Debian DLA-376-1:mono 安全性更新
medium Nessus Plugin ID 87682
語系:
概要
遠端 Debian 主機缺少一個安全性更新。說明
使用特製輸入時,Mono 的字串至雙精準數剖析器可能會損毀。理論上此弱點可導致任意程式碼執行。
此問題已在 Debian 6 Squeeze 的 mono 2.6.7-5.1+deb6u2 版中修正。建議您升級 mono 套件。
注意:Tenable Network Security 已直接從 DLA 安全性公告擷取前置描述區塊。Tenable 已盡量在不造成其他問題的前提下,嘗試自動清理並將其格式化。
解決方案
升級受影響的套件。另請參閱
https://lists.debian.org/debian-lts-announce/2015/12/msg00018.html
Plugin 詳細資訊
嚴重性: Medium
ID: 87682
檔案名稱: debian_DLA-376.nasl
版本: 2.8
類型: local
代理程式: unix
已發布: 2016/1/4
已更新: 2021/1/11
支援的感應器: Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus
風險資訊
VPR
風險因素: Medium
分數: 6.6
CVSS v2
風險因素: Medium
基本分數: 6.8
時間分數: 5.3
媒介: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P
弱點資訊
CPE: p-cpe:/a:debian:debian_linux:libmono-system-web2.0-cil, p-cpe:/a:debian:debian_linux:libmono-system1.0-cil, p-cpe:/a:debian:debian_linux:libmono-system2.0-cil, p-cpe:/a:debian:debian_linux:libmono-tasklets2.0-cil, p-cpe:/a:debian:debian_linux:libmono-wcf3.0-cil, p-cpe:/a:debian:debian_linux:libmono-webbrowser0.5-cil, p-cpe:/a:debian:debian_linux:libmono-windowsbase3.0-cil, p-cpe:/a:debian:debian_linux:libmono-winforms1.0-cil, p-cpe:/a:debian:debian_linux:libmono-winforms2.0-cil, p-cpe:/a:debian:debian_linux:libmono0, p-cpe:/a:debian:debian_linux:libmono0-dbg, p-cpe:/a:debian:debian_linux:libmono1.0-cil, p-cpe:/a:debian:debian_linux:libmono2.0-cil, p-cpe:/a:debian:debian_linux:mono-1.0-devel, p-cpe:/a:debian:debian_linux:mono-1.0-gac, p-cpe:/a:debian:debian_linux:mono-1.0-service, p-cpe:/a:debian:debian_linux:mono-2.0-devel, p-cpe:/a:debian:debian_linux:mono-2.0-gac, p-cpe:/a:debian:debian_linux:libmono-accessibility1.0-cil, p-cpe:/a:debian:debian_linux:libmono-accessibility2.0-cil, p-cpe:/a:debian:debian_linux:libmono-bytefx0.7.6.1-cil, p-cpe:/a:debian:debian_linux:libmono-bytefx0.7.6.2-cil, p-cpe:/a:debian:debian_linux:libmono-c5-1.1-cil, p-cpe:/a:debian:debian_linux:libmono-cairo1.0-cil, p-cpe:/a:debian:debian_linux:libmono-cairo2.0-cil, p-cpe:/a:debian:debian_linux:libmono-cecil-private-cil, p-cpe:/a:debian:debian_linux:libmono-cil-dev, p-cpe:/a:debian:debian_linux:libmono-corlib1.0-cil, p-cpe:/a:debian:debian_linux:libmono-corlib2.0-cil, p-cpe:/a:debian:debian_linux:libmono-cscompmgd7.0-cil, p-cpe:/a:debian:debian_linux:libmono-cscompmgd8.0-cil, p-cpe:/a:debian:debian_linux:libmono-data-tds1.0-cil, p-cpe:/a:debian:debian_linux:libmono-data-tds2.0-cil, p-cpe:/a:debian:debian_linux:libmono-data1.0-cil, p-cpe:/a:debian:debian_linux:libmono-data2.0-cil, p-cpe:/a:debian:debian_linux:libmono-db2-1.0-cil, p-cpe:/a:debian:debian_linux:libmono-debugger-soft0.0-cil, p-cpe:/a:debian:debian_linux:libmono-dev, p-cpe:/a:debian:debian_linux:libmono-firebirdsql1.7-cil, p-cpe:/a:debian:debian_linux:libmono-getoptions1.0-cil, p-cpe:/a:debian:debian_linux:libmono-getoptions2.0-cil, p-cpe:/a:debian:debian_linux:libmono-i18n-west1.0-cil, p-cpe:/a:debian:debian_linux:libmono-i18n-west2.0-cil, p-cpe:/a:debian:debian_linux:libmono-i18n1.0-cil, p-cpe:/a:debian:debian_linux:libmono-i18n2.0-cil, p-cpe:/a:debian:debian_linux:libmono-ldap1.0-cil, p-cpe:/a:debian:debian_linux:libmono-ldap2.0-cil, p-cpe:/a:debian:debian_linux:libmono-management2.0-cil, p-cpe:/a:debian:debian_linux:libmono-messaging-rabbitmq2.0-cil, p-cpe:/a:debian:debian_linux:libmono-messaging2.0-cil, p-cpe:/a:debian:debian_linux:libmono-microsoft-build2.0-cil, p-cpe:/a:debian:debian_linux:libmono-microsoft7.0-cil, p-cpe:/a:debian:debian_linux:libmono-microsoft8.0-cil, p-cpe:/a:debian:debian_linux:libmono-npgsql1.0-cil, p-cpe:/a:debian:debian_linux:libmono-npgsql2.0-cil, p-cpe:/a:debian:debian_linux:libmono-oracle1.0-cil, p-cpe:/a:debian:debian_linux:libmono-oracle2.0-cil, p-cpe:/a:debian:debian_linux:libmono-peapi1.0-cil, p-cpe:/a:debian:debian_linux:libmono-peapi2.0-cil, p-cpe:/a:debian:debian_linux:libmono-posix1.0-cil, p-cpe:/a:debian:debian_linux:libmono-posix2.0-cil, p-cpe:/a:debian:debian_linux:libmono-profiler, p-cpe:/a:debian:debian_linux:libmono-rabbitmq2.0-cil, p-cpe:/a:debian:debian_linux:libmono-relaxng1.0-cil, p-cpe:/a:debian:debian_linux:libmono-relaxng2.0-cil, p-cpe:/a:debian:debian_linux:libmono-security1.0-cil, p-cpe:/a:debian:debian_linux:libmono-security2.0-cil, p-cpe:/a:debian:debian_linux:libmono-sharpzip0.6-cil, p-cpe:/a:debian:debian_linux:libmono-sharpzip0.84-cil, p-cpe:/a:debian:debian_linux:libmono-sharpzip2.6-cil, p-cpe:/a:debian:debian_linux:libmono-sharpzip2.84-cil, p-cpe:/a:debian:debian_linux:libmono-simd2.0-cil, p-cpe:/a:debian:debian_linux:libmono-sqlite1.0-cil, p-cpe:/a:debian:debian_linux:libmono-sqlite2.0-cil, p-cpe:/a:debian:debian_linux:libmono-system-data-linq2.0-cil, p-cpe:/a:debian:debian_linux:libmono-system-data1.0-cil, p-cpe:/a:debian:debian_linux:libmono-system-data2.0-cil, p-cpe:/a:debian:debian_linux:mono-2.0-service, p-cpe:/a:debian:debian_linux:mono-complete, p-cpe:/a:debian:debian_linux:mono-csharp-shell, p-cpe:/a:debian:debian_linux:mono-dbg, p-cpe:/a:debian:debian_linux:mono-devel, p-cpe:/a:debian:debian_linux:mono-gac, p-cpe:/a:debian:debian_linux:mono-gmcs, p-cpe:/a:debian:debian_linux:mono-jay, p-cpe:/a:debian:debian_linux:mono-mcs, p-cpe:/a:debian:debian_linux:mono-mjs, p-cpe:/a:debian:debian_linux:mono-runtime, p-cpe:/a:debian:debian_linux:mono-runtime-dbg, p-cpe:/a:debian:debian_linux:mono-utils, p-cpe:/a:debian:debian_linux:mono-xbuild, p-cpe:/a:debian:debian_linux:monodoc-base, p-cpe:/a:debian:debian_linux:monodoc-manual, p-cpe:/a:debian:debian_linux:prj2make-sharp, cpe:/o:debian:debian_linux:6.0, p-cpe:/a:debian:debian_linux:libmono-system-ldap1.0-cil, p-cpe:/a:debian:debian_linux:libmono-system-ldap2.0-cil, p-cpe:/a:debian:debian_linux:libmono-system-messaging1.0-cil, p-cpe:/a:debian:debian_linux:libmono-system-messaging2.0-cil, p-cpe:/a:debian:debian_linux:libmono-system-runtime1.0-cil, p-cpe:/a:debian:debian_linux:libmono-system-runtime2.0-cil, p-cpe:/a:debian:debian_linux:libmono-system-web-mvc1.0-cil, p-cpe:/a:debian:debian_linux:libmono-system-web-mvc2.0-cil, p-cpe:/a:debian:debian_linux:libmono-system-web1.0-cil
必要的 KB 項目: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l
可被惡意程式利用: true
可輕鬆利用: Exploits are available
修補程式發佈日期: 2015/12/30
參考資訊
CVE: CVE-2009-0689
BID: 35510, 36565, 36851, 37078, 37080, 37687, 37688
CWE: 119