Detections
Analytics

FreeBSD : moinmoin -- Multiple vulnerabilities (a264b1b0-5726-11e2-9483-14dae938ec40)

medium Nessus Plugin ID 63397

Language:

Synopsis

The remote FreeBSD host is missing a security-related update.

Description

MoinMoin developers report the following vulnerabilities as fixed in version 1.9.6 :

- remote code execution vulnerability in twikidraw/anywikidraw action,

- path traversal vulnerability in AttachFile action,

- XSS issue, escape page name in rss link.

CVE entries at MITRE furher clarify :

Multiple unrestricted file upload vulnerabilities in the (1) twikidraw (action/twikidraw.py) and (2) anywikidraw (action/anywikidraw.py) actions in MoinMoin before 1.9.6 allow remote authenticated users with write permissions to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory, as exploited in the wild in July 2012.

Directory traversal vulnerability in the _do_attachment_move function in the AttachFile action (action/AttachFile.py) in MoinMoin 1.9.3 through 1.9.5 allows remote attackers to overwrite arbitrary files via a .. (dot dot) in a file name.

Cross-site scripting (XSS) vulnerability in the rsslink function in theme/__init__.py in MoinMoin 1.9.5 allows remote attackers to inject arbitrary web script or HTML via the page name in a rss link.

Solution

Update the affected package.

See Also

http://hg.moinmo.in/moin/1.9/raw-file/1.9.6/docs/CHANGES

http://www.nessus.org/u?87d7f17b

Plugin Details

Severity: Medium

ID: 63397

File Name: freebsd_pkg_a264b1b0572611e2948314dae938ec40.nasl

Version: 1.9

Type: local

Published: 1/7/2013

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: Medium

Base Score: 6.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:moinmoin, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 1/5/2013

Vulnerability Publication Date: 12/29/2012

Exploitable With

Metasploit (MoinMoin twikidraw Action Traversal File Upload)

Elliot (MoinMoin 1.9.5 RCE)

Reference Information

CVE: CVE-2012-6080, CVE-2012-6081, CVE-2012-6082

DSA: 2593