FreeBSD : bugzilla -- multiple vulnerabilities (75231c63-f6a2-499d-8e27-787773bda284)

This script is Copyright (C) 2007-2016 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing one or more security-related
updates.

Description :

A Bugzilla Security Advisory reports :

This advisory covers three security issues that have recently been
fixed in the Bugzilla code :

- A possible cross-site scripting (XSS) vulnerability when filing bugs
using the guided form.

- When using email_in.pl, insufficiently escaped data may be passed to
sendmail.

- Users using the WebService interface may access Bugzilla's
time-tracking fields even if they normally cannot see them.

We strongly advise that 2.20.x and 2.22.x users should upgrade to
2.20.5 and 2.22.3 respectively. 3.0 users, and users of 2.18.x or
below, should upgrade to 3.0.1.

See also :

http://www.bugzilla.org/security/2.20.4/
http://www.nessus.org/u?54818d8c

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)
CVSS Temporal Score : 4.1
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 26090 (freebsd_pkg_75231c63f6a2499d8e27787773bda284.nasl)

Bugtraq ID: 25425

CVE ID: CVE-2007-4538
CVE-2007-4539
CVE-2007-4543

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now