Oracle Solaris Third-Party Patch Update : gimp (cve_2012_4245_arbitrary_code)
Medium Nessus Plugin ID 80621
SynopsisThe remote Solaris system is missing a security patch for third-party software.
DescriptionThe remote Solaris system is missing necessary patches to address security updates :
- The scriptfu network server in GIMP 2.6 does not require authentication, which allows remote attackers to execute arbitrary commands via the python-fu-eval command.
SolutionUpgrade to Solaris 11/11 SRU 12.4.