Test ID:	1.3.6.1.4.1.25623.1.0.69594
Category:	FreeBSD Local Security Checks
Title:	FreeBSD Ports: rt36
Summary:	The remote host is missing an update to the system; as announced in the referenced advisory.
Description:	Summary: The remote host is missing an update to the system as announced in the referenced advisory. Vulnerability Insight: The following packages are affected: rt36 rt38 CVE-2011-1685 Best Practical Solutions RT 3.8.0 through 3.8.9 and 4.0.0rc through 4.0.0rc7, when the CustomFieldValuesSources (aka external custom field) option is enabled, allows remote authenticated users to execute arbitrary code via unspecified vectors, as demonstrated by a cross-site request forgery (CSRF) attack. CVE-2011-1686 Multiple SQL injection vulnerabilities in Best Practical Solutions RT 2.0.0 through 3.6.10, 3.8.0 through 3.8.9, and 4.0.0rc through 4.0.0rc7 allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors, as demonstrated by reading data. CVE-2011-1687 Best Practical Solutions RT 3.0.0 through 3.6.10, 3.8.0 through 3.8.9, and 4.0.0rc through 4.0.0rc7 allows remote authenticated users to obtain sensitive information by using the search interface, as demonstrated by retrieving encrypted passwords. CVE-2011-1688 Directory traversal vulnerability in Best Practical Solutions RT 3.2.0 through 3.6.10, 3.8.0 through 3.8.9, and 4.0.0rc through 4.0.0rc7 allows remote attackers to read arbitrary files via a crafted HTTP request. CVE-2011-1689 Multiple cross-site scripting (XSS) vulnerabilities in Best Practical Solutions RT 2.0.0 through 3.6.10, 3.8.0 through 3.8.9, and 4.0.0rc through 4.0.0rc7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. CVE-2011-1690 Best Practical Solutions RT 3.6.0 through 3.6.10 and 3.8.0 through 3.8.8 allows remote attackers to trick users into sending credentials to an arbitrary server via unspecified vectors. Solution: Update your system with the appropriate patches or software upgrades. CVSS Score: 6.5 CVSS Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2011-1685 BugTraq ID: 47383 http://www.securityfocus.com/bid/47383 Debian Security Information: DSA-2220 (Google Search) http://www.debian.org/security/2011/dsa-2220 http://lists.bestpractical.com/pipermail/rt-announce/2011-April/000188.html http://lists.bestpractical.com/pipermail/rt-announce/2011-April/000187.html http://secunia.com/advisories/44189 http://www.vupen.com/english/advisories/2011/1071 XForce ISS Database: rt-externalcustomfield-code-exec(66791) https://exchange.xforce.ibmcloud.com/vulnerabilities/66791 Common Vulnerability Exposure (CVE) ID: CVE-2011-1686 http://lists.bestpractical.com/pipermail/rt-announce/2011-April/000189.html XForce ISS Database: rt-unspec-sql-injection(66792) https://exchange.xforce.ibmcloud.com/vulnerabilities/66792 Common Vulnerability Exposure (CVE) ID: CVE-2011-1687 XForce ISS Database: rt-search-interface-info-disclosure(66793) https://exchange.xforce.ibmcloud.com/vulnerabilities/66793 Common Vulnerability Exposure (CVE) ID: CVE-2011-1688 XForce ISS Database: rt-unspecified-dir-traversal(66795) https://exchange.xforce.ibmcloud.com/vulnerabilities/66795 Common Vulnerability Exposure (CVE) ID: CVE-2011-1689 XForce ISS Database: rt-unspec-xss(66796) https://exchange.xforce.ibmcloud.com/vulnerabilities/66796 Common Vulnerability Exposure (CVE) ID: CVE-2011-1690 XForce ISS Database: rt-unspecified-sec-bypass(66794) https://exchange.xforce.ibmcloud.com/vulnerabilities/66794
Copyright	Copyright (C) 2011 E-Soft Inc.

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.