Executive Summary
Summary | |
---|---|
Title | arpwatch security update |
Informations | |||
---|---|---|---|
Name | DSA-2482 | First vendor Publication | 2012-06-02 |
Vendor | Debian | Last vendor Modification | 2012-06-02 |
Severity (Vendor) | N/A | Revision | 1 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 10 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Vreixo Formoso discovered that libgdata, a library used to access various Google services, wasn't validating certificates against trusted system root CAs when using an https connection. For the stable distribution (squeeze), this problem has been fixed in version 0.6.4-2+squeeze1. For the testing distribution (wheezy), this problem has been fixed in version 0.10.2-1. For the unstable distribution (sid), this problem has been fixed in version 0.10.2-1. We recommend that you upgrade your libgdata packages. |
Original Source
Url : http://www.debian.org/security/2012/dsa-2482 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-20 | Improper Input Validation |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:17607 | |||
Oval ID: | oval:org.mitre.oval:def:17607 | ||
Title: | USN-1547-1 -- libgdata, evolution-data-server vulnerability | ||
Description: | Applications using GData services could be made to expose sensitive information over the network. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-1547-1 CVE-2012-1177 | Version: | 7 |
Platform(s): | Ubuntu 11.10 Ubuntu 11.04 Ubuntu 10.04 | Product(s): | libgdata evolution-data-server |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:18519 | |||
Oval ID: | oval:org.mitre.oval:def:18519 | ||
Title: | DSA-2481-1 arpwatch - fails to drop supplementary groups | ||
Description: | Steve Grubb from Red Hat discovered that a patch for arpwatch (as shipped at least in Red Hat and Debian distributions) in order to make it drop root privileges would fail to do so and instead add the root group to the list of the daemon uses. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-2481-1 CVE-2012-2653 | Version: | 7 |
Platform(s): | Debian GNU/Linux 6.0 Debian GNU/kFreeBSD 6.0 | Product(s): | arpwatch |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:20177 | |||
Oval ID: | oval:org.mitre.oval:def:20177 | ||
Title: | DSA-2482-1 libgdata - no verification of TLS certificates against system root CA | ||
Description: | Vreixo Formoso discovered that libgdata, a library used to access various Google services, wasn't validating certificates against trusted system root CAs when using an HTTPS connection. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-2482-1 CVE-2012-1177 | Version: | 5 |
Platform(s): | Debian GNU/Linux 6.0 Debian GNU/kFreeBSD 6.0 | Product(s): | libgdata |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 1 |
OpenVAS Exploits
Date | Description |
---|---|
2012-09-06 | Name : Ubuntu Update for libgdata USN-1547-1 File : nvt/gb_ubuntu_USN_1547_1.nasl |
2012-08-30 | Name : Fedora Update for arpwatch FEDORA-2012-8677 File : nvt/gb_fedora_2012_8677_arpwatch_fc17.nasl |
2012-08-30 | Name : Gentoo Security Advisory GLSA 201208-06 (libgdata) File : nvt/glsa_201208_06.nasl |
2012-08-10 | Name : Debian Security Advisory DSA 2481-1 (arpwatch) File : nvt/deb_2481_1.nasl |
2012-08-10 | Name : Debian Security Advisory DSA 2482-1 (libgdata) File : nvt/deb_2482_1.nasl |
2012-07-30 | Name : Mandriva Update for arpwatch MDVSA-2012:113 (arpwatch) File : nvt/gb_mandriva_MDVSA_2012_113.nasl |
2012-07-26 | Name : Mandriva Update for libgdata MDVSA-2012:111 (libgdata) File : nvt/gb_mandriva_MDVSA_2012_111.nasl |
2012-06-22 | Name : Fedora Update for arpwatch FEDORA-2012-8675 File : nvt/gb_fedora_2012_8675_arpwatch_fc16.nasl |
2012-06-22 | Name : Fedora Update for arpwatch FEDORA-2012-8702 File : nvt/gb_fedora_2012_8702_arpwatch_fc15.nasl |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2016-07-21 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201607-16.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2012-381.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2012-439.nasl - Type : ACT_GATHER_INFO |
2013-04-20 | Name : The remote Mandriva Linux host is missing a security update. File : mandriva_MDVSA-2013-030.nasl - Type : ACT_GATHER_INFO |
2013-01-25 | Name : The remote SuSE 11 host is missing a security update. File : suse_11_arpwatch-120718.nasl - Type : ACT_GATHER_INFO |
2012-09-06 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2012-111.nasl - Type : ACT_GATHER_INFO |
2012-09-06 | Name : The remote Mandriva Linux host is missing a security update. File : mandriva_MDVSA-2012-113.nasl - Type : ACT_GATHER_INFO |
2012-08-29 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1547-1.nasl - Type : ACT_GATHER_INFO |
2012-08-15 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201208-06.nasl - Type : ACT_GATHER_INFO |
2012-06-29 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2481.nasl - Type : ACT_GATHER_INFO |
2012-06-29 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2482.nasl - Type : ACT_GATHER_INFO |
2012-06-20 | Name : The remote Fedora host is missing a security update. File : fedora_2012-8675.nasl - Type : ACT_GATHER_INFO |
2012-06-20 | Name : The remote Fedora host is missing a security update. File : fedora_2012-8677.nasl - Type : ACT_GATHER_INFO |
2012-06-20 | Name : The remote Fedora host is missing a security update. File : fedora_2012-8702.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:31:07 |
|