Detections
Analytics
Mandriva Linux Security Advisory : mono (MDVSA-2008:210-1)
medium Nessus Plugin ID 37751
Synopsis
The remote Mandriva Linux host is missing one or more security updates.Description
CRLF injection vulnerability in Sys.Web in Mono 2.0 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the query string.The updated packages have been patched to fix the issue.
Update :
This update was too late for inclusion in Mandriva Linux 2009, so it is being released now for that version.
Solution
Update the affected packages.Plugin Details
Severity: Medium
ID: 37751
File Name: mandriva_MDVSA-2008-210.nasl
Version: 1.13
Type: local
Family: Mandriva Local Security Checks
Published: 4/23/2009
Updated: 1/6/2021
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Low
Score: 3.8
CVSS v2
Risk Factor: Medium
Base Score: 4.3
Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N
Vulnerability Information
CPE: p-cpe:/a:mandriva:linux:jay, p-cpe:/a:mandriva:linux:lib64mono-devel, p-cpe:/a:mandriva:linux:lib64mono0, p-cpe:/a:mandriva:linux:libmono-devel, p-cpe:/a:mandriva:linux:libmono0, p-cpe:/a:mandriva:linux:mono, p-cpe:/a:mandriva:linux:mono-bytefx-data-mysql, p-cpe:/a:mandriva:linux:mono-data, p-cpe:/a:mandriva:linux:mono-data-firebird, p-cpe:/a:mandriva:linux:mono-data-oracle, p-cpe:/a:mandriva:linux:mono-data-postgresql, p-cpe:/a:mandriva:linux:mono-data-sqlite, p-cpe:/a:mandriva:linux:mono-data-sybase, p-cpe:/a:mandriva:linux:mono-doc, p-cpe:/a:mandriva:linux:mono-extras, p-cpe:/a:mandriva:linux:mono-ibm-data-db2, p-cpe:/a:mandriva:linux:mono-jscript, p-cpe:/a:mandriva:linux:mono-locale-extras, p-cpe:/a:mandriva:linux:mono-nunit, p-cpe:/a:mandriva:linux:mono-web, p-cpe:/a:mandriva:linux:mono-winforms, cpe:/o:mandriva:linux:2009.0
Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list
Patch Publication Date: 10/11/2008
Reference Information
CVE: CVE-2008-3906
CWE: 20
MDVSA: 2008:210-1