Mageia Linux Local Security Checks : Mageia: Security Advisory (MGASA-2013-0163)

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 145615 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.1.10.2013.0163

Kategorie: Mageia Linux Local Security Checks

Titel: Mageia: Security Advisory (MGASA-2013-0163)

Zusammenfassung: The remote host is missing an update for the 'php-geshi' package(s) announced via the MGASA-2013-0163 advisory.

Beschreibung: Summary:
The remote host is missing an update for the 'php-geshi' package(s) announced via the MGASA-2013-0163 advisory.

Vulnerability Insight:
A directory traversal and information disclosure (local file inclusion) flaws
were found in the cssgen contrib module (application to generate custom CSS
files) of GeSHi, a generic syntax highlighter, performed sanitization of
'geshi-path' and 'geshi-lang-path' HTTP GET / POST variables. A remote
attacker could provide a specially-crafted URL that, when visited could lead
to local file system traversal or, potentially, ability to read content of
any local file, accessible with the privileges of the user running the
webserver (CVE-2012-3251).

A cross-site scripting (XSS) flaw was found in the way 'langwiz' example
script of GeSHi, a generic syntax highlighter, performed sanitization of
certain HTTP GET / POST request variables (prior dumping their content). A
remote attacker could provide a specially-crafted URL that, when visited
would lead to arbitrary HTML or web script execution (CVE-2012-3522).

Affected Software/OS:
'php-geshi' package(s) on Mageia 2.

Solution:
Please install the updated package(s).

CVSS Score:
4.3

CVSS Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2012-3251
HPdes Security Advisory: HPSBMU02803
https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03450382
HPdes Security Advisory: SSRT100926
Common Vulnerability Exposure (CVE) ID: CVE-2012-3522
http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105317.html
http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105247.html
http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105273.html
http://www.openwall.com/lists/oss-security/2012/08/21/11

Copyright Copyright (C) 2022 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.1.10.2013.0163
Kategorie:	Mageia Linux Local Security Checks
Titel:	Mageia: Security Advisory (MGASA-2013-0163)
Zusammenfassung:	The remote host is missing an update for the 'php-geshi' package(s) announced via the MGASA-2013-0163 advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'php-geshi' package(s) announced via the MGASA-2013-0163 advisory. Vulnerability Insight: A directory traversal and information disclosure (local file inclusion) flaws were found in the cssgen contrib module (application to generate custom CSS files) of GeSHi, a generic syntax highlighter, performed sanitization of 'geshi-path' and 'geshi-lang-path' HTTP GET / POST variables. A remote attacker could provide a specially-crafted URL that, when visited could lead to local file system traversal or, potentially, ability to read content of any local file, accessible with the privileges of the user running the webserver (CVE-2012-3251). A cross-site scripting (XSS) flaw was found in the way 'langwiz' example script of GeSHi, a generic syntax highlighter, performed sanitization of certain HTTP GET / POST request variables (prior dumping their content). A remote attacker could provide a specially-crafted URL that, when visited would lead to arbitrary HTML or web script execution (CVE-2012-3522). Affected Software/OS: 'php-geshi' package(s) on Mageia 2. Solution: Please install the updated package(s). CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2012-3251 HPdes Security Advisory: HPSBMU02803 https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03450382 HPdes Security Advisory: SSRT100926 Common Vulnerability Exposure (CVE) ID: CVE-2012-3522 http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105317.html http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105247.html http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105273.html http://www.openwall.com/lists/oss-security/2012/08/21/11
Copyright	Copyright (C) 2022 Greenbone AG