FreeBSD : mailman -- CSRF protection enhancements (b11ab01b-6e19-11e6-ab24-080027ef73ec)

This script is Copyright (C) 2016 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

Mark Sapiro reports :

CSRF protection has been extended to the user options page. This was
actually fixed by Tokio Kikuchi as part of the fix for LP : #775294
and intended for Mailman 2.1.15, but that fix wasn't completely merged
at the time. The full fix also addresses the admindb, and edithtml
pages as well as the user options page and the previously fixed admin
pages. Thanks to Nishant Agarwala for reporting the issue.

See also :

http://bazaar.launchpad.net/~mailman-coders/mailman/2.1/revision/1668
http://www.nessus.org/u?ac810682
http://www.nessus.org/u?3acf6cfa

Solution :

Update the affected package.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 93211 ()

Bugtraq ID:

CVE ID: CVE-2016-6893

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now