Debian DSA-1209-2 : trac - cross-site request forgery

high Nessus Plugin ID 23658

Synopsis

The remote Debian host is missing a security-related update.

Description

It was discovered that Trac, a wiki and issue tracking system for software development projects, performs insufficient validation against cross-site request forgery, which might lead to an attacker being able to perform manipulation of a Trac site with the privileges of the attacked Trac user.

Solution

Upgrade the trac package.

For the stable distribution (sarge) this problem has been fixed in version 0.8.1-3sarge7.

See Also

http://www.debian.org/security/2006/dsa-1209

Plugin Details

Severity: High

ID: 23658

File Name: debian_DSA-1209.nasl

Version: 1.15

Type: local

Agent: unix

Published: 11/20/2006

Updated: 1/4/2021

Supported Sensors: Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus

Vulnerability Information

CPE: p-cpe:/a:debian:debian_linux:trac, cpe:/o:debian:debian_linux:3.1

Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l

Vulnerability Publication Date: 11/1/2006

Reference Information

DSA: 1209