FreeBSD : dokuwiki -- multiple privilege escalation vulnerabilities (7580f00e-280c-11e0-b7c8-00215c6a37bb)

This script is Copyright (C) 2011-2013 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

Dokuwiki reports :

This security update fixes problems in the XMLRPC interface where ACLs
where not checked correctly sometimes, making it possible to access
and write information that should not have been accessible/writable.
This only affects users who have enabled the XMLRPC interface (default
is off) and have enabled XMLRPC access for users who can't
access/write all content anyway (default is nobody, see
http://www.dokuwiki.org/config:xmlrpcuser for details).

This update also includes a fix for a problem in the general ACL
checking function that could be exploited to gain access to restricted
pages and media files in rare conditions (when you had rights for an
id you could get the same rights on ids where one character has been
replaced by a '.').

See also :

http://bugs.dokuwiki.org/index.php?do=details&task_id=2136
http://www.nessus.org/u?45b4f66b

Solution :

Update the affected package.

Risk factor :

High

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 51666 ()

Bugtraq ID:

CVE ID:

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now