Debian DLA-376-1:mono 安全更新

medium Nessus 插件 ID 87682

简介

远程 Debian 主机缺少安全更新。

描述

使用特别构建的输入时,Mono 的字符串至双重解析器可能会崩溃。
理论上这会导致任意代码执行。

此问题已在 Debian 6 Squeeze 的 mono 2.6.7-5.1+deb6u2 版本中修复。建议您升级 mono 程序包。

注意:Tenable Network Security 已直接从 DLA 安全公告中提取上述描述块。Tenable 已尝试在不引入其他问题的情况下尽可能进行了自动整理和排版。

解决方案

升级受影响的程序包。

另见

https://lists.debian.org/debian-lts-announce/2015/12/msg00018.html

https://packages.debian.org/source/squeeze-lts/mono

插件详情

严重性: Medium

ID: 87682

文件名: debian_DLA-376.nasl

版本: 2.8

类型: local

代理: unix

发布时间: 2016/1/4

最近更新时间: 2021/1/11

支持的传感器: Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus

风险信息

VPR

风险因素: Medium

分数: 6.6

CVSS v2

风险因素: Medium

基本分数: 6.8

时间分数: 5.3

矢量: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

漏洞信息

CPE: p-cpe:/a:debian:debian_linux:libmono-system-web2.0-cil, p-cpe:/a:debian:debian_linux:libmono-system1.0-cil, p-cpe:/a:debian:debian_linux:libmono-system2.0-cil, p-cpe:/a:debian:debian_linux:libmono-tasklets2.0-cil, p-cpe:/a:debian:debian_linux:libmono-wcf3.0-cil, p-cpe:/a:debian:debian_linux:libmono-webbrowser0.5-cil, p-cpe:/a:debian:debian_linux:libmono-windowsbase3.0-cil, p-cpe:/a:debian:debian_linux:libmono-winforms1.0-cil, p-cpe:/a:debian:debian_linux:libmono-winforms2.0-cil, p-cpe:/a:debian:debian_linux:libmono0, p-cpe:/a:debian:debian_linux:libmono0-dbg, p-cpe:/a:debian:debian_linux:libmono1.0-cil, p-cpe:/a:debian:debian_linux:libmono2.0-cil, p-cpe:/a:debian:debian_linux:mono-1.0-devel, p-cpe:/a:debian:debian_linux:mono-1.0-gac, p-cpe:/a:debian:debian_linux:mono-1.0-service, p-cpe:/a:debian:debian_linux:mono-2.0-devel, p-cpe:/a:debian:debian_linux:mono-2.0-gac, p-cpe:/a:debian:debian_linux:libmono-accessibility1.0-cil, p-cpe:/a:debian:debian_linux:libmono-accessibility2.0-cil, p-cpe:/a:debian:debian_linux:libmono-bytefx0.7.6.1-cil, p-cpe:/a:debian:debian_linux:libmono-bytefx0.7.6.2-cil, p-cpe:/a:debian:debian_linux:libmono-c5-1.1-cil, p-cpe:/a:debian:debian_linux:libmono-cairo1.0-cil, p-cpe:/a:debian:debian_linux:libmono-cairo2.0-cil, p-cpe:/a:debian:debian_linux:libmono-cecil-private-cil, p-cpe:/a:debian:debian_linux:libmono-cil-dev, p-cpe:/a:debian:debian_linux:libmono-corlib1.0-cil, p-cpe:/a:debian:debian_linux:libmono-corlib2.0-cil, p-cpe:/a:debian:debian_linux:libmono-cscompmgd7.0-cil, p-cpe:/a:debian:debian_linux:libmono-cscompmgd8.0-cil, p-cpe:/a:debian:debian_linux:libmono-data-tds1.0-cil, p-cpe:/a:debian:debian_linux:libmono-data-tds2.0-cil, p-cpe:/a:debian:debian_linux:libmono-data1.0-cil, p-cpe:/a:debian:debian_linux:libmono-data2.0-cil, p-cpe:/a:debian:debian_linux:libmono-db2-1.0-cil, p-cpe:/a:debian:debian_linux:libmono-debugger-soft0.0-cil, p-cpe:/a:debian:debian_linux:libmono-dev, p-cpe:/a:debian:debian_linux:libmono-firebirdsql1.7-cil, p-cpe:/a:debian:debian_linux:libmono-getoptions1.0-cil, p-cpe:/a:debian:debian_linux:libmono-getoptions2.0-cil, p-cpe:/a:debian:debian_linux:libmono-i18n-west1.0-cil, p-cpe:/a:debian:debian_linux:libmono-i18n-west2.0-cil, p-cpe:/a:debian:debian_linux:libmono-i18n1.0-cil, p-cpe:/a:debian:debian_linux:libmono-i18n2.0-cil, p-cpe:/a:debian:debian_linux:libmono-ldap1.0-cil, p-cpe:/a:debian:debian_linux:libmono-ldap2.0-cil, p-cpe:/a:debian:debian_linux:libmono-management2.0-cil, p-cpe:/a:debian:debian_linux:libmono-messaging-rabbitmq2.0-cil, p-cpe:/a:debian:debian_linux:libmono-messaging2.0-cil, p-cpe:/a:debian:debian_linux:libmono-microsoft-build2.0-cil, p-cpe:/a:debian:debian_linux:libmono-microsoft7.0-cil, p-cpe:/a:debian:debian_linux:libmono-microsoft8.0-cil, p-cpe:/a:debian:debian_linux:libmono-npgsql1.0-cil, p-cpe:/a:debian:debian_linux:libmono-npgsql2.0-cil, p-cpe:/a:debian:debian_linux:libmono-oracle1.0-cil, p-cpe:/a:debian:debian_linux:libmono-oracle2.0-cil, p-cpe:/a:debian:debian_linux:libmono-peapi1.0-cil, p-cpe:/a:debian:debian_linux:libmono-peapi2.0-cil, p-cpe:/a:debian:debian_linux:libmono-posix1.0-cil, p-cpe:/a:debian:debian_linux:libmono-posix2.0-cil, p-cpe:/a:debian:debian_linux:libmono-profiler, p-cpe:/a:debian:debian_linux:libmono-rabbitmq2.0-cil, p-cpe:/a:debian:debian_linux:libmono-relaxng1.0-cil, p-cpe:/a:debian:debian_linux:libmono-relaxng2.0-cil, p-cpe:/a:debian:debian_linux:libmono-security1.0-cil, p-cpe:/a:debian:debian_linux:libmono-security2.0-cil, p-cpe:/a:debian:debian_linux:libmono-sharpzip0.6-cil, p-cpe:/a:debian:debian_linux:libmono-sharpzip0.84-cil, p-cpe:/a:debian:debian_linux:libmono-sharpzip2.6-cil, p-cpe:/a:debian:debian_linux:libmono-sharpzip2.84-cil, p-cpe:/a:debian:debian_linux:libmono-simd2.0-cil, p-cpe:/a:debian:debian_linux:libmono-sqlite1.0-cil, p-cpe:/a:debian:debian_linux:libmono-sqlite2.0-cil, p-cpe:/a:debian:debian_linux:libmono-system-data-linq2.0-cil, p-cpe:/a:debian:debian_linux:libmono-system-data1.0-cil, p-cpe:/a:debian:debian_linux:libmono-system-data2.0-cil, p-cpe:/a:debian:debian_linux:mono-2.0-service, p-cpe:/a:debian:debian_linux:mono-complete, p-cpe:/a:debian:debian_linux:mono-csharp-shell, p-cpe:/a:debian:debian_linux:mono-dbg, p-cpe:/a:debian:debian_linux:mono-devel, p-cpe:/a:debian:debian_linux:mono-gac, p-cpe:/a:debian:debian_linux:mono-gmcs, p-cpe:/a:debian:debian_linux:mono-jay, p-cpe:/a:debian:debian_linux:mono-mcs, p-cpe:/a:debian:debian_linux:mono-mjs, p-cpe:/a:debian:debian_linux:mono-runtime, p-cpe:/a:debian:debian_linux:mono-runtime-dbg, p-cpe:/a:debian:debian_linux:mono-utils, p-cpe:/a:debian:debian_linux:mono-xbuild, p-cpe:/a:debian:debian_linux:monodoc-base, p-cpe:/a:debian:debian_linux:monodoc-manual, p-cpe:/a:debian:debian_linux:prj2make-sharp, cpe:/o:debian:debian_linux:6.0, p-cpe:/a:debian:debian_linux:libmono-system-ldap1.0-cil, p-cpe:/a:debian:debian_linux:libmono-system-ldap2.0-cil, p-cpe:/a:debian:debian_linux:libmono-system-messaging1.0-cil, p-cpe:/a:debian:debian_linux:libmono-system-messaging2.0-cil, p-cpe:/a:debian:debian_linux:libmono-system-runtime1.0-cil, p-cpe:/a:debian:debian_linux:libmono-system-runtime2.0-cil, p-cpe:/a:debian:debian_linux:libmono-system-web-mvc1.0-cil, p-cpe:/a:debian:debian_linux:libmono-system-web-mvc2.0-cil, p-cpe:/a:debian:debian_linux:libmono-system-web1.0-cil

必需的 KB 项: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l

可利用: true

易利用性: Exploits are available

补丁发布日期: 2015/12/30

参考资料信息

CVE: CVE-2009-0689

BID: 35510, 36565, 36851, 37078, 37080, 37687, 37688

CWE: 119