FreeBSD : bugzilla -- information leak (696053c6-0f50-11df-a628-001517351c22)

This script is Copyright (C) 2010-2013 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

A Bugzilla Security Advisory reports :

When moving a bug from one product to another, an intermediate page is
displayed letting you select the groups the bug should be restricted
to in the new product. However, a regression in the 3.4.x series made
it ignore all groups which are not available in both products. As a
workaround, you had to move the bug to the new product first and then
restrict it to the desired groups, in two distinct steps, which could
make the bug temporarily public.

See also :

http://www.bugzilla.org/security/3.0.10/
http://www.nessus.org/u?b719e0cf

Solution :

Update the affected package.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 44346 (freebsd_pkg_696053c60f5011dfa628001517351c22.nasl)

Bugtraq ID:

CVE ID: CVE-2009-3387

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now