FreeBSD : WebCalendar -- 'noSet' variable overwrite vulnerability (72999d57-d6f6-11db-961b-005056847b26)

This script is Copyright (C) 2007-2013 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

Secunia reports :

A vulnerability has been discovered in WebCalendar, which can be
exploited by malicious people to compromise a vulnerable system.

Input passed to unspecified parameters is not properly verified before
being used with the 'noSet' parameter set. This can be exploited to
overwrite certain variables, and allows e.g. the inclusion of
arbitrary PHP files from internal or external resources.

See also :

http://sourceforge.net/project/shownotes.php?release_id=491130
http://xforce.iss.net/xforce/xfdb/32832
http://www.nessus.org/u?cea5ce45

Solution :

Update the affected package.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 6.2
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 25016 (freebsd_pkg_72999d57d6f611db961b005056847b26.nasl)

Bugtraq ID: 22834

CVE ID: CVE-2007-1343

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now