FreeBSD : pivot-weblog -- file deletion vulnerability (0fe73a4a-1b18-11de-8226-0030843d3802)

This script is Copyright (C) 2009-2015 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

Secunia reports :

A vulnerability has been discovered in Pivot, which can be exploited
by malicious people to delete certain files.

Input passed to the 'refkey' parameter in
extensions/bbclone_tools/count.php is not properly sanitised before
being used to delete files. This can be exploited to delete files with
the permissions of the web server via directory traversal sequences
passed within the 'refkey' parameter.

NOTE: Users with the 'Advanced' user level are able to include and
execute uploaded PHP code via the 'pivot_path' parameter in
extensions/bbclone_tools/getkey.php when
extensions/bbclone_tools/hr_conf.php can be deleted.

See also :

http://www.nessus.org/u?0010e7e8

Solution :

Update the affected package.

Risk factor :

Medium / CVSS Base Score : 6.4
(CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:P)
CVSS Temporal Score : 5.3
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 36042 (freebsd_pkg_0fe73a4a1b1811de82260030843d3802.nasl)

Bugtraq ID: 34160

CVE ID:

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now