Soluzioni per la vulnerabilità

La Scansione Vulnerabilità periodica di Nimsoft Cloud Monitor verifica le vulnerabilità riportate qui sotto. Per visualizzare le soluzioni per la vulnerabilità più recenti scansionate da WatchMouse, visitare la pagina sulla panoramica delle Soluzioni per la vulnerabilità

Categoria: Debian Local Security Checks Fattore di rischio: High Aggiunto il: 16 mar 2010
Synopsis:

The remote host is missing the DSA-2014 security update

Description:

Several vulnerabilities have been discovered in moin, a python clone of
WikiWiki.
The Common Vulnerabilities and Exposures project identifies the following problems:
CVE-2010-0668
Multiple security issues in MoinMoin related to configurations that have a non-empty superuser list, the xmlrpc action enabled, the SyncPages action enabled, or OpenID configured. CVE-2010-0669
MoinMoin does not properly sanitize user profiles. CVE-2010-0717
The default configuration of cfg.packagepages_actions_excluded in MoinMoin does not prevent unsafe package actions. In addition, this update fixes an error when processing hierarchical ACLs, which can be exploited to access restricted sub-pages. For the stable distribution (lenny), these problems have been fixed in version 1.7.1-3+lenny3.

See also:

http://www.debian.org/security/2010/dsa-2014

Solution:

The Debian project recommends that you upgrade your moin package.

Risk factor:

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)