Lucene search
Copyright (C) 2009 E-Soft Inc.OPENVAS:136141256231064841HistorySep 15, 2009 - 12:00 a.m.
Mandrake Security Advisory MDVSA-2009:228 (libneon)
2009-09-1500:00:00
Copyright (C) 2009 E-Soft Inc.
plugins.openvas.org
11
5.9 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
6.8 Medium
AI Score
Confidence
High
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.003 Low
EPSS
Percentile
70.1%
The remote host is missing an update to libneon
announced via advisory MDVSA-2009:228.
# SPDX-FileCopyrightText: 2009 E-Soft Inc.
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only OR GPL-3.0-only
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.64841");
script_version("2024-02-15T05:05:39+0000");
script_tag(name:"last_modification", value:"2024-02-15 05:05:39 +0000 (Thu, 15 Feb 2024)");
script_tag(name:"creation_date", value:"2009-09-15 22:46:32 +0200 (Tue, 15 Sep 2009)");
script_cve_id("CVE-2009-2408", "CVE-2009-2474");
script_tag(name:"cvss_base", value:"6.8");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:P/I:P/A:P");
script_tag(name:"severity_vector", value:"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N");
script_tag(name:"severity_origin", value:"NVD");
script_tag(name:"severity_date", value:"2024-02-14 17:21:52 +0000 (Wed, 14 Feb 2024)");
script_name("Mandrake Security Advisory MDVSA-2009:228 (libneon)");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2009 E-Soft Inc.");
script_family("Mandrake Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/mandriva_mandrake_linux", "ssh/login/rpms", re:"ssh/login/release=MNDK_(2008\.1|2009\.0|2009\.1|3\.0|4\.0|mes5|2\.0)");
script_tag(name:"insight", value:"A vulnerability has been found and corrected in neon:
neon before 0.28.6, when OpenSSL is used, does not properly handle
a '\0' character in a domain name in the subject's Common Name
(CN) field of an X.509 certificate, which allows man-in-the-middle
attackers to spoof arbitrary SSL servers via a crafted certificate
issued by a legitimate Certification Authority, a related issue to
CVE-2009-2408. (CVE-2009-2474)
This update provides a solution to this vulnerability.
Affected: 2008.1, 2009.0, 2009.1, Corporate 3.0, Corporate 4.0,
Enterprise Server 5.0, Multi Network Firewall 2.0");
script_tag(name:"solution", value:"To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.");
script_xref(name:"URL", value:"https://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:228");
script_tag(name:"summary", value:"The remote host is missing an update to libneon
announced via advisory MDVSA-2009:228.");
script_tag(name:"qod_type", value:"package");
script_tag(name:"solution_type", value:"VendorFix");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-rpm.inc");
res = "";
report = "";
if ((res = isrpmvuln(pkg:"libneon0.24", rpm:"libneon0.24~0.24.7~21.2mdv2008.1", rls:"MNDK_2008.1")) != NULL) {
report += res;
}
if ((res = isrpmvuln(pkg:"libneon0.24-devel", rpm:"libneon0.24-devel~0.24.7~21.2mdv2008.1", rls:"MNDK_2008.1")) != NULL) {
report += res;
}
if ((res = isrpmvuln(pkg:"libneon0.24-static-devel", rpm:"libneon0.24-static-devel~0.24.7~21.2mdv2008.1", rls:"MNDK_2008.1")) != NULL) {
report += res;
}
if ((res = isrpmvuln(pkg:"libneon0.26", rpm:"libneon0.26~0.26.4~5.2mdv2008.1", rls:"MNDK_2008.1")) != NULL) {
report += res;
}
if ((res = isrpmvuln(pkg:"libneon0.26-devel", rpm:"libneon0.26-devel~0.26.4~5.2mdv2008.1", rls:"MNDK_2008.1")) != NULL) {
report += res;
}
if ((res = isrpmvuln(pkg:"libneon0.26-static-devel", rpm:"libneon0.26-static-devel~0.26.4~5.2mdv2008.1", rls:"MNDK_2008.1")) != NULL) {
report += res;
}
if ((res = isrpmvuln(pkg:"lib64neon0.24", rpm:"lib64neon0.24~0.24.7~21.2mdv2008.1", rls:"MNDK_2008.1")) != NULL) {
report += res;
}
if ((res = isrpmvuln(pkg:"lib64neon0.24-devel", rpm:"lib64neon0.24-devel~0.24.7~21.2mdv2008.1", rls:"MNDK_2008.1")) != NULL) {
report += res;
}
if ((res = isrpmvuln(pkg:"lib64neon0.24-static-devel", rpm:"lib64neon0.24-static-devel~0.24.7~21.2mdv2008.1", rls:"MNDK_2008.1")) != NULL) {
report += res;
}
if ((res = isrpmvuln(pkg:"lib64neon0.26", rpm:"lib64neon0.26~0.26.4~5.2mdv2008.1", rls:"MNDK_2008.1")) != NULL) {
report += res;
}
if ((res = isrpmvuln(pkg:"lib64neon0.26-devel", rpm:"lib64neon0.26-devel~0.26.4~5.2mdv2008.1", rls:"MNDK_2008.1")) != NULL) {
report += res;
}
if ((res = isrpmvuln(pkg:"lib64neon0.26-static-devel", rpm:"lib64neon0.26-static-devel~0.26.4~5.2mdv2008.1", rls:"MNDK_2008.1")) != NULL) {
report += res;
}
if ((res = isrpmvuln(pkg:"libneon0.26", rpm:"libneon0.26~0.26.4~6.2mdv2009.0", rls:"MNDK_2009.0")) != NULL) {
report += res;
}
if ((res = isrpmvuln(pkg:"libneon0.26-devel", rpm:"libneon0.26-devel~0.26.4~6.2mdv2009.0", rls:"MNDK_2009.0")) != NULL) {
report += res;
}
if ((res = isrpmvuln(pkg:"libneon0.26-static-devel", rpm:"libneon0.26-static-devel~0.26.4~6.2mdv2009.0", rls:"MNDK_2009.0")) != NULL) {
report += res;
}
if ((res = isrpmvuln(pkg:"lib64neon0.26", rpm:"lib64neon0.26~0.26.4~6.2mdv2009.0", rls:"MNDK_2009.0")) != NULL) {
report += res;
}
if ((res = isrpmvuln(pkg:"lib64neon0.26-devel", rpm:"lib64neon0.26-devel~0.26.4~6.2mdv2009.0", rls:"MNDK_2009.0")) != NULL) {
report += res;
}
if ((res = isrpmvuln(pkg:"lib64neon0.26-static-devel", rpm:"lib64neon0.26-static-devel~0.26.4~6.2mdv2009.0", rls:"MNDK_2009.0")) != NULL) {
report += res;
}
if ((res = isrpmvuln(pkg:"libneon0.26", rpm:"libneon0.26~0.26.4~6.2mdv2009.1", rls:"MNDK_2009.1")) != NULL) {
report += res;
}
if ((res = isrpmvuln(pkg:"libneon0.26-devel", rpm:"libneon0.26-devel~0.26.4~6.2mdv2009.1", rls:"MNDK_2009.1")) != NULL) {
report += res;
}
if ((res = isrpmvuln(pkg:"libneon0.26-static-devel", rpm:"libneon0.26-static-devel~0.26.4~6.2mdv2009.1", rls:"MNDK_2009.1")) != NULL) {
report += res;
}
if ((res = isrpmvuln(pkg:"lib64neon0.26", rpm:"lib64neon0.26~0.26.4~6.2mdv2009.1", rls:"MNDK_2009.1")) != NULL) {
report += res;
}
if ((res = isrpmvuln(pkg:"lib64neon0.26-devel", rpm:"lib64neon0.26-devel~0.26.4~6.2mdv2009.1", rls:"MNDK_2009.1")) != NULL) {
report += res;
}
if ((res = isrpmvuln(pkg:"lib64neon0.26-static-devel", rpm:"lib64neon0.26-static-devel~0.26.4~6.2mdv2009.1", rls:"MNDK_2009.1")) != NULL) {
report += res;
}
if ((res = isrpmvuln(pkg:"libneon0.24", rpm:"libneon0.24~0.24.7~1.1.101mdk", rls:"MNDK_3.0")) != NULL) {
report += res;
}
if ((res = isrpmvuln(pkg:"libneon0.24-devel", rpm:"libneon0.24-devel~0.24.7~1.1.101mdk", rls:"MNDK_3.0")) != NULL) {
report += res;
}
if ((res = isrpmvuln(pkg:"libneon0.24-static-devel", rpm:"libneon0.24-static-devel~0.24.7~1.1.101mdk", rls:"MNDK_3.0")) != NULL) {
report += res;
}
if ((res = isrpmvuln(pkg:"lib64neon0.24", rpm:"lib64neon0.24~0.24.7~1.1.101mdk", rls:"MNDK_3.0")) != NULL) {
report += res;
}
if ((res = isrpmvuln(pkg:"lib64neon0.24-devel", rpm:"lib64neon0.24-devel~0.24.7~1.1.101mdk", rls:"MNDK_3.0")) != NULL) {
report += res;
}
if ((res = isrpmvuln(pkg:"lib64neon0.24-static-devel", rpm:"lib64neon0.24-static-devel~0.24.7~1.1.101mdk", rls:"MNDK_3.0")) != NULL) {
report += res;
}
if ((res = isrpmvuln(pkg:"libneon0.24", rpm:"libneon0.24~0.24.7~12.1mdk", rls:"MNDK_4.0")) != NULL) {
report += res;
}
if ((res = isrpmvuln(pkg:"libneon0.24-devel", rpm:"libneon0.24-devel~0.24.7~12.1mdk", rls:"MNDK_4.0")) != NULL) {
report += res;
}
if ((res = isrpmvuln(pkg:"libneon0.24-static-devel", rpm:"libneon0.24-static-devel~0.24.7~12.1mdk", rls:"MNDK_4.0")) != NULL) {
report += res;
}
if ((res = isrpmvuln(pkg:"libneon0.25", rpm:"libneon0.25~0.25.1~3.1mdk", rls:"MNDK_4.0")) != NULL) {
report += res;
}
if ((res = isrpmvuln(pkg:"libneon0.25-devel", rpm:"libneon0.25-devel~0.25.1~3.1mdk", rls:"MNDK_4.0")) != NULL) {
report += res;
}
if ((res = isrpmvuln(pkg:"libneon0.25-static-devel", rpm:"libneon0.25-static-devel~0.25.1~3.1mdk", rls:"MNDK_4.0")) != NULL) {
report += res;
}
if ((res = isrpmvuln(pkg:"lib64neon0.24", rpm:"lib64neon0.24~0.24.7~12.1mdk", rls:"MNDK_4.0")) != NULL) {
report += res;
}
if ((res = isrpmvuln(pkg:"lib64neon0.24-devel", rpm:"lib64neon0.24-devel~0.24.7~12.1mdk", rls:"MNDK_4.0")) != NULL) {
report += res;
}
if ((res = isrpmvuln(pkg:"lib64neon0.24-static-devel", rpm:"lib64neon0.24-static-devel~0.24.7~12.1mdk", rls:"MNDK_4.0")) != NULL) {
report += res;
}
if ((res = isrpmvuln(pkg:"lib64neon0.25", rpm:"lib64neon0.25~0.25.1~3.1mdk", rls:"MNDK_4.0")) != NULL) {
report += res;
}
if ((res = isrpmvuln(pkg:"lib64neon0.25-devel", rpm:"lib64neon0.25-devel~0.25.1~3.1mdk", rls:"MNDK_4.0")) != NULL) {
report += res;
}
if ((res = isrpmvuln(pkg:"lib64neon0.25-static-devel", rpm:"lib64neon0.25-static-devel~0.25.1~3.1mdk", rls:"MNDK_4.0")) != NULL) {
report += res;
}
if ((res = isrpmvuln(pkg:"libneon0.26", rpm:"libneon0.26~0.26.4~6.2mdvmes5", rls:"MNDK_mes5")) != NULL) {
report += res;
}
if ((res = isrpmvuln(pkg:"libneon0.26-devel", rpm:"libneon0.26-devel~0.26.4~6.2mdvmes5", rls:"MNDK_mes5")) != NULL) {
report += res;
}
if ((res = isrpmvuln(pkg:"libneon0.26-static-devel", rpm:"libneon0.26-static-devel~0.26.4~6.2mdvmes5", rls:"MNDK_mes5")) != NULL) {
report += res;
}
if ((res = isrpmvuln(pkg:"lib64neon0.26", rpm:"lib64neon0.26~0.26.4~6.2mdvmes5", rls:"MNDK_mes5")) != NULL) {
report += res;
}
if ((res = isrpmvuln(pkg:"lib64neon0.26-devel", rpm:"lib64neon0.26-devel~0.26.4~6.2mdvmes5", rls:"MNDK_mes5")) != NULL) {
report += res;
}
if ((res = isrpmvuln(pkg:"lib64neon0.26-static-devel", rpm:"lib64neon0.26-static-devel~0.26.4~6.2mdvmes5", rls:"MNDK_mes5")) != NULL) {
report += res;
}
if ((res = isrpmvuln(pkg:"libneon0.24", rpm:"libneon0.24~0.24.7~1.1.101mdk", rls:"MNDK_2.0")) != NULL) {
report += res;
}
if ((res = isrpmvuln(pkg:"libneon0.24-devel", rpm:"libneon0.24-devel~0.24.7~1.1.101mdk", rls:"MNDK_2.0")) != NULL) {
report += res;
}
if ((res = isrpmvuln(pkg:"libneon0.24-static-devel", rpm:"libneon0.24-static-devel~0.24.7~1.1.101mdk", rls:"MNDK_2.0")) != NULL) {
report += res;
}
if (report != "") {
security_message(data:report);
} else if (__pkg_match) {
exit(99);
}
Related
prion
prion
Design/Logic Flaw
2009-08-21 17:30:00
Code injection
2009-07-30 19:30:00
Design/Logic Flaw
2009-09-02 17:30:00
cve
cve
openvas
openvas
Mandriva Security Advisory MDVSA-2009:315 (libneon)
2009-12-10 00:00:00
Mandrake Security Advisory MDVSA-2009:228 (libneon)
2009-09-15 00:00:00
Mandriva Security Advisory MDVSA-2009:315 (libneon)
2009-12-10 00:00:00
ubuntucve
ubuntucve
nessus
nessus
Mandriva Linux Security Advisory : libneon (MDVSA-2009:315)
2009-12-07 00:00:00
Mandriva Linux Security Advisory : libneon0.27 (MDVSA-2009:221)
2009-08-25 00:00:00
openSUSE Security Update : mutt (mutt-1298)
2009-09-22 00:00:00
debiancve
debiancve
securityvulns
securityvulns
[ MDVSA-2009:221 ] libneon0.27
2009-08-25 00:00:00
Mozilla Foundation Security Advisory 2009-42
2009-08-07 00:00:00
libneon certificate spoofing
2009-08-25 00:00:00
exploitdb
exploitdb
mozilla
mozilla
Compromise of SSL-protected communication — Mozilla
2009-08-01 00:00:00
threatpost
threatpost
Apple Safari
2009-12-29 21:50:26
veracode
veracode
Man-in-the-Middle (MitM)
2020-04-10 00:33:40
seebug
seebug
Mozilla Firefox NULL字符CA SSL证书验证安全绕过漏洞
2009-07-31 00:00:00
oraclelinux
oraclelinux
neon security update
2009-09-21 00:00:00
redhat
redhat
(RHSA-2009:1452) Moderate: neon security update
2009-09-21 00:00:00
centos
centos
neon security update
2009-09-22 13:46:23
ubuntu
ubuntu
neon vulnerabilities
2009-09-21 00:00:00
f5
f5
SOL15683 - Ruby vulnerability CVE-2013-4073
2014-10-09 00:00:00
SOL15638 - Python vulnerability CVE-2013-4238
2014-09-29 00:00:00
SOL14909 - OpenSSL vulnerability CVE-2013-4248
2014-01-15 00:00:00
amazon
amazon
Medium: python27
2013-09-04 13:31:00
debian
debian
[Backports-security-announce] Security Update for proftpd-dfsg
2010-01-26 21:30:08
[Backports-security-announce] Security Update for proftpd-dfsg
2010-01-26 21:06:44
talos
talos
Randombit Botan Library X509 Certificate Validation Bypass Vulnerability
2017-04-28 00:00:00
aix
aix
Vulnerability in Diffie-Hellman ciphers affects sendmail on VIOS
2010-03-29 15:54:57
5.9 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
6.8 Medium
AI Score
Confidence
High
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.003 Low
EPSS
Percentile
70.1%
Related for OPENVAS:136141256231064841