Soluções para vulnerabilidades

O Exame Periódico de Vulnerabilidade do Nimsoft Cloud Monitor verifica a vulnerabilidade abaixo. Para ver as soluções para vulneralidades adicionadas mais recentemente que são examinadas pelo WatchMouse, acesse a visão geral das Soluções para vulnerabilidades

Categoria: Debian Local Security Checks Fator de risco: High Adicionado: 16 Mar 2010
Synopsis:

The remote host is missing the DSA-2014 security update

Description:

Several vulnerabilities have been discovered in moin, a python clone of
WikiWiki.
The Common Vulnerabilities and Exposures project identifies the following problems:
CVE-2010-0668
Multiple security issues in MoinMoin related to configurations that have a non-empty superuser list, the xmlrpc action enabled, the SyncPages action enabled, or OpenID configured. CVE-2010-0669
MoinMoin does not properly sanitize user profiles. CVE-2010-0717
The default configuration of cfg.packagepages_actions_excluded in MoinMoin does not prevent unsafe package actions. In addition, this update fixes an error when processing hierarchical ACLs, which can be exploited to access restricted sub-pages. For the stable distribution (lenny), these problems have been fixed in version 1.7.1-3+lenny3.

See also:

http://www.debian.org/security/2010/dsa-2014

Solution:

The Debian project recommends that you upgrade your moin package.

Risk factor:

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)