Mandriva Update For Mono MDVSA-2008:210 (mono) Network Vulnerability

Solution

Please Install the Updated Packages.

Insight

CRLF injection vulnerability in Sys.Web in Mono 2.0 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the query string. The updated packages have been patched to fix the issue.

Affected

mono on Mandriva Linux 2007.1, Mandriva Linux 2007.1/X86_64, Mandriva Linux 2008.0, Mandriva Linux 2008.0/X86_64, Mandriva Linux 2008.1, Mandriva Linux 2008.1/X86_64

Severity

Classification

CVE CVE-2008-3906

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Mandrake Security Advisory MDVSA-2009:039 (gedit)
Mandrake Security Advisory MDVSA-2009:011 (virtualbox)
Mandrake Security Advisory MDVSA-2009:079 (postgresql)
Mandrake Security Advisory MDVSA-2009:174 (perl-Compress-Raw-Zlib)
Mandrake Security Advisory MDVSA-2009:102 (apache)

Mandriva Update for mono MDVSA-2008:210 (mono)

Take action and discover your vulnerabilities