Lucene search

Gentoo FoundationMGASA-2013-0262

HistoryAug 30, 2013 - 9:19 p.m.

Updated nagstamon package fixes security vulnerability

2013-08-3021:19:33

Gentoo Foundation

advisories.mageia.org

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.003 Low

EPSS

Percentile

70.3%

JSON

A user details information exposure flaw was found in the way Nagstamon performed automated requests to get information about available updates. Remote attackers could use this flaw to obtain user credentials for servers monitored by the desktop status monitor due to their improper (base64 encoding-based) encoding in the HTTP request, when the HTTP Basic authentication scheme was used (CVE-2013-4114).

OSVersionArchitecturePackageVersionFilename
Mageia3noarchnagstamon< 0.9.9-1.2nagstamon-0.9.9-1.2.mga3

OS	Version	Architecture	Package	Version	Filename
Mageia	3	noarch	nagstamon	< 0.9.9-1.2	nagstamon-0.9.9-1.2.mga3

References

bugs.mageia.org/show_bug.cgi?id=10779

lists.fedoraproject.org/pipermail/package-announce/2013-July/111698.html

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.003 Low

EPSS

Percentile

70.3%

JSON

Related for MGASA-2013-0262