Fedora 10 : drupal-service_links-6.x.1.0-5.fc10 (2009-10445)

This script is Copyright (C) 2009-2015 Tenable Network Security, Inc.


Synopsis :

The remote Fedora host is missing a security update.

Description :

Common Vulnerabilities and Exposures assigned an identifier
CVE-2009-3648 to the following vulnerability: Name: CVE-2009-3648 URL:
http://cve.mitre.org /cgi-bin/cvename.cgi?name=CVE-2009-3648 Assigned:
20091009 Reference: MISC: http://www.madirish.net/?article=251
Reference: BID:36584 Reference: URL:
http://www.securityfocus.com/bid/36584 Reference:
XF:servicelinks-content-type- xss(53633) Reference: URL:
http://xforce.iss.net/xforce/xfdb/53633 Cross- site scripting (XSS)
vulnerability in Service Links 6.x-1.0, a module for Drupal, allows
remote authenticated users, with 'administer content types'
permissions, to inject arbitrary web script or HTML via unspecified
vectors when displaying content type names. Checked
drupal-service_links in CVS and this affects Fedora 10, 11, and
rawhide.

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

See also :

http://cve.mitre.org
http://www.madirish.net/?article=251
http://www.securityfocus.com/bid/36584
http://xforce.iss.net/xforce/xfdb/53633
https://bugzilla.redhat.com/show_bug.cgi?id=528200
http://www.nessus.org/u?62b0e7ac

Solution :

Update the affected drupal-service_links package.

Risk factor :

Low / CVSS Base Score : 3.5
(CVSS2#AV:N/AC:M/Au:S/C:N/I:P/A:N)
CVSS Temporal Score : 3.0
(CVSS2#E:ND/RL:OF/RC:ND)
Public Exploit Available : true

Family: Fedora Local Security Checks

Nessus Plugin ID: 42126 (fedora_2009-10445.nasl)

Bugtraq ID: 36584

CVE ID: CVE-2009-3648

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now