Soluciones para vulnerabilidades

La exploración de vulnerabilidades periódica de Nimsoft Cloud Monitor busca la vulnerabilidad siguiente. Para ver las soluciones añadidas más recientemente que Nimsoft Cloud Monitor explora, visite Soluciones para vulnerabilidades.

Categoría: Debian Local Security Checks Factor de riesgo: High Añadido: 16 mar 2010
Synopsis:

The remote host is missing the DSA-2014 security update

Description:

Several vulnerabilities have been discovered in moin, a python clone of
WikiWiki.
The Common Vulnerabilities and Exposures project identifies the following problems:
CVE-2010-0668
Multiple security issues in MoinMoin related to configurations that have a non-empty superuser list, the xmlrpc action enabled, the SyncPages action enabled, or OpenID configured. CVE-2010-0669
MoinMoin does not properly sanitize user profiles. CVE-2010-0717
The default configuration of cfg.packagepages_actions_excluded in MoinMoin does not prevent unsafe package actions. In addition, this update fixes an error when processing hierarchical ACLs, which can be exploited to access restricted sub-pages. For the stable distribution (lenny), these problems have been fixed in version 1.7.1-3+lenny3.

See also:

http://www.debian.org/security/2010/dsa-2014

Solution:

The Debian project recommends that you upgrade your moin package.

Risk factor:

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)