FreeBSD : PivotX -- administrator password reset vulnerability (ae0e5835-3cad-11e0-b654-00215c6a37bb)

This script is Copyright (C) 2011-2013 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

US CERT reports :

PivotX contains a vulnerability that allows an attacker to change the
password of any account just by guessing the username. Version 2.2.4
has been reported to not be affected. This vulnerability is being
exploited in the wild and users should immediately upgrade to 2.2.5 or
later. Mitigation steps for users that have been compromised have been
posted to the PivotX Support Community.

See also :

http://www.nessus.org/u?8bb09cbe

Solution :

Update the affected package.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 52038 ()

Bugtraq ID:

CVE ID: CVE-2011-1035

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now