FreeBSD : twiki -- multiple file extensions file upload vulnerability (a876df84-0fef-11db-ac96-000c6ec775d9)

This script is Copyright (C) 2006-2013 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

A TWiki Security Alert reports :

The TWiki upload filter already prevents executable scripts such as
.php, .php1, .phps, .pl from potentially getting executed by appending
a .txt suffix to the uploaded filename. However, PHP and some other
types allows additional file suffixes, such as .php.en, .php.1, and
.php.2. TWiki does not check for these suffixes, e.g. it is possible
to upload php scripts with such suffixes without the .txt filename
padding.

This issue can also be worked around with a restrictive web server
configuration. See the

TWiki Security Alert for more information about how to do this.

See also :

http://twiki.org/cgi-bin/view/Codev/SecurityAlertSecureFileUploads
http://www.nessus.org/u?873303ae

Solution :

Update the affected package.

Risk factor :

Medium / CVSS Base Score : 4.0
(CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:N)
CVSS Temporal Score : 3.3
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 22007 (freebsd_pkg_a876df840fef11dbac96000c6ec775d9.nasl)

Bugtraq ID: 18854

CVE ID: CVE-2006-3336

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now