Fedora 8 : adminutil-1.1.7-1.fc8 (2008-7642)

This script is Copyright (C) 2008-2016 Tenable Network Security, Inc.


Synopsis :

The remote Fedora host is missing a security update.

Description :

Fixes these bugs: - CVE-2008-2928 - buffer overflow in Accept-Language
parsing 413531 Web browser accepted languages configuration causes
dsgw CGI binaries to segfault - improved fix for CVE-2008-2929 XSS
issues (originally addressed in 1.1.6), that does not introduce heap
overflow in parsing %-encoded inputs (CVE-2008-2932) 245248 dsgw
doesn't escape filename in error message 454060 ViewLog CGI crash with
new adminutil 1.1.6

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

See also :

https://bugzilla.redhat.com/show_bug.cgi?id=453916
https://bugzilla.redhat.com/show_bug.cgi?id=454621
https://bugzilla.redhat.com/show_bug.cgi?id=454662
http://www.nessus.org/u?7a46458b

Solution :

Update the affected adminutil package.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.7
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

Family: Fedora Local Security Checks

Nessus Plugin ID: 34139 (fedora_2008-7642.nasl)

Bugtraq ID: 30870

CVE ID: CVE-2008-2928
CVE-2008-2929
CVE-2008-2932

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now