FreeBSD : kronolith -- arbitrary local file inclusion vulnerability (a8af7d70-8007-11db-b280-0008743bf21a)

This script is Copyright (C) 2006-2013 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

iDefense Labs reports :

Remote exploitation of a design error in Horde's Kronolith could allow
an authenticated web mail user to execute arbitrary PHP code under the
security context of the running web server.

The vulnerability specifically exists due to a design error in the way
it includes certain files. Specifically, the 'lib/FBView.php' file
contains a function 'Kronolith_FreeBusy_View::factory' which will
include local files that are supplied via the 'view' HTTP GET request
parameter.

See also :

http://lists.horde.org/archives/announce/2006/000307.html
http://www.nessus.org/u?63e9b5af

Solution :

Update the affected package.

Risk factor :

High

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 23744 (freebsd_pkg_a8af7d70800711dbb2800008743bf21a.nasl)

Bugtraq ID:

CVE ID:

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now