FreeBSD : rt -- Remote DoS, Information disclosure and Session Hijackingvulnerabilities (d08f6002-c588-11e4-8495-6805ca0b3d42)

This script is Copyright (C) 2015 Tenable Network Security, Inc.

Synopsis :

The remote FreeBSD host is missing one or more security-related

Description :

Best Practical reports :

RT 3.0.0 and above, if running on Perl 5.14.0 or higher, are
vulnerable to a remote denial-of-service via the email gateway; any
installation which accepts mail from untrusted sources is vulnerable,
regardless of the permissions configuration inside RT. This
denial-of-service may encompass both CPU and disk usage, depending on
RT's logging configuration. This vulnerability is assigned

RT 3.8.8 and above are vulnerable to an information disclosure attack
which may reveal RSS feeds URLs, and thus ticket data; this
vulnerability is assigned CVE-2015-1165. RSS feed URLs can also be
leveraged to perform session hijacking, allowing a user with the URL
to log in as the user that created the feed; this vulnerability is
assigned CVE-2015-1464.

See also :

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 7.1

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 81685 ()

Bugtraq ID:

CVE ID: CVE-2014-9472

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now