Ubuntu Security Notice (C) 2009-2014 Canonical, Inc. / NASL script (C) 2009-2014 Tenable Network Security, Inc.
The remote Ubuntu host is missing one or more security-related patches.
It was discovered that the XML HMAC signature system did not correctly
check certain lengths. If an attacker sent a truncated HMAC, it could
bypass authentication, leading to potential privilege escalation.
It was discovered that Mono did not properly escape certain attributes
in the ASP.net class libraries which could result in browsers becoming
vulnerable to cross-site scripting attacks when processing the output.
With cross-site scripting vulnerabilities, if a user were tricked into
viewing server output during a crafted server request, a remote
attacker could exploit this to modify the contents, or steal
confidential data (such as passwords), within the same domain. This
issue only affected Ubuntu 8.04 LTS. (CVE-2008-3422)
It was discovered that Mono did not properly filter CRLF injections in
the query string. If a user were tricked into viewing server output
during a crafted server request, a remote attacker could exploit this
to modify the contents, steal confidential data (such as passwords),
or perform cross-site request forgeries. This issue only affected
Ubuntu 8.04 LTS. (CVE-2008-3906).
Update the affected packages.
Risk factor :
Medium / CVSS Base Score : 5.0
CVSS Temporal Score : 4.3
Public Exploit Available : true
Family: Ubuntu Local Security Checks
Nessus Plugin ID: 40794 ()
Bugtraq ID: 35671
CVE ID: CVE-2008-3422CVE-2008-3906CVE-2009-0217
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.