FreeBSD : OpenX -- SQL injection vulnerability (3e33a0bb-6b2f-11e3-b042-20cf30e32f6d)

This script is Copyright (C) 2013-2014 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

Revive reports :

A SQL-injection vulnerability was recently discovered and reported to
the Revive Adserver team by Florian Sander. The vulnerability is known
to be already exploited to gain unauthorised access to the application
using brute force mechanisms, however other kind of attacks might be
possible and/or already in use. The risk is rated to be critical as
the most common end goal of the attackers is to spread malware to the
visitors of all the websites and ad networks that the ad server is
being used on.

The vulnerability is also present and exploitable in OpenX Source
2.8.11 and earlier versions, potentially back to phpAdsNew 2.0.x.

See also :

http://www.revive-adserver.com/security/revive-sa-2013-001/
http://www.nessus.org/u?bc95cc7a
http://www.nessus.org/u?ebc5d410

Solution :

Update the affected package.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
Public Exploit Available : true

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 71603 ()

Bugtraq ID:

CVE ID: CVE-2013-7149

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now