ID de Prueba:	1.3.6.1.4.1.25623.1.0.72089
Categoría:	Mandrake Local Security Checks
Título:	Mandriva Security Advisory MDVSA-2012:001 (fcgi)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to fcgi announced via advisory MDVSA-2012:001. A vulnerability has been found and corrected in fcgi: The FCGI (aka Fast CGI) module 0.70 through 0.73 for Perl, as used by CGI::Fast, uses environment variable values from one request during processing of a later request, which allows remote attackers to bypass authentication via crafted HTTP headers (CVE-2011-2766). The updated packages have been patched to correct this issue. Affected: 2010.1, 2011., Enterprise Server 5.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. https://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2012:001 Risk factor : High
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2011-2766 BugTraq ID: 49549 http://www.securityfocus.com/bid/49549 Debian Security Information: DSA-2327 (Google Search) http://www.debian.org/security/2011/dsa-2327 http://www.mandriva.com/security/advisories?name=MDVSA-2012:001 http://www.openwall.com/lists/oss-security/2011/09/08/1 http://www.openwall.com/lists/oss-security/2011/09/08/2 SuSE Security Announcement: openSUSE-SU-2012:0004 (Google Search) https://hermes.opensuse.org/messages/13154637 SuSE Security Announcement: openSUSE-SU-2012:0036 (Google Search) https://hermes.opensuse.org/messages/13155253 XForce ISS Database: perlfast-cgi-security-bypass(69709) https://exchange.xforce.ibmcloud.com/vulnerabilities/69709
Copyright	Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.