FreeBSD : foswiki -- Script Insertion Vulnerability via unchecked user registration fields (495b46fd-a30f-11e1-82c9-d0df9acfd7e5)

NASLDB: FreeBSD : foswiki -- Script Insertion Vulnerability via unchecked user registration fields (495b46fd-a30f-11e1-82c9-d0df9acfd7e5)

General

ID: 59206
Name: FreeBSD : foswiki — Script Insertion Vulnerability via unchecked user registration fields (495b46fd-a30f-11e1-82c9-d0df9acfd7e5)

Summary: Checks for updated package in pkg_info output

Credits: Tenable Network Security, Inc.

Classification

Risk: –

CVSS: –
CVSS Base Vector: CVSS2#AV:N/AC:H/Au:S/C:N/I:P/A:N
CVSS Temporal Vector: –

Port: 0
Family: FreeBSD Local Security Checks
Type: Local

Description

Foswiki team reports :

When a new user registers, the new user can add arbitrary HTML and
script code into the user topic which is generated by the
RegistrationAgent via standard registration fields such as ‘FirstName’
or ‘OrganisationName’.

By design, Foswiki’s normal editing features allow arbitrary HTML
markup, including script code, to be inserted into any topic anyway,
assuming the authenticated user has CHANGE permission – which is the
case on many Foswiki sites. However, the assumption that only
authenticated users with CHANGE permission may create script content
is false if new users exploit the vulnerability detailed in this alert
to manipulate the registration agent into creating that content for
them.

Exploiting

Exploit Available: –
Exploitability Ease: –

Sources

CVE: CVE-2012-1004
OSVDB: –
Bugtraq: –
scipID: –

Timeline

Vulnerability Disclosure: 2012/04/13
Patch Release: 2012/05/21
Plugin Release: 2012/05/21

Plugin

Version: 1.1
Filename: freebsd_pkg_495b46fda30f11e182c9d0df9acfd7e5.nasl
Filesize: 4821 bytes
MD5 Hash: 0f8881d5c50f5d46f5c91e6b72c8c132

Identification: Host/local_checks_enabled
Require Keys: Host/local_checks_enabled", "Host/FreeBSD/release", "Host/FreeBSD/pkg_info
Dependencies: "ssh_get_info.nasl"