FreeBSD : dokuwiki -- multiple vulnerabilities (fcba5764-506a-11db-a5ae-00508d6a62df)

This script is Copyright (C) 2006-2013 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing one or more security-related
updates.

Description :

Secunia reports :

rgod has discovered a vulnerability in DokuWiki, which can be
exploited by malicious people to compromise a vulnerable system.

Input passed to the 'TARGET_FN' parameter in bin/dwpage.php is not
properly sanitised before being used to copy files. This can be
exploited via directory traversal attacks in combination with
DokuWiki's file upload feature to execute arbitrary PHP code.

CVE Mitre reports :

Direct static code injection vulnerability in doku.php in DokuWiki
before 2006-03-09c allows remote attackers to execute arbitrary PHP
code via the X-FORWARDED-FOR HTTP header, which is stored in
config.php.

Unrestricted file upload vulnerability in lib/exe/media.php in
DokuWiki before 2006-03-09c allows remote attackers to upload
executable files into the data/media folder via unspecified vectors.

DokuWiki before 2006-03-09c enables the debug feature by default,
which allows remote attackers to obtain sensitive information by
calling doku.php with the X-DOKUWIKI-DO HTTP header set to 'debug'.

See also :

http://bugs.splitbrain.org/index.php?do=details&id=906
http://www.nessus.org/u?4fd04e06

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 7.1
(CVSS2#E:F/RL:U/RC:C)
Public Exploit Available : true

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 22492 (freebsd_pkg_fcba5764506a11dba5ae00508d6a62df.nasl)

Bugtraq ID: 19911

CVE ID: CVE-2006-4674
CVE-2006-4675
CVE-2006-4679

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now