Test ID:	1.3.6.1.4.1.25623.1.0.63310
Category:	Ubuntu Local Security Checks
Title:	Ubuntu: Security Advisory (USN-716-1)
Summary:	The remote host is missing an update for the 'moin' package(s) announced via the USN-716-1 advisory.
Description:	Summary: The remote host is missing an update for the 'moin' package(s) announced via the USN-716-1 advisory. Vulnerability Insight: Fernando Quintero discovered than MoinMoin did not properly sanitize its input when processing login requests, resulting in cross-site scripting (XSS) vulnerabilities. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data, within the same domain. This issue affected Ubuntu 7.10 and 8.04 LTS. (CVE-2008-0780) Fernando Quintero discovered that MoinMoin did not properly sanitize its input when attaching files, resulting in cross-site scripting vulnerabilities. This issue affected Ubuntu 6.06 LTS, 7.10 and 8.04 LTS. (CVE-2008-0781) It was discovered that MoinMoin did not properly sanitize its input when processing user forms. A remote attacker could submit crafted cookie values and overwrite arbitrary files via directory traversal. This issue affected Ubuntu 6.06 LTS, 7.10 and 8.04 LTS. (CVE-2008-0782) It was discovered that MoinMoin did not properly sanitize its input when editing pages, resulting in cross-site scripting vulnerabilities. This issue only affected Ubuntu 6.06 LTS and 7.10. (CVE-2008-1098) It was discovered that MoinMoin did not properly enforce access controls, which could allow a remoter attacker to view private pages. This issue only affected Ubuntu 6.06 LTS and 7.10. (CVE-2008-1099) It was discovered that MoinMoin did not properly sanitize its input when attaching files and using the rename parameter, resulting in cross-site scripting vulnerabilities. (CVE-2009-0260) It was discovered that MoinMoin did not properly sanitize its input when displaying error messages after processing spam, resulting in cross-site scripting vulnerabilities. (CVE-2009-0312) Affected Software/OS: 'moin' package(s) on Ubuntu 6.06, Ubuntu 7.10, Ubuntu 8.04, Ubuntu 8.10. Solution: Please install the updated package(s). CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2008-0780 BugTraq ID: 27904 http://www.securityfocus.com/bid/27904 Debian Security Information: DSA-1514 (Google Search) http://www.debian.org/security/2008/dsa-1514 https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00726.html https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00752.html http://www.gentoo.org/security/en/glsa/glsa-200803-27.xml http://secunia.com/advisories/28987 http://secunia.com/advisories/29010 http://secunia.com/advisories/29262 http://secunia.com/advisories/29444 http://secunia.com/advisories/33755 https://usn.ubuntu.com/716-1/ http://www.vupen.com/english/advisories/2008/0569/references Common Vulnerability Exposure (CVE) ID: CVE-2008-0781 Common Vulnerability Exposure (CVE) ID: CVE-2008-0782 BugTraq ID: 27404 http://www.securityfocus.com/bid/27404 https://www.exploit-db.com/exploits/4957 http://www.attrition.org/pipermail/vim/2008-January/001890.html XForce ISS Database: moinmoin-readme-file-overwrite(39837) https://exchange.xforce.ibmcloud.com/vulnerabilities/39837 Common Vulnerability Exposure (CVE) ID: CVE-2008-1098 BugTraq ID: 28173 http://www.securityfocus.com/bid/28173 https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00510.html https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00538.html http://secunia.com/advisories/30031 XForce ISS Database: moinmoin-multiple-actions-xss(41037) https://exchange.xforce.ibmcloud.com/vulnerabilities/41037 Common Vulnerability Exposure (CVE) ID: CVE-2008-1099 BugTraq ID: 28177 http://www.securityfocus.com/bid/28177 XForce ISS Database: moinmoin-macrogetval-information-disclosure(41038) https://exchange.xforce.ibmcloud.com/vulnerabilities/41038 Common Vulnerability Exposure (CVE) ID: CVE-2009-0260 BugTraq ID: 33365 http://www.securityfocus.com/bid/33365 Bugtraq: 20090120 MoinMoin Wiki Engine XSS Vulnerability (Google Search) http://www.securityfocus.com/archive/1/500197/100/0/threaded Debian Security Information: DSA-1715 (Google Search) https://www.debian.org/security/2009/dsa-1715 http://osvdb.org/51485 http://secunia.com/advisories/33593 http://secunia.com/advisories/33716 http://www.vupen.com/english/advisories/2009/0195 XForce ISS Database: moinmoin-attachfilepy-xss(48126) https://exchange.xforce.ibmcloud.com/vulnerabilities/48126 Common Vulnerability Exposure (CVE) ID: CVE-2009-0312 http://www.openwall.com/lists/oss-security/2009/01/27/4 http://osvdb.org/51632 XForce ISS Database: moinmoin-antispam-xss(48306) https://exchange.xforce.ibmcloud.com/vulnerabilities/48306
Copyright	Copyright (C) 2009 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.