunia.com/advisories/40134
40733
http://secunia.com/advisories/40733
40837
http://www.securityfocus.com/bid/40837
65538
http://osvdb.org/65538
ADV-2010-1467
http://www.vupen.com/english/advisories/2010/1467
ADV-2010-1879
http://www.vupen.com/english/advisories/2010/1879
ADV-2010-1928
http://www.vupen.com/english/advisories/2010/1928
FEDORA-2010-10369
http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044401.html
RHSA-2010:0565
http://www.redhat.com/support/errata/RHSA-2010-0565.html
SUSE-SR:2010:014
http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html
[oss-security] 20100614 CVE Request: w3m does not check null bytes CN/subjAltName
http://www.openwall.com/lists/oss-security/2010/06/14/4

Copyright Copyright (C) 2011 Greenbone AG

Dies ist nur einer von 146377 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.880594
Kategorie:	CentOS Local Security Checks
Titel:	CentOS Update for w3m CESA-2010:0565 centos5 i386
Zusammenfassung:	The remote host is missing an update for the 'w3m'; package(s) announced via the referenced advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'w3m' package(s) announced via the referenced advisory. Vulnerability Insight: The w3m program is a pager (or text file viewer) that can also be used as a text mode web browser. It was discovered that w3m is affected by the previously published 'null prefix attack', caused by incorrect handling of NULL characters in X.509 certificates. If an attacker is able to get a carefully-crafted certificate signed by a trusted Certificate Authority, the attacker could use the certificate during a man-in-the-middle attack and potentially confuse w3m into accepting it by mistake. (CVE-2010-2074) All w3m users should upgrade to these updated packages, which contain a backported patch to correct this issue. Affected Software/OS: w3m on CentOS 5 Solution: Please install the updated packages. CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2010-2074 1024252 http://www.securitytracker.com/id?1024252 40134 http://secunia.com/advisories/40134 40733 http://secunia.com/advisories/40733 40837 http://www.securityfocus.com/bid/40837 65538 http://osvdb.org/65538 ADV-2010-1467 http://www.vupen.com/english/advisories/2010/1467 ADV-2010-1879 http://www.vupen.com/english/advisories/2010/1879 ADV-2010-1928 http://www.vupen.com/english/advisories/2010/1928 FEDORA-2010-10369 http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044401.html RHSA-2010:0565 http://www.redhat.com/support/errata/RHSA-2010-0565.html SUSE-SR:2010:014 http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html [oss-security] 20100614 CVE Request: w3m does not check null bytes CN/subjAltName http://www.openwall.com/lists/oss-security/2010/06/14/4
Copyright	Copyright (C) 2011 Greenbone AG