ID de Prueba:	1.3.6.1.4.1.25623.1.0.60261
Categoría:	Mandrake Local Security Checks
Título:	Mandrake Security Advisory MDVSA-2008:029 (ruby)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to ruby announced via advisory MDVSA-2008:029. Ruby network libraries Net::HTTP, Net::IMAP, Net::FTPTLS, Net::Telnet, Net::POP3, and Net::SMTP, up to Ruby version 1.8.6 are affected by a possible man-in-the-middle attack, when using SSL, due to a missing check of the CN (common name) attribute in SSL certificates against the server's hostname. The updated packages have been patched to prevent the issue. Affected: 2007.0, 2007.1, 2008.0, Corporate 3.0, Corporate 4.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. https://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2008:029 Risk factor : High CVSS Score: 6.9
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2008-5162 BugTraq ID: 32447 http://www.securityfocus.com/bid/32447 FreeBSD Security Advisory: FreeBSD-SA-08:11 http://security.freebsd.org/advisories/FreeBSD-SA-08:11.arc4random.asc http://osvdb.org/50137 http://securitytracker.com/id?1021276 http://secunia.com/advisories/32871 Common Vulnerability Exposure (CVE) ID: CVE-2007-5770 1018938 http://www.securitytracker.com/id?1018938 26421 http://www.securityfocus.com/bid/26421 26985 http://secunia.com/advisories/26985 27576 http://secunia.com/advisories/27576 27673 http://secunia.com/advisories/27673 27756 http://secunia.com/advisories/27756 27764 http://secunia.com/advisories/27764 27769 http://secunia.com/advisories/27769 27818 http://secunia.com/advisories/27818 28136 http://secunia.com/advisories/28136 28645 http://secunia.com/advisories/28645 29556 http://secunia.com/advisories/29556 ADV-2007-4238 http://www.vupen.com/english/advisories/2007/4238 APPLE-SA-2007-12-17 http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html DSA-1410 http://www.debian.org/security/2007/dsa-1410 DSA-1411 http://www.debian.org/security/2007/dsa-1411 DSA-1412 http://www.debian.org/security/2007/dsa-1412 MDVSA-2008:029 http://www.mandriva.com/security/advisories?name=MDVSA-2008:029 RHSA-2007:0961 http://www.redhat.com/support/errata/RHSA-2007-0961.html RHSA-2007:0965 http://www.redhat.com/support/errata/RHSA-2007-0965.html SUSE-SR:2007:024 http://www.novell.com/linux/security/advisories/2007_24_sr.html TA07-352A http://www.us-cert.gov/cas/techalerts/TA07-352A.html USN-596-1 http://www.ubuntu.com/usn/usn-596-1 http://docs.info.apple.com/article.html?artnum=307179 http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=13656 https://bugzilla.redhat.com/show_bug.cgi?id=362081 oval:org.mitre.oval:def:11025 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11025
Copyright	Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.