This script is Copyright (C) 2012-2013 Tenable Network Security, Inc.
The remote FreeBSD host is missing one or more security-related
BestPractical report :
All versions of RT are vulnerable to an email header injection attack.
Users with ModifySelf or AdminUser can cause RT to add arbitrary
headers or content to outgoing mail. Depending on the scrips that are
configured, this may be be leveraged for information leakage or
RT 4.0.0 and above and RTFM 2.0.0 and above contain a vulnerability
due to lack of proper rights checking, allowing any privileged user to
create Articles in any class.
All versions of RT with cross-site-request forgery (CSRF) protection
(RT 3.8.12 and above, RT 4.0.6 and above, and any instances running
the security patches released 2012-05-22) contain a vulnerability
which incorrectly allows though CSRF requests which toggle ticket
All versions of RT are vulnerable to a confused deputy attack on the
user. While not strictly a CSRF attack, users who are not logged in
who are tricked into following a malicious link may, after supplying
their credentials, be subject to an attack which leverages their
credentials to modify arbitrary state. While users who were logged in
would have observed the CSRF protection page, users who were not
logged in receive no such warning due to the intervening login
process. RT has been extended to notify users of pending actions
during the login process.
RT 3.8.0 and above are susceptible to a number of vulnerabilities
concerning improper signing or encryption of messages using GnuPG; if
GnuPG is not enabled, none of the following affect you.
See also :
Update the affected packages.
Risk factor :
Medium / CVSS Base Score : 6.8
Family: FreeBSD Local Security Checks
Nessus Plugin ID: 62793 ()
Get Nessus Professional to scan unlimited IPs, run compliance checks & moreBuy Nessus Professional Now