Oracle Solaris Third-Party Patch Update : django (multiple_vulnerabilities_in_django)

critical Nessus Plugin ID 80600

Synopsis

The remote Solaris system is missing a security patch for third-party software.

Description

The remote Solaris system is missing necessary patches to address security updates :

- The django.core.urlresolvers.reverse function in Django before 1.4.11, 1.5.x before 1.5.6, 1.6.x before 1.6.3, and 1.7.x before 1.7 beta 2 allows remote attackers to import and execute arbitrary Python modules by leveraging a view that constructs URLs using user input and a 'dotted Python path.' (CVE-2014-0472)

- The caching framework in Django before 1.4.11, 1.5.x before 1.5.6, 1.6.x before 1.6.3, and 1.7.x before 1.7 beta 2 reuses a cached CSRF token for all anonymous users, which allows remote attackers to bypass CSRF protections by reading the CSRF cookie for anonymous users. (CVE-2014-0473)

- The (1) FilePathField, (2) GenericIPAddressField, and (3) IPAddressField model field classes in Django before 1.4.11, 1.5.x before 1.5.6, 1.6.x before 1.6.3, and 1.7.x before 1.7 beta 2 do not properly perform type conversion, which allows remote attackers to have unspecified impact and vectors, related to 'MySQL typecasting.' (CVE-2014-0474)

Solution

Upgrade to Solaris 11.2.

See Also

http://www.nessus.org/u?4a913f44

http://www.nessus.org/u?d3dc731d

Plugin Details

Severity: Critical

ID: 80600

File Name: solaris11_django_20140731.nasl

Version: 1.4

Type: local

Published: 1/19/2015

Updated: 1/14/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Critical

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/o:oracle:solaris:11.2, p-cpe:/a:oracle:solaris:django

Required KB Items: Host/local_checks_enabled, Host/Solaris11/release, Host/Solaris11/pkg-list

Patch Publication Date: 7/31/2014

Reference Information

CVE: CVE-2014-0472, CVE-2014-0473, CVE-2014-0474