FreeBSD : drupal -- multiple vulnerabilities (40a0185f-ec32-11da-be02-000c6ec775d9)

This script is Copyright (C) 2006-2013 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

The Drupal team reports :

Vulnerability: SQL injection

A security vulnerability in the database layer allowed certain queries
to be submitted to the database without going through Drupal's query
sanitizer.

Vulnerability: Execution of arbitrary files

Certain -- alas, typical -- configurations of Apache allows execution
of carefully named arbitrary scripts in the files directory. Drupal
now will attempt to automatically create a .htaccess file in your
'files' directory to protect you.

See also :

http://drupal.org/node/65357
http://drupal.org/node/65409
http://www.nessus.org/u?2e185138

Solution :

Update the affected package.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 21647 (freebsd_pkg_40a0185fec3211dabe02000c6ec775d9.nasl)

Bugtraq ID:

CVE ID: CVE-2006-2742
CVE-2006-2743

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now