FreeBSD : horde-base -- multiple vulnerabilities (ee23aa09-a175-11de-96c0-0011098ad87f)

This script is Copyright (C) 2009-2013 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

The Horde team reports :

An error within the form library when handling image form fields can
be exploited to overwrite arbitrary local files.

An error exists within the MIME Viewer library when rendering unknown
text parts. This can be exploited to execute arbitrary HTML and script
code in a user's browser session in context of an affected site if
malicious data is viewed.

The preferences system does not properly sanitise numeric preference
types. This can be exploited to execute arbitrary HTML and script code
in a user's browser session in contact of an affected site.

See also :

http://bugs.horde.org/ticket/?id=8311
http://bugs.horde.org/ticket/?id=8399
http://www.nessus.org/u?fbcecf00
http://www.nessus.org/u?af5b8467

Solution :

Update the affected package.

Risk factor :

High

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 40979 (freebsd_pkg_ee23aa09a17511de96c00011098ad87f.nasl)

Bugtraq ID:

CVE ID:

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now