Mandrake Local Security Checks : Mandriva Security Advisory MDVSA-2011:116 (curl)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.70027

Categoría: Mandrake Local Security Checks

Título: Mandriva Security Advisory MDVSA-2011:116 (curl)

Resumen: NOSUMMARY

Descripción: Description:
The remote host is missing an update to curl
announced via advisory MDVSA-2011:116.

A vulnerability was discovered and corrected in curl:

The Curl_input_negotiate function in http_negotiate.c in libcurl 7.10.6
through 7.21.6, as used in curl and other products, always performs
credential delegation during GSSAPI authentication, which allows remote
servers to impersonate clients via GSSAPI requests (CVE-2011-2192).

Packages for 2009.0 are provided as of the Extended Maintenance
Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490

The updated packages have been patched to correct this issue.

Affected: 2009.0, 2010.1, Enterprise Server 5.0

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

https://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2011:116

Risk factor : Medium

CVSS Score:
4.3

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2011-2192
1025713
http://www.securitytracker.com/id?1025713
45047
http://secunia.com/advisories/45047
45067
http://secunia.com/advisories/45067
45088
http://secunia.com/advisories/45088
45144
http://secunia.com/advisories/45144
45181
http://secunia.com/advisories/45181
48256
http://secunia.com/advisories/48256
APPLE-SA-2012-02-01-1
http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html
DSA-2271
http://www.debian.org/security/2011/dsa-2271
FEDORA-2011-8586
http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061992.html
FEDORA-2011-8640
http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062287.html
GLSA-201203-02
http://security.gentoo.org/glsa/glsa-201203-02.xml
MDVSA-2011:116
http://www.mandriva.com/security/advisories?name=MDVSA-2011:116
RHSA-2011:0918
http://www.redhat.com/support/errata/RHSA-2011-0918.html
USN-1158-1
http://www.ubuntu.com/usn/USN-1158-1
http://curl.haxx.se/curl-gssapi-delegation.patch
http://curl.haxx.se/docs/adv_20110623.html
http://support.apple.com/kb/HT5130
https://bugzilla.redhat.com/show_bug.cgi?id=711454

Copyright Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.70027
Categoría:	Mandrake Local Security Checks
Título:	Mandriva Security Advisory MDVSA-2011:116 (curl)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to curl announced via advisory MDVSA-2011:116. A vulnerability was discovered and corrected in curl: The Curl_input_negotiate function in http_negotiate.c in libcurl 7.10.6 through 7.21.6, as used in curl and other products, always performs credential delegation during GSSAPI authentication, which allows remote servers to impersonate clients via GSSAPI requests (CVE-2011-2192). Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&products_id=490 The updated packages have been patched to correct this issue. Affected: 2009.0, 2010.1, Enterprise Server 5.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. https://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2011:116 Risk factor : Medium CVSS Score: 4.3
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2011-2192 1025713 http://www.securitytracker.com/id?1025713 45047 http://secunia.com/advisories/45047 45067 http://secunia.com/advisories/45067 45088 http://secunia.com/advisories/45088 45144 http://secunia.com/advisories/45144 45181 http://secunia.com/advisories/45181 48256 http://secunia.com/advisories/48256 APPLE-SA-2012-02-01-1 http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html DSA-2271 http://www.debian.org/security/2011/dsa-2271 FEDORA-2011-8586 http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061992.html FEDORA-2011-8640 http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062287.html GLSA-201203-02 http://security.gentoo.org/glsa/glsa-201203-02.xml MDVSA-2011:116 http://www.mandriva.com/security/advisories?name=MDVSA-2011:116 RHSA-2011:0918 http://www.redhat.com/support/errata/RHSA-2011-0918.html USN-1158-1 http://www.ubuntu.com/usn/USN-1158-1 http://curl.haxx.se/curl-gssapi-delegation.patch http://curl.haxx.se/docs/adv_20110623.html http://support.apple.com/kb/HT5130 https://bugzilla.redhat.com/show_bug.cgi?id=711454
Copyright	Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com