FreeBSD : roundcube -- arbitrary password resets (bce47c89-4d3f-11e7-8080-a4badb2f4699)

This script is Copyright (C) 2017 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

Roundcube reports :

Roundcube Webmail allows arbitrary password resets by authenticated
users. The problem is caused by an improperly restricted exec call in
the virtualmin and sasl drivers of the password plugin.

See also :

http://www.nessus.org/u?6be9ef57
http://www.nessus.org/u?7e9d9aac

Solution :

Update the affected package.

Risk factor :

Medium / CVSS Base Score : 6.5
(CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P)

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 100737 ()

Bugtraq ID:

CVE ID: CVE-2017-8114

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now