FreeBSD : mambo -- 'register_globals' emulation layer overwrite vulnerability (ffb82d3a-610f-11da-8823-00123ffe8333)
High Nessus Plugin ID 21545
SynopsisThe remote FreeBSD host is missing a security-related update.
DescriptionA Secunia Advisory reports :
peter MC tachatte has discovered a vulnerability in Mambo, which can be exploited by malicious people to manipulate certain information and compromise a vulnerable system.
The vulnerability is caused due to an error in the 'register_globals' emulation layer in 'globals.php' where certain arrays used by the system can be overwritten. This can be exploited to include arbitrary files from external and local resources via the 'mosConfig_absolute_path' parameter.
Successful exploitation requires that 'register_globals' is disabled.
SolutionUpdate the affected package.