Mandriva Linux Security Advisory : couchdb (MDVSA-2013:067)

This script is Copyright (C) 2013-2014 Tenable Network Security, Inc.


Synopsis :

The remote Mandriva Linux host is missing one or more security
updates.

Description :

Updated couchdb packages fix security vulnerabilities :

A security flaw was found in the way Apache CouchDB, a
distributed,fault- tolerant and schema-free document-oriented database
accessible via a RESTful HTTP/JSON API, processed certain JSON
callback. A remote attacker could provide a specially crafted JSON
callback that, when processed could lead to arbitrary JSON code
execution via Adobe Flash (CVE-2012-5649).

A DOM based cross-site scripting (XSS) flaw was found in the way
browser- based test suite of Apache CouchDB, a distributed,
fault-tolerant and schema-free document-oriented database accessible
via a RESTful HTTP/JSON API, processed certain query parameters. A
remote attacker could provide a specially crafted web page that, when
accessed could lead to arbitrary web script or HTML execution in the
context of a CouchDB user session (CVE-2012-5650).

Solution :

Update the affected couchdb and / or couchdb-bin packages.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 5.0
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: Mandriva Local Security Checks

Nessus Plugin ID: 66081 ()

Bugtraq ID: 57314
57321

CVE ID: CVE-2012-5649
CVE-2012-5650

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now