FreeBSD : moinmoin -- Multiple vulnerabilities (a264b1b0-5726-11e2-9483-14dae938ec40)

Medium Nessus Plugin ID 63397


The remote FreeBSD host is missing a security-related update.


MoinMoin developers report the following vulnerabilities as fixed in version 1.9.6 :

- remote code execution vulnerability in twikidraw/anywikidraw action,

- path traversal vulnerability in AttachFile action,

- XSS issue, escape page name in rss link.

CVE entries at MITRE furher clarify :

Multiple unrestricted file upload vulnerabilities in the (1) twikidraw (action/ and (2) anywikidraw (action/ actions in MoinMoin before 1.9.6 allow remote authenticated users with write permissions to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory, as exploited in the wild in July 2012.

Directory traversal vulnerability in the _do_attachment_move function in the AttachFile action (action/ in MoinMoin 1.9.3 through 1.9.5 allows remote attackers to overwrite arbitrary files via a .. (dot dot) in a file name.

Cross-site scripting (XSS) vulnerability in the rsslink function in theme/ in MoinMoin 1.9.5 allows remote attackers to inject arbitrary web script or HTML via the page name in a rss link.


Update the affected package.

See Also

Plugin Details

Severity: Medium

ID: 63397

File Name: freebsd_pkg_a264b1b0572611e2948314dae938ec40.nasl

Version: $Revision: 1.4 $

Type: local

Published: 2013/01/07

Modified: 2013/06/22

Dependencies: 12634

Risk Information

Risk Factor: Medium


Base Score: 6.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:moinmoin, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2013/01/05

Vulnerability Publication Date: 2012/12/29

Exploitable With

Metasploit (MoinMoin twikidraw Action Traversal File Upload)

Elliot (MoinMoin 1.9.5 RCE)

Reference Information

CVE: CVE-2012-6080, CVE-2012-6081, CVE-2012-6082

DSA: 2593