Mageia Linux Local Security Checks : Mageia: Security Advisory (MGASA-2016-0343)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.1.10.2016.0343

Categoría: Mageia Linux Local Security Checks

Título: Mageia: Security Advisory (MGASA-2016-0343)

Resumen: The remote host is missing an update for the 'mailman' package(s) announced via the MGASA-2016-0343 advisory.

Descripción: Summary:
The remote host is missing an update for the 'mailman' package(s) announced via the MGASA-2016-0343 advisory.

Vulnerability Insight:
Cross-site request forgery (CSRF) vulnerability in the user options page in
GNU Mailman 2.1.x before 2.1.23 allows remote attackers to hijack the
authentication of arbitrary users for requests that modify an option, as
demonstrated by gaining access to the credentials of a victim's account
(CVE-2016-6893).

Affected Software/OS:
'mailman' package(s) on Mageia 5.

Solution:
Please install the updated package(s).

CVSS Score:
6.8

CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2016-6893
BugTraq ID: 92731
http://www.securityfocus.com/bid/92731
Debian Security Information: DSA-3668 (Google Search)
http://www.debian.org/security/2016/dsa-3668
http://www.securitytracker.com/id/1036728

Copyright Copyright (C) 2022 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.1.10.2016.0343
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2016-0343)
Resumen:	The remote host is missing an update for the 'mailman' package(s) announced via the MGASA-2016-0343 advisory.
Descripción:	Summary: The remote host is missing an update for the 'mailman' package(s) announced via the MGASA-2016-0343 advisory. Vulnerability Insight: Cross-site request forgery (CSRF) vulnerability in the user options page in GNU Mailman 2.1.x before 2.1.23 allows remote attackers to hijack the authentication of arbitrary users for requests that modify an option, as demonstrated by gaining access to the credentials of a victim's account (CVE-2016-6893). Affected Software/OS: 'mailman' package(s) on Mageia 5. Solution: Please install the updated package(s). CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2016-6893 BugTraq ID: 92731 http://www.securityfocus.com/bid/92731 Debian Security Information: DSA-3668 (Google Search) http://www.debian.org/security/2016/dsa-3668 http://www.securitytracker.com/id/1036728
Copyright	Copyright (C) 2022 Greenbone AG