Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.59447
Category:Fedora Local Security Checks
Title:Fedora Core 6 FEDORA-2007-067 (mono)
Summary:NOSUMMARY
Description:Description:

The remote host is missing an update to mono
announced via advisory FEDORA-2007-067.

The Mono runtime implements a JIT engine for the ECMA CLI
virtual machine (as well as a byte code interpreter, the
class loader, the garbage collector, threading system and
metadata access libraries.

Update Information:

A security problem was found and fixed in mono class
libraries that affects the Mono web server implementation.

By appending spaces to URLs attackers could download the
source code of ASP.net scripts that would normally get
executed by the web server.

After upgrading the packages you need to restart any running
mono web server.
* Thu Jan 11 2007 Alexander Larsson - 1.1.17.1-4
- Add patches to fix CVE-2006-6104

Solution: Apply the appropriate updates.

This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/6/


This update can be installed with the 'yum' update program. Use 'yum update
package-name' at the command line. For more information, refer to 'Managing
Software with yum,' available at http://fedora.redhat.com/docs/yum/.


https://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2007-067

Risk factor : Medium

CVSS Score:
5.0

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2006-6104
BugTraq ID: 21687
http://www.securityfocus.com/bid/21687
Bugtraq: 20061220 Mono XSP ASP.NET Server sourcecode disclosure vulnerability (Google Search)
http://www.securityfocus.com/archive/1/454962/100/0/threaded
http://fedoranews.org/cms/node/2400
http://fedoranews.org/cms/node/2401
http://security.gentoo.org/glsa/glsa-200701-12.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2006:234
http://www.eazel.es/advisory007-mono-xsp-source-disclosure-vulnerability.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2092
http://securitytracker.com/id?1017430
http://secunia.com/advisories/23432
http://secunia.com/advisories/23435
http://secunia.com/advisories/23462
http://secunia.com/advisories/23597
http://secunia.com/advisories/23727
http://secunia.com/advisories/23776
http://secunia.com/advisories/23779
http://securityreason.com/securityalert/2082
SuSE Security Announcement: SUSE-SA:2007:002 (Google Search)
http://lists.suse.com/archive/suse-security-announce/2007-Jan/0002.html
http://www.ubuntu.com/usn/usn-397-1
http://www.vupen.com/english/advisories/2006/5099
CopyrightCopyright (c) 2007 E-Soft Inc. http://www.securityspace.com

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2024 E-Soft Inc. All rights reserved.