FreeBSD : moinmoin -- wrong processing of group membership (4f99e2ef-f725-11e1-8bd8-0022156e8794)

This script is Copyright (C) 2012-2013 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

MoinMoin developers report :

If you have group NAMES containing 'All' or 'Known' or 'Trusted', they
behaved wrong until now (they erroneously included All/Known/Trusted
users even if you did not list them as members), but will start
working correctly with this changeset.

E.g. AllFriendsGroup :

- JoeDoe

AllFriendsGroup will now (correctly) include only JoeDoe. It
(erroneously) contained all users (including JoeDoe) before.

E.g. MyTrustedFriendsGroup :

- JoeDoe

MyTrustedFriendsGroup will now (correctly) include only JoeDoe. It
(erroneously) contained all trusted users and JoeDoe before.

See also :

http://hg.moinmo.in/moin/1.9/rev/7b9f39289e16
http://www.nessus.org/u?c6a36684

Solution :

Update the affected package.

Risk factor :

Medium / CVSS Base Score : 6.0
(CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P)

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 61781 ()

Bugtraq ID:

CVE ID: CVE-2012-4404

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now