Mandrake Local Security Checks : Mandriva Security Advisory MDVSA-2010:017 (ruby)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.66718

Categoría: Mandrake Local Security Checks

Título: Mandriva Security Advisory MDVSA-2010:017 (ruby)

Resumen: NOSUMMARY

Descripción: Description:
The remote host is missing an update to ruby
announced via advisory MDVSA-2010:017.

A vulnerability has been found and corrected in ruby:

WEBrick 1.3.1 in Ruby 1.8.6 through patchlevel 383, 1.8.7 through
patchlevel 248, 1.8.8dev, 1.9.1 through patchlevel 376, and 1.9.2dev
writes data to a log file without sanitizing non-printable characters,
which might allow remote attackers to modify a window's title,
or possibly execute arbitrary commands or overwrite files, via an
HTTP request containing an escape sequence for a terminal emulator
(CVE-2009-4492).

Packages for 2008.0 are provided for Corporate Desktop 2008.0
customers.

The updated packages have been patched to correct this issue.

Affected: 2008.0, 2009.0, 2009.1, 2010.0, Corporate 4.0,
Enterprise Server 5.0

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

https://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2010:017

Risk factor : Medium

CVSS Score:
5.0

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2009-4492
BugTraq ID: 37710
http://www.securityfocus.com/bid/37710
Bugtraq: 20100110 Nginx, Varnish, Cherokee, thttpd, mini-httpd, WEBrick, Orion, AOLserver, Yaws and Boa log escape sequence injection (Google Search)
http://www.securityfocus.com/archive/1/508830/100/0/threaded
http://www.ush.it/team/ush/hack_httpd_escape/adv.txt
http://www.redhat.com/support/errata/RHSA-2011-0908.html
http://www.redhat.com/support/errata/RHSA-2011-0909.html
http://securitytracker.com/id?1023429
http://secunia.com/advisories/37949
http://www.vupen.com/english/advisories/2010/0089

Copyright Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.66718
Categoría:	Mandrake Local Security Checks
Título:	Mandriva Security Advisory MDVSA-2010:017 (ruby)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to ruby announced via advisory MDVSA-2010:017. A vulnerability has been found and corrected in ruby: WEBrick 1.3.1 in Ruby 1.8.6 through patchlevel 383, 1.8.7 through patchlevel 248, 1.8.8dev, 1.9.1 through patchlevel 376, and 1.9.2dev writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator (CVE-2009-4492). Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. The updated packages have been patched to correct this issue. Affected: 2008.0, 2009.0, 2009.1, 2010.0, Corporate 4.0, Enterprise Server 5.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. https://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2010:017 Risk factor : Medium CVSS Score: 5.0
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2009-4492 BugTraq ID: 37710 http://www.securityfocus.com/bid/37710 Bugtraq: 20100110 Nginx, Varnish, Cherokee, thttpd, mini-httpd, WEBrick, Orion, AOLserver, Yaws and Boa log escape sequence injection (Google Search) http://www.securityfocus.com/archive/1/508830/100/0/threaded http://www.ush.it/team/ush/hack_httpd_escape/adv.txt http://www.redhat.com/support/errata/RHSA-2011-0908.html http://www.redhat.com/support/errata/RHSA-2011-0909.html http://securitytracker.com/id?1023429 http://secunia.com/advisories/37949 http://www.vupen.com/english/advisories/2010/0089
Copyright	Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com