FreeBSD : sql-ledger -- multiple vulnerabilities (0679deeb-8eaf-11db-abc9-0003476f14d3)

This script is Copyright (C) 2006-2013 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

The Debian security Team reports :

Several remote vulnerabilities have been discovered in SQL Ledger, a
web-based double-entry accounting program, which may lead to the
execution of arbitrary code. The Common Vulnerabilities and Exposures
project identifies the following problems :

Chris Travers discovered that the session management can be tricked
into hijacking existing sessions.

Chris Travers discovered that directory traversal vulnerabilities can
be exploited to execute arbitrary Perl code.

It was discovered that missing input sanitising allows execution of
arbitrary Perl code.

See also :

http://www.nessus.org/u?25e1e625

Solution :

Update the affected package.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 23950 (freebsd_pkg_0679deeb8eaf11dbabc90003476f14d3.nasl)

Bugtraq ID:

CVE ID: CVE-2006-4244
CVE-2006-4731
CVE-2006-5872

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now