oval:org.mitre.oval:def:13477

Definition Id: oval:org.mitre.oval:def:13477

Oval ID:	oval:org.mitre.oval:def:13477
Title:	DSA-1869-1 curl -- insufficient input validation
Description:	It was discovered that curl, a client and library to get files from servers using HTTP, HTTPS or FTP, is vulnerable to the "Null Prefix Attacks Against SSL/TLS Certificates" recently published at the Blackhat conference. This allows an attacker to perform undetected man-in-the-middle attacks via a crafted ITU-T X.509 certificate with an injected null byte in the Common Name field. For the oldstable distribution, this problem has been fixed in version 7.15.5-1etch3. For the stable distribution, this problem has been fixed in version 7.18.2-8lenny3. For the testing and unstable distribution, this problem will be fixed soon. We recommend that you upgrade your curl packages.
Family:	unix	Class:	patch
Reference(s):	DSA-1869-1 CVE-2009-2417	Version:	5
Platform(s):	Debian GNU/Linux 5.0 Debian GNU/Linux 4.0	Product(s):	curl
Definition Synopsis:
Release section Debian GNU/Linux 5.0 is installed AND Supported architectures section Installed architecture is amd64 AND Installed architecture is arm AND Installed architecture is i386 AND Installed architecture is armel AND Installed architecture is mips AND Installed architecture is ia64 AND Installed architecture is alpha AND Installed architecture is powerpc AND Installed architecture is hppa AND Packages section libcurl4-gnutls-dev DPKG is earlier than 7.18.2-8lenny3 AND libcurl4-openssl-dev DPKG is earlier than 7.18.2-8lenny3 AND libcurl3-gnutls DPKG is earlier than 7.18.2-8lenny3 AND libcurl3-dbg DPKG is earlier than 7.18.2-8lenny3 AND libcurl3 DPKG is earlier than 7.18.2-8lenny3 AND curl DPKG is earlier than 7.18.2-8lenny3 OR Release section Debian GNU/Linux 4.0 is installed. AND Architecture section Architecture independent section Installed architecture is all AND libcurl3-dev DPKG is earlier than 7.15.5-1etch3 OR Architecture depended section Supported architectures section Installed architecture is s390 AND Installed architecture is amd64 AND Installed architecture is arm AND Installed architecture is i386 AND Installed architecture is mips AND Installed architecture is ia64 AND Installed architecture is alpha AND Installed architecture is powerpc AND Installed architecture is hppa AND Packages section libcurl3-gnutls DPKG is earlier than 7.15.5-1etch3 AND libcurl3-dbg DPKG is earlier than 7.15.5-1etch3 AND libcurl3-gnutls-dev DPKG is earlier than 7.15.5-1etch3 AND libcurl3 DPKG is earlier than 7.15.5-1etch3 AND curl DPKG is earlier than 7.15.5-1etch3 AND libcurl3-openssl-dev DPKG is earlier than 7.15.5-1etch3

Definition Id: oval:org.mitre.oval:def:6513

Oval ID:	oval:org.mitre.oval:def:6513
Title:	Debian GNU/Linux 5.0 is installed
Description:	Debian GNU/Linux 5.0 (lenny) is installed
Family:	unix	Class:	inventory
Reference(s):	cpe:/o:debian:debian_gnu/linux:5.0	Version:	7
Platform(s):	Debian GNU/Linux 5.0	Product(s):
Definition Synopsis:
Debian GNU/Linux 5.0 is installed
Referenced By:
oval:org.mitre.oval:def:13477

Definition Id: oval:org.mitre.oval:def:6461

Oval ID:	oval:org.mitre.oval:def:6461
Title:	Debian GNU/Linux 4.0 is installed.
Description:	Debian GNU/Linux 4.0 (etch) is installed
Family:	unix	Class:	inventory
Reference(s):	cpe:/o:debian:debian_gnu/linux:4.0	Version:	9
Platform(s):	Debian GNU/Linux 4.0	Product(s):
Definition Synopsis:
Debian GNU/Linux 4.0 is installed
Referenced By:
oval:org.mitre.oval:def:13477

Copyright Security-Database 2006-2024 - Powered by themself ;) in 0.0303s

Facebook rss twitter linkedin mail