Soluzioni per la vulnerabilità

La Scansione Vulnerabilità periodica di Nimsoft Cloud Monitor verifica le vulnerabilità riportate qui sotto. Per visualizzare le soluzioni per la vulnerabilità più recenti scansionate da WatchMouse, visitare la pagina sulla panoramica delle Soluzioni per la vulnerabilità

Categoria: Ubuntu Local Security Checks Fattore di rischio: High Aggiunto il: 12 mar 2010
Synopsis:

These remote packages are missing security patches : - moinmoin-common
- python-moinmoin
- python2.4-moinmoin

Description:

It was discovered that several wiki actions and preference settings in MoinMoin were not protected from cross-site request forgery (CSRF). If an authenticated user were tricked into visiting a malicious website while logged into MoinMoin, a remote attacker could change the user's configuration or wiki content. (CVE-2010-0668, CVE-2010-0717)

It was discovered that MoinMoin did not properly sanitize its input when processing user preferences. An attacker could enter malicious content which when viewed by a user, could render in unexpected ways. (CVE-2010-0669)

Solution:

Upgrade to :
- moinmoin-common-1.5.8-5.1ubuntu2.3 (Ubuntu 8.04) - python-moinmoin-1.8.4-1ubuntu1.1 (Ubuntu 9.10) - python2.4-moinmoin-1.5.2-1ubuntu2.5 (Ubuntu 6.06)

Risk factor:

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)