ID de Prueba:	1.3.6.1.4.1.25623.1.0.69594
Categoría:	FreeBSD Local Security Checks
Título:	FreeBSD Ports: rt36
Resumen:	The remote host is missing an update to the system; as announced in the referenced advisory.
Descripción:	Summary: The remote host is missing an update to the system as announced in the referenced advisory. Vulnerability Insight: The following packages are affected: rt36 rt38 CVE-2011-1685 Best Practical Solutions RT 3.8.0 through 3.8.9 and 4.0.0rc through 4.0.0rc7, when the CustomFieldValuesSources (aka external custom field) option is enabled, allows remote authenticated users to execute arbitrary code via unspecified vectors, as demonstrated by a cross-site request forgery (CSRF) attack. CVE-2011-1686 Multiple SQL injection vulnerabilities in Best Practical Solutions RT 2.0.0 through 3.6.10, 3.8.0 through 3.8.9, and 4.0.0rc through 4.0.0rc7 allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors, as demonstrated by reading data. CVE-2011-1687 Best Practical Solutions RT 3.0.0 through 3.6.10, 3.8.0 through 3.8.9, and 4.0.0rc through 4.0.0rc7 allows remote authenticated users to obtain sensitive information by using the search interface, as demonstrated by retrieving encrypted passwords. CVE-2011-1688 Directory traversal vulnerability in Best Practical Solutions RT 3.2.0 through 3.6.10, 3.8.0 through 3.8.9, and 4.0.0rc through 4.0.0rc7 allows remote attackers to read arbitrary files via a crafted HTTP request. CVE-2011-1689 Multiple cross-site scripting (XSS) vulnerabilities in Best Practical Solutions RT 2.0.0 through 3.6.10, 3.8.0 through 3.8.9, and 4.0.0rc through 4.0.0rc7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. CVE-2011-1690 Best Practical Solutions RT 3.6.0 through 3.6.10 and 3.8.0 through 3.8.8 allows remote attackers to trick users into sending credentials to an arbitrary server via unspecified vectors. Solution: Update your system with the appropriate patches or software upgrades. CVSS Score: 6.5 CVSS Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2011-1685 BugTraq ID: 47383 http://www.securityfocus.com/bid/47383 Debian Security Information: DSA-2220 (Google Search) http://www.debian.org/security/2011/dsa-2220 http://lists.bestpractical.com/pipermail/rt-announce/2011-April/000188.html http://lists.bestpractical.com/pipermail/rt-announce/2011-April/000187.html http://secunia.com/advisories/44189 http://www.vupen.com/english/advisories/2011/1071 XForce ISS Database: rt-externalcustomfield-code-exec(66791) https://exchange.xforce.ibmcloud.com/vulnerabilities/66791 Common Vulnerability Exposure (CVE) ID: CVE-2011-1686 http://lists.bestpractical.com/pipermail/rt-announce/2011-April/000189.html XForce ISS Database: rt-unspec-sql-injection(66792) https://exchange.xforce.ibmcloud.com/vulnerabilities/66792 Common Vulnerability Exposure (CVE) ID: CVE-2011-1687 XForce ISS Database: rt-search-interface-info-disclosure(66793) https://exchange.xforce.ibmcloud.com/vulnerabilities/66793 Common Vulnerability Exposure (CVE) ID: CVE-2011-1688 XForce ISS Database: rt-unspecified-dir-traversal(66795) https://exchange.xforce.ibmcloud.com/vulnerabilities/66795 Common Vulnerability Exposure (CVE) ID: CVE-2011-1689 XForce ISS Database: rt-unspec-xss(66796) https://exchange.xforce.ibmcloud.com/vulnerabilities/66796 Common Vulnerability Exposure (CVE) ID: CVE-2011-1690 XForce ISS Database: rt-unspecified-sec-bypass(66794) https://exchange.xforce.ibmcloud.com/vulnerabilities/66794
Copyright	Copyright (C) 2011 E-Soft Inc.

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.