FreeBSD : RT -- Multiple Vulnerabilities (4b738d54-2427-11e2-9817-c8600054b392)

This script is Copyright (C) 2012-2013 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing one or more security-related
updates.

Description :

BestPractical report :

All versions of RT are vulnerable to an email header injection attack.
Users with ModifySelf or AdminUser can cause RT to add arbitrary
headers or content to outgoing mail. Depending on the scrips that are
configured, this may be be leveraged for information leakage or
phishing.

RT 4.0.0 and above and RTFM 2.0.0 and above contain a vulnerability
due to lack of proper rights checking, allowing any privileged user to
create Articles in any class.

All versions of RT with cross-site-request forgery (CSRF) protection
(RT 3.8.12 and above, RT 4.0.6 and above, and any instances running
the security patches released 2012-05-22) contain a vulnerability
which incorrectly allows though CSRF requests which toggle ticket
bookmarks.

All versions of RT are vulnerable to a confused deputy attack on the
user. While not strictly a CSRF attack, users who are not logged in
who are tricked into following a malicious link may, after supplying
their credentials, be subject to an attack which leverages their
credentials to modify arbitrary state. While users who were logged in
would have observed the CSRF protection page, users who were not
logged in receive no such warning due to the intervening login
process. RT has been extended to notify users of pending actions
during the login process.

RT 3.8.0 and above are susceptible to a number of vulnerabilities
concerning improper signing or encryption of messages using GnuPG; if
GnuPG is not enabled, none of the following affect you.

See also :

http://www.nessus.org/u?2181f5d2
http://www.nessus.org/u?b31f7abd

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 62793 ()

Bugtraq ID:

CVE ID: CVE-2012-4730
CVE-2012-4731
CVE-2012-4732
CVE-2012-4734
CVE-2012-4884
CVE-2012-6578
CVE-2012-6579
CVE-2012-6580
CVE-2012-6581

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now