Fedora 9 : mapserver-5.2.2-1.fc9 (2009-3383)

This script is Copyright (C) 2009-2016 Tenable Network Security, Inc.


Synopsis :

The remote Fedora host is missing a security update.

Description :

The releases contain fixes for issues discovered in an audit of the
CGI by a 3rd party (tickets #2939, #2941, #2942, #2943 and #2944). The
issues are detailed at: http://trac.osgeo.org/mapserver/ticket/2939
http://trac.osgeo.org/mapserver/ticket/2941
http://trac.osgeo.org/mapserver/ticket/2942
http://trac.osgeo.org/mapserver/ticket/2943
http://trac.osgeo.org/mapserver/ticket/2944 Also provided is support
for RFC-56 that addresses tightening up the control of access to
mapfiles and templates:
http://mapserver.org/development/rfc/ms-rfc-56.html

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

See also :

http://mapserver.org/development/rfc/ms-rfc-56.html
http://trac.osgeo.org/mapserver/ticket/2939
http://trac.osgeo.org/mapserver/ticket/2941
http://trac.osgeo.org/mapserver/ticket/2942
http://trac.osgeo.org/mapserver/ticket/2943
http://trac.osgeo.org/mapserver/ticket/2944
https://bugzilla.redhat.com/show_bug.cgi?id=493364
http://www.nessus.org/u?51c45a57

Solution :

Update the affected mapserver package.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

Family: Fedora Local Security Checks

Nessus Plugin ID: 36091 (fedora_2009-3383.nasl)

Bugtraq ID:

CVE ID: CVE-2009-0839
CVE-2009-0840
CVE-2009-0841
CVE-2009-0842
CVE-2009-0843
CVE-2009-1176
CVE-2009-1177

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now