Mageia Linux Local Security Checks : Mageia: Security Advisory (MGASA-2013-0163)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.1.10.2013.0163

Categoría: Mageia Linux Local Security Checks

Título: Mageia: Security Advisory (MGASA-2013-0163)

Resumen: The remote host is missing an update for the 'php-geshi' package(s) announced via the MGASA-2013-0163 advisory.

Descripción: Summary:
The remote host is missing an update for the 'php-geshi' package(s) announced via the MGASA-2013-0163 advisory.

Vulnerability Insight:
A directory traversal and information disclosure (local file inclusion) flaws
were found in the cssgen contrib module (application to generate custom CSS
files) of GeSHi, a generic syntax highlighter, performed sanitization of
'geshi-path' and 'geshi-lang-path' HTTP GET / POST variables. A remote
attacker could provide a specially-crafted URL that, when visited could lead
to local file system traversal or, potentially, ability to read content of
any local file, accessible with the privileges of the user running the
webserver (CVE-2012-3251).

A cross-site scripting (XSS) flaw was found in the way 'langwiz' example
script of GeSHi, a generic syntax highlighter, performed sanitization of
certain HTTP GET / POST request variables (prior dumping their content). A
remote attacker could provide a specially-crafted URL that, when visited
would lead to arbitrary HTML or web script execution (CVE-2012-3522).

Affected Software/OS:
'php-geshi' package(s) on Mageia 2.

Solution:
Please install the updated package(s).

CVSS Score:
4.3

CVSS Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2012-3251
HPdes Security Advisory: HPSBMU02803
https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03450382
HPdes Security Advisory: SSRT100926
Common Vulnerability Exposure (CVE) ID: CVE-2012-3522
http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105317.html
http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105247.html
http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105273.html
http://www.openwall.com/lists/oss-security/2012/08/21/11

Copyright Copyright (C) 2022 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.1.10.2013.0163
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2013-0163)
Resumen:	The remote host is missing an update for the 'php-geshi' package(s) announced via the MGASA-2013-0163 advisory.
Descripción:	Summary: The remote host is missing an update for the 'php-geshi' package(s) announced via the MGASA-2013-0163 advisory. Vulnerability Insight: A directory traversal and information disclosure (local file inclusion) flaws were found in the cssgen contrib module (application to generate custom CSS files) of GeSHi, a generic syntax highlighter, performed sanitization of 'geshi-path' and 'geshi-lang-path' HTTP GET / POST variables. A remote attacker could provide a specially-crafted URL that, when visited could lead to local file system traversal or, potentially, ability to read content of any local file, accessible with the privileges of the user running the webserver (CVE-2012-3251). A cross-site scripting (XSS) flaw was found in the way 'langwiz' example script of GeSHi, a generic syntax highlighter, performed sanitization of certain HTTP GET / POST request variables (prior dumping their content). A remote attacker could provide a specially-crafted URL that, when visited would lead to arbitrary HTML or web script execution (CVE-2012-3522). Affected Software/OS: 'php-geshi' package(s) on Mageia 2. Solution: Please install the updated package(s). CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2012-3251 HPdes Security Advisory: HPSBMU02803 https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03450382 HPdes Security Advisory: SSRT100926 Common Vulnerability Exposure (CVE) ID: CVE-2012-3522 http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105317.html http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105247.html http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105273.html http://www.openwall.com/lists/oss-security/2012/08/21/11
Copyright	Copyright (C) 2022 Greenbone AG