CVE-2014-0166
CVSS6.4
发布时间 :2014-04-09 20:55:09
修订时间 :2017-12-15 21:29:03
NMCP    

[原文]The wp_validate_auth_cookie function in wp-includes/pluggable.php in WordPress before 3.7.2 and 3.8.x before 3.8.2 does not properly determine the validity of authentication cookies, which makes it easier for remote attackers to obtain access via a forged cookie.


[CNNVD]WordPress 授权问题漏洞(CNNVD-201404-111)

        

WordPress是WordPress软件基金会的一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。

WordPress 3.7.1及之前版本和3.8.2之前的3.8.x版本的wp-includes/pluggable.php文件中的‘wp_validate_auth_cookie’函数存在授权问题漏洞,该漏洞源于程序没有正确验证授权Cookies的有效性。远程攻击者可借助伪造的Cookies利用该漏洞获取访问权限。

- CVSS (基础分值)

CVSS分值: 6.4 [中等(MEDIUM)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: NONE [对系统可用性无影响]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: NETWORK [攻击者不需要获取内网访问权或本地访问权]
身份认证: NONE [漏洞利用无需身份认证]

- CWE (弱点类目)

CWE-287 [认证机制不恰当]

- CPE (受影响的平台与产品)

cpe:/a:wordpress:wordpress:0.71WordPress 0.71
cpe:/a:wordpress:wordpress:1.0WordPress 1.0
cpe:/a:wordpress:wordpress:1.0.1WordPress 1.0.1
cpe:/a:wordpress:wordpress:1.0.2WordPress 1.0.2
cpe:/a:wordpress:wordpress:1.1.1WordPress 1.1.1
cpe:/a:wordpress:wordpress:1.2WordPress 1.2
cpe:/a:wordpress:wordpress:1.2.1WordPress 1.2.1
cpe:/a:wordpress:wordpress:1.2.2WordPress 1.2.2
cpe:/a:wordpress:wordpress:1.2.3WordPress 1.2.3
cpe:/a:wordpress:wordpress:1.2.4WordPress 1.2.4
cpe:/a:wordpress:wordpress:1.2.5WordPress 1.2.5
cpe:/a:wordpress:wordpress:1.2.5:aWordPress 1.2.5:a
cpe:/a:wordpress:wordpress:1.3WordPress 1.3
cpe:/a:wordpress:wordpress:1.3.2WordPress 1.3.2
cpe:/a:wordpress:wordpress:1.3.3WordPress 1.3.3
cpe:/a:wordpress:wordpress:1.5WordPress 1.5
cpe:/a:wordpress:wordpress:1.5.1WordPress 1.5.1
cpe:/a:wordpress:wordpress:1.5.1.1WordPress 1.5.1.1
cpe:/a:wordpress:wordpress:1.5.1.2WordPress 1.5.1.2
cpe:/a:wordpress:wordpress:1.5.1.3WordPress 1.5.1.3
cpe:/a:wordpress:wordpress:1.5.2WordPress 1.5.2
cpe:/a:wordpress:wordpress:1.6.2WordPress 1.6.2
cpe:/a:wordpress:wordpress:2.0WordPress 2.0
cpe:/a:wordpress:wordpress:2.0.1WordPress 2.0.1
cpe:/a:wordpress:wordpress:2.0.2WordPress 2.0.2
cpe:/a:wordpress:wordpress:2.0.4WordPress 2.0.4
cpe:/a:wordpress:wordpress:2.0.5WordPress 2.0.5
cpe:/a:wordpress:wordpress:2.0.6WordPress 2.0.6
cpe:/a:wordpress:wordpress:2.0.7WordPress 2.0.7
cpe:/a:wordpress:wordpress:2.0.8WordPress 2.0.8
cpe:/a:wordpress:wordpress:2.0.9WordPress 2.0.9
cpe:/a:wordpress:wordpress:2.0.10WordPress 2.0.10
cpe:/a:wordpress:wordpress:2.0.11WordPress 2.0.11
cpe:/a:wordpress:wordpress:2.1WordPress 2.1
cpe:/a:wordpress:wordpress:2.1.1WordPress 2.1.1
cpe:/a:wordpress:wordpress:2.1.2WordPress 2.1.2
cpe:/a:wordpress:wordpress:2.1.3WordPress 2.1.3
cpe:/a:wordpress:wordpress:2.2WordPress 2.2
cpe:/a:wordpress:wordpress:2.2.1WordPress 2.2.1
cpe:/a:wordpress:wordpress:2.2.2WordPress 2.2.2
cpe:/a:wordpress:wordpress:2.2.3WordPress 2.2.3
cpe:/a:wordpress:wordpress:2.3WordPress 2.3
cpe:/a:wordpress:wordpress:2.3.1WordPress 2.3.1
cpe:/a:wordpress:wordpress:2.3.2WordPress 2.3.2
cpe:/a:wordpress:wordpress:2.3.3WordPress 2.3.3
cpe:/a:wordpress:wordpress:2.5WordPress 2.5
cpe:/a:wordpress:wordpress:2.5.1WordPress 2.5.1
cpe:/a:wordpress:wordpress:2.6WordPress 2.6
cpe:/a:wordpress:wordpress:2.6.1WordPress 2.6.1
cpe:/a:wordpress:wordpress:2.6.2WordPress 2.6.2
cpe:/a:wordpress:wordpress:2.6.3WordPress 2.6.3
cpe:/a:wordpress:wordpress:2.6.5WordPress 2.6.5
cpe:/a:wordpress:wordpress:2.7WordPress 2.7
cpe:/a:wordpress:wordpress:2.7.1WordPress 2.7.1
cpe:/a:wordpress:wordpress:2.8WordPress 2.8
cpe:/a:wordpress:wordpress:2.8.1WordPress 2.8.1
cpe:/a:wordpress:wordpress:2.8.2WordPress 2.8.2
cpe:/a:wordpress:wordpress:2.8.3WordPress 2.8.3
cpe:/a:wordpress:wordpress:2.8.4WordPress 2.8.4
cpe:/a:wordpress:wordpress:2.8.4:aWordPress 2.8.4:a
cpe:/a:wordpress:wordpress:2.8.5WordPress 2.8.5
cpe:/a:wordpress:wordpress:2.8.5.1WordPress 2.8.5.1
cpe:/a:wordpress:wordpress:2.8.5.2WordPress 2.8.5.2
cpe:/a:wordpress:wordpress:2.8.6WordPress 2.8.6
cpe:/a:wordpress:wordpress:2.9WordPress 2.9
cpe:/a:wordpress:wordpress:2.9.1WordPress 2.9.1
cpe:/a:wordpress:wordpress:2.9.1.1WordPress 2.9.1.1
cpe:/a:wordpress:wordpress:2.9.2WordPress 2.9.2
cpe:/a:wordpress:wordpress:3.0WordPress 3.0
cpe:/a:wordpress:wordpress:3.0.1WordPress 3.0.1
cpe:/a:wordpress:wordpress:3.0.2WordPress 3.0.2
cpe:/a:wordpress:wordpress:3.0.3WordPress 3.0.3
cpe:/a:wordpress:wordpress:3.0.4WordPress 3.0.4
cpe:/a:wordpress:wordpress:3.0.5WordPress 3.0.5
cpe:/a:wordpress:wordpress:3.0.6WordPress 3.0.6
cpe:/a:wordpress:wordpress:3.1WordPress 3.1
cpe:/a:wordpress:wordpress:3.1.1WordPress 3.1.1
cpe:/a:wordpress:wordpress:3.1.2WordPress 3.1.2
cpe:/a:wordpress:wordpress:3.1.3WordPress 3.1.3
cpe:/a:wordpress:wordpress:3.1.4WordPress 3.1.4
cpe:/a:wordpress:wordpress:3.2WordPress 3.2
cpe:/a:wordpress:wordpress:3.2:beta1WordPress 3.2 Beta 1
cpe:/a:wordpress:wordpress:3.2.1WordPress 3.2.1
cpe:/a:wordpress:wordpress:3.3WordPress 3.3
cpe:/a:wordpress:wordpress:3.3.1WordPress 3.3.1
cpe:/a:wordpress:wordpress:3.3.2WordPress 3.3.2
cpe:/a:wordpress:wordpress:3.3.3WordPress 3.3.3
cpe:/a:wordpress:wordpress:3.4.0WordPress 3.4.0
cpe:/a:wordpress:wordpress:3.4.1WordPress 3.4.1
cpe:/a:wordpress:wordpress:3.4.2WordPress 3.4.2
cpe:/a:wordpress:wordpress:3.5.0WordPress 3.5.0
cpe:/a:wordpress:wordpress:3.5.1WordPress 3.5.1
cpe:/a:wordpress:wordpress:3.6
cpe:/a:wordpress:wordpress:3.6.1
cpe:/a:wordpress:wordpress:3.7
cpe:/a:wordpress:wordpress:3.7.1
cpe:/a:wordpress:wordpress:3.8
cpe:/a:wordpress:wordpress:3.8.1

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0166
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0166
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-201404-111
(官方数据源) CNNVD

- 其它链接及资源

http://codex.wordpress.org/Version_3.7.2
(VENDOR_ADVISORY)  CONFIRM  http://codex.wordpress.org/Version_3.7.2
http://codex.wordpress.org/Version_3.8.2
(VENDOR_ADVISORY)  CONFIRM  http://codex.wordpress.org/Version_3.8.2
http://core.trac.wordpress.org/changeset/28054
(UNKNOWN)  CONFIRM  http://core.trac.wordpress.org/changeset/28054
http://www.debian.org/security/2014/dsa-2901
(UNKNOWN)  DEBIAN  DSA-2901
https://bugzilla.redhat.com/show_bug.cgi?id=1085858
(UNKNOWN)  CONFIRM  https://bugzilla.redhat.com/show_bug.cgi?id=1085858

- 漏洞信息

WordPress 授权问题漏洞
中危 授权问题
2014-04-11 00:00:00 2014-04-11 00:00:00
远程  
        

WordPress是WordPress软件基金会的一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。

WordPress 3.7.1及之前版本和3.8.2之前的3.8.x版本的wp-includes/pluggable.php文件中的‘wp_validate_auth_cookie’函数存在授权问题漏洞,该漏洞源于程序没有正确验证授权Cookies的有效性。远程攻击者可借助伪造的Cookies利用该漏洞获取访问权限。

- 公告与补丁

        目前厂商已经发布了升级补丁以修复此安全问题,补丁获取链接:
        http://codex.wordpress.org/Version_3.7.2
        http://codex.wordpress.org/Version_3.8.2

- 漏洞信息 (F126159)

Debian Security Advisory 2901-1 (PacketStormID:F126159)
2014-04-15 00:00:00
Debian  debian.org
advisory,web,vulnerability
linux,debian
CVE-2014-0165,CVE-2014-0166
[点击下载]

Debian Linux Security Advisory 2901-1 - Several vulnerabilities were discovered in Wordpress, a web blogging tool.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-2901-1                   security@debian.org
http://www.debian.org/security/                      Salvatore Bonaccorso
April 12, 2014                         http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : wordpress
CVE ID         : CVE-2014-0165 CVE-2014-0166
Debian Bug     : 744018

Several vulnerabilities were discovered in Wordpress, a web blogging
tool. The Common Vulnerabilities and Exposures project identifies the
following problems:

CVE-2014-0165

    A user with a contributor role, using a specially crafted
    request, can publish posts, which is reserved for users of the
    next-higher role.

CVE-2014-0166

    Jon Cave of the WordPress security team discovered that the
    wp_validate_auth_cookie function in wp-includes/pluggable.php does
    not properly determine the validity of authentication cookies,
    allowing a remote attacker to obtain access via a forged cookie.

For the oldstable distribution (squeeze), these problems have been fixed
in version 3.6.1+dfsg-1~deb6u2.

For the stable distribution (wheezy), these problems have been fixed in
version 3.6.1+dfsg-1~deb7u2.

For the testing distribution (jessie), these problems have been fixed in
version 3.8.2+dfsg-1.

For the unstable distribution (sid), these problems have been fixed in
version 3.8.2+dfsg-1.

We recommend that you upgrade your wordpress packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJTSaAGAAoJEAVMuPMTQ89E16kP/1qPSwTsXOAOcRW0si9TILJQ
dJfqgQNhaUom4c0Z1+OtGVV7i0APlznGFCK2xX3KVyAGP9OWKbc+jiYAkGYmMskh
5+Vk4La4g8qrDQjc3D82q+dW8KgO8oPPCVX6nF5FpPcliMykCs6Zlx+XcGtgBmTM
EnRs2fIA2dVWI/N1gV8+yOrYoU4ixUfWqUdI1qgn5r310JN0pVVYLPD/rwjUmj3w
/m2qM35tK0+cpSpPbN+P0KJSucVGRVvZKsMIJF+lbD9jM59Ig2GWgLFIti76C7Sz
D1kLb9lCUBFB/5qvRa76ljYLG/U1tQHNP8QqDddohHxm+nmyT6lMvFhYOH+TJBh/
Y6xFPaZLsLwQmz2T6z355C8itJhhdclU1gRmnNHHBCWe1LtJi52x8sLhotkSbN6T
nD/K6iv/gwOal4jgHjeLo9vkepbOWI6cZ3uZpxnZScfTS383LIFJ8DijCEnu5FPx
BJAb7HtQyYjCM5BJjzy0bP6b/EyHR49iuQ+WIAFhgiBkBqBON2q+ipGMgPs7EJBN
mc1TfO9IYBBJJYbep4UDho4wOYhzR6308PBm5kRWd6E7D+K5otJkKIsL76iTHDSc
846Mo9bi55jrRHSCMHwzqTKp1bj4PTsAlY//bYTevyye6zSfDxok6951k0qVMFSA
SV9zn6ftutk6v9J25cpr
=ewsD
-----END PGP SIGNATURE-----
    

- 漏洞信息 (F126233)

Debian Security Advisory 2901-3 (PacketStormID:F126233)
2014-04-21 00:00:00
Debian  debian.org
advisory
linux,debian
CVE-2014-0165,CVE-2014-0166
[点击下载]

Debian Linux Security Advisory 2901-3 - The update of wordpress in DSA-2901-2 introduced a wrong versioned dependency on libjs-cropper, making the package uninstallable in the oldstable distribution (squeeze). This update corrects that problem.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-2901-3                   security@debian.org
http://www.debian.org/security/                      Salvatore Bonaccorso
April 21, 2014                         http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : wordpress
CVE ID         : CVE-2014-0165 CVE-2014-0166
Debian Bug     : 744018

The update of wordpress in DSA-2901-2 introduced a wrong versioned
dependency on libjs-cropper, making the package uninstallable in the
oldstable distribution (squeeze). This update corrects that problem.

For reference the original advisory text follows.

Several vulnerabilities were discovered in Wordpress, a web blogging
tool. The Common Vulnerabilities and Exposures project identifies the
following problems:

CVE-2014-0165

    A user with a contributor role, using a specially crafted
    request, can publish posts, which is reserved for users of the
    next-higher role.

CVE-2014-0166

    Jon Cave of the WordPress security team discovered that the
    wp_validate_auth_cookie function in wp-includes/pluggable.php does
    not properly determine the validity of authentication cookies,
    allowing a remote attacker to obtain access via a forged cookie.

For the oldstable distribution (squeeze), this problem has been fixed
in version 3.6.1+dfsg-1~deb6u4.

We recommend that you upgrade your wordpress packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJTVLUPAAoJEAVMuPMTQ89EqdwP/3ayqSSOrZAYJSJO4U39wvUz
+H9BnPCkXQmqB0jL1nh8VjDC6lm9FFcK+Nm04Kd2Ema1S2pjnmfj/rZ4ektKc2Bx
4gXX7NjfAGUt+cl+9Wl8KdUJ1a+N7jLkkRxNxEItQ9cradxMbsAHZl7+oLBcAjW2
l4Mj6eya8amumDHfVbe7a/+4ex1t6Jslk0EQPCRsDOrbXPHtctvzfX8LxBtfY/XH
/ZZhXW6VsGKaZ2AfuM+tilYbPjTMqdvnCL6YrfiGStftdvlywELJw7Hnb1x9p83A
E2FGcRsjCVuy2R5zvOcPIqJJG853t8wdRe3z+xfV/tONzUnuywa1GRm/c284d+Yx
Gs8nW8+dtujIwSeGdubLwEOBc7HHvhk4/UPQpc3T6ricaupp2k42oLhB5kP3D2e9
fwNTFjULFVzrf7kfA8imroOkOPI5C57UMOTHrjdjzlPFAQC2DiUJx2UTtz/i42Ck
HOay7x/0DSe5NrENdrVwZ558Z4PW8NBvrBPOrAXeJhdVzelfbpESaJoiM/lhUm0f
T0o8H6dESm6rUlhxLxZoowTtOzg/qeduSdU7mhSGYhKYLplMv5kCGCak3z23UVGK
CLWJsKVEf8lxOn/Rzd5z8o/wqrWqLf0uRF0xQrqCCzyplV9cZXNOz/oaIu64Ajo4
r5vIZoPqbIGSopbSOae2
=bnMQ
-----END PGP SIGNATURE-----
    

- 漏洞信息 (F126231)

Debian Security Advisory 2901-2 (PacketStormID:F126231)
2014-04-21 00:00:00
Debian  debian.org
advisory
linux,debian
CVE-2014-0165,CVE-2014-0166
[点击下载]

Debian Linux Security Advisory 2901-2 - The update for wordpress in DSA 2901 caused a regression in the Quick Drafts functionality. This update corrects that problem.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- -------------------------------------------------------------------------
Debian Security Advisory DSA-2901-2                   security@debian.org
http://www.debian.org/security/                           Thijs Kinkhorst
April 18, 2014                         http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : wordpress
CVE ID         : CVE-2014-0165 CVE-2014-0166
Debian Bug     : 744018

The update for wordpress in DSA 2901 caused a regression in the Quick
Drafts functionality. This update corrects that problem. For reference,
the original advisory text follows.

Several vulnerabilities were discovered in Wordpress, a web blogging
tool. The Common Vulnerabilities and Exposures project identifies the
following problems:

CVE-2014-0165

    A user with a contributor role, using a specially crafted
    request, can publish posts, which is reserved for users of the
    next-higher role.

CVE-2014-0166

    Jon Cave of the WordPress security team discovered that the
    wp_validate_auth_cookie function in wp-includes/pluggable.php does
    not properly determine the validity of authentication cookies,
    allowing a remote attacker to obtain access via a forged cookie.

For the oldstable distribution (squeeze), these problems have been fixed
in version 3.6.1+dfsg-1~deb6u3.

For the stable distribution (wheezy), these problems have been fixed in
version 3.6.1+dfsg-1~deb7u3.

For the unstable distribution (sid), these problems have been fixed in
version 3.8.3+dfsg-1.

We recommend that you upgrade your wordpress packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQEcBAEBAgAGBQJTUUW5AAoJEFb2GnlAHawEJ8IH/iOlbJYZl8Un7volzShJF8Mu
f4lLCVo9BpuR2XNisCUeqfvTWz6aklTX4hFNipff2m5XsbdgMcn9Pl1T/TnuCAln
TKNNSEy4dV86+kloq1Pu1ITPr3op1eBb4gzvzyOP4NuyBuQi2mihM9NqrrY93B4C
KgAndcQbuJ9EirquxS1qXH64cfUYjn20fhdy1jXVGPWg3wrBeyvyzRX+s9l3f2Il
f56w5EBVm7KIyxBmIkM0dILqhKKXofIzz9vj1U87+5Ot0UV/9ECDG0t6jFn+w8bV
hbC6wvzYjYeyQIzSXMee+Colu2IDuFDPLHcMmAEmOzZoXVwDB+jv0Vt3FpyatYU=
=oBlW
-----END PGP SIGNATURE-----
    

- 漏洞信息 (F126665)

Mandriva Linux Security Advisory 2014-103 (PacketStormID:F126665)
2014-05-19 00:00:00
Mandriva  mandriva.com
advisory,remote,php,vulnerability
linux,mandriva
CVE-2014-0165,CVE-2014-0166
[点击下载]

Mandriva Linux Security Advisory 2014-103 - Multiple vulnerabilities have been discovered and corrected in WordPress before 3.7.2 and 3.8.x before 3.8.2 allows remote authenticated users to publish posts by leveraging the Contributor role, related to wp-admin/includes/post.php and wp-admin/includes/class-wp-posts-list-table.php. The wp_validate_auth_cookie function in wp-includes/pluggable.php in WordPress before 3.7.2 and 3.8.x before 3.8.2 does not properly determine the validity of authentication cookies, which makes it easier for remote attackers to obtain access via a forged cookie. The updated packages have been patched to correct these issues.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2014:103
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : wordpress
 Date    : May 16, 2014
 Affected: Business Server 1.0
 _______________________________________________________________________

 Problem Description:

 Multiple vulnerabilities has been discovered and corrected in
 wordpress:
 
 WordPress before 3.7.2 and 3.8.x before 3.8.2 allows remote
 authenticated users to publish posts by leveraging the
 Contributor role, related to wp-admin/includes/post.php and
 wp-admin/includes/class-wp-posts-list-table.php (CVE-2014-0165).
 
 The wp_validate_auth_cookie function in wp-includes/pluggable.php
 in WordPress before 3.7.2 and 3.8.x before 3.8.2 does not properly
 determine the validity of authentication cookies, which makes it
 easier for remote attackers to obtain access via a forged cookie
 (CVE-2014-0166).
 
 The updated packages have been patched to correct these issues.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0165
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0166
 _______________________________________________________________________

 Updated Packages:

 Mandriva Business Server 1/X86_64:
 3de56437b02fb5220b3d127e8361c39b  mbs1/x86_64/wordpress-3.6.1-1.1.mbs1.noarch.rpm 
 ac6b0d39c7a95bcf40d799e64516e101  mbs1/SRPMS/wordpress-3.6.1-1.1.mbs1.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/en/support/security/advisories/

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iD8DBQFTdipzmqjQ0CJFipgRAvULAJoD2sPtf65tuMG7FLPEgUXPU7BriwCgvea/
FlUwe0Pz/Jia93drgLl8oEg=
=RKuz
-----END PGP SIGNATURE-----
    
 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站