Mandrake Security Advisory MDVSA-2009:269 (mono) Network Vulnerability

Summary

The remote host is missing an update to mono announced via advisory MDVSA-2009:269.

Solution

To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. https://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:269

Insight

A vulnerability has been found and corrected in mono: The XML HMAC signature system did not correctly check certain lengths. If an attacker sent a truncated HMAC, it could bypass authentication, leading to potential privilege escalation (CVE-2009-0217). This update fixes this vulnerability. Affected: 2009.1

Severity

Classification

CVE CVE-2009-0217
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Mandrake Security Advisory MDVSA-2009:114 (ipsec-tools)
Mandrake Security Advisory MDVSA-2009:105 (memcached)
Mandrake Security Advisory MDVSA-2009:025 (pidgin)
Mandrake Security Advisory MDVSA-2009:188 (php4-eaccelerator)
Mandrake Security Advisory MDVSA-2009:069 (curl)

Take action and discover your vulnerabilities