FreeBSD : ikiwiki -- multiple vulnerabilities (5ed094a0-0150-11e7-ae1b-002590263bf5)

Medium Nessus Plugin ID 97544


The remote FreeBSD host is missing a security-related update.


Mitre reports :

ikiwiki 3.20161219 does not properly check if a revision changes the access permissions for a page on sites with the git and recentchanges plugins and the CGI interface enabled, which allows remote attackers to revert certain changes by leveraging permissions to change the page before the revision was made.

When CGI::FormBuilder->field('foo') is called in list context (and in particular in the arguments to a subroutine that takes named arguments), it can return zero or more values for foo from the CGI request, rather than the expected single value. This breaks the usual Perl parsing convention for named arguments, similar to CVE-2014-1572 in Bugzilla (which was caused by a similar API design issue in


Update the affected package.

See Also

Plugin Details

Severity: Medium

ID: 97544

File Name: freebsd_pkg_5ed094a0015011e7ae1b002590263bf5.nasl

Version: $Revision: 3.1 $

Type: local

Published: 2017/03/06

Modified: 2017/03/06

Dependencies: 12634

Risk Information

Risk Factor: Medium


Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N


Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:ikiwiki, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 2017/03/05

Vulnerability Publication Date: 2016/12/19

Reference Information

CVE: CVE-2016-10026, CVE-2016-9645, CVE-2016-9646