Debian DSA-999-1 : lurker - several vulnerabilities

NASLDB: Debian DSA-999-1 : lurker - several vulnerabilities

General

ID: 22865
Name: Debian DSA-999-1 : lurker – several vulnerabilities

Summary: Checks dpkg output for the updated package

Credits: –

Classification

Risk: –

CVSS: –
CVSS Base Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N
CVSS Temporal Vector: –

Port: 0
Family: Debian Local Security Checks
Type: Local

Description

Several security related problems have been discovered in lurker, an
archive tool for mailing lists with integrated search engine. The
Common Vulnerabilities and Exposures project identifies the following
problems :

– CVE-2006-1062
Lurker’s mechanism for specifying configuration files
was vulnerable to being overridden. As lurker includes
sections of unparsed config files in its output, an
attacker could manipulate lurker into reading any file
readable by the www-data user.

– CVE-2006-1063
It is possible for a remote attacker to create or
overwrite files in any writable directory that is named
‘mbox’.

– CVE-2006-1064
Missing input sanitising allows an attacker to inject
arbitrary web script or HTML.

Exploiting

Exploit Available: –
Exploitability Ease: –

Sources

CVE: CVE-2006-1062
OSVDB: –
Bugtraq: –
scipID: –

Timeline

Vulnerability Disclosure: 2006/03/06
Patch Release: 2006/03/14
Plugin Release: 2006/10/14

Plugin

Version: 1.12
Filename: debian_DSA-999.nasl
Filesize: 3820 bytes
MD5 Hash: 09a0169cfe81590bb5d4207e6d5957d1

Identification: Host/local_checks_enabled
Require Keys: Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l
Dependencies: "ssh_get_info.nasl"

Letzte Plugins

Letzte Plugins

scip AG