Ubuntu Local Security Checks : Ubuntu: Security Advisory (USN-1249-1)

Vulnerability Search		Search 324607 CVE descriptions and 145615 test descriptions, access 10,000+ cross references.
	Tests CVE All

Test ID: 1.3.6.1.4.1.25623.1.0.840795

Category: Ubuntu Local Security Checks

Title: Ubuntu: Security Advisory (USN-1249-1)

Summary: The remote host is missing an update for the 'backuppc' package(s) announced via the USN-1249-1 advisory.

Description: Summary:
The remote host is missing an update for the 'backuppc' package(s) announced via the USN-1249-1 advisory.

Vulnerability Insight:
It was discovered that BackupPC did not properly sanitize its input when
processing backup browser error messages, resulting in a cross-site
scripting (XSS) vulnerability. With cross-site scripting vulnerabilities,
if a user were tricked into viewing server output during a crafted server
request, a remote attacker could exploit this to modify the contents, or
steal confidential data, within the same domain. This issue did not affect
Ubuntu 11.10. (CVE-2011-3361)

Jamie Strandboge discovered that BackupPC did not properly sanitize its
input when processing log file viewer error messages, resulting in
cross-site scripting (XSS) vulnerabilities.

Affected Software/OS:
'backuppc' package(s) on Ubuntu 8.04, Ubuntu 10.04, Ubuntu 10.10, Ubuntu 11.04, Ubuntu 11.10.

Solution:
Please install the updated package(s).

CVSS Score:
4.3

CVSS Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2011-3361
BugTraq ID: 50406
http://www.securityfocus.com/bid/50406
https://www.htbridge.ch/advisory/multiple_xss_vulnerabilities_in_backuppc.html
http://sourceforge.net/mailarchive/message.php?msg_id=26919997
http://www.openwall.com/lists/oss-security/2011/09/13/3
http://www.openwall.com/lists/oss-security/2011/09/14/7
http://secunia.com/advisories/44259
http://secunia.com/advisories/46621
http://ubuntu.com/usn/usn-1249-1
XForce ISS Database: backuppc-num-xss(71030)
https://exchange.xforce.ibmcloud.com/vulnerabilities/71030

Copyright Copyright (C) 2011 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

Test ID:	1.3.6.1.4.1.25623.1.0.840795
Category:	Ubuntu Local Security Checks
Title:	Ubuntu: Security Advisory (USN-1249-1)
Summary:	The remote host is missing an update for the 'backuppc' package(s) announced via the USN-1249-1 advisory.
Description:	Summary: The remote host is missing an update for the 'backuppc' package(s) announced via the USN-1249-1 advisory. Vulnerability Insight: It was discovered that BackupPC did not properly sanitize its input when processing backup browser error messages, resulting in a cross-site scripting (XSS) vulnerability. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data, within the same domain. This issue did not affect Ubuntu 11.10. (CVE-2011-3361) Jamie Strandboge discovered that BackupPC did not properly sanitize its input when processing log file viewer error messages, resulting in cross-site scripting (XSS) vulnerabilities. Affected Software/OS: 'backuppc' package(s) on Ubuntu 8.04, Ubuntu 10.04, Ubuntu 10.10, Ubuntu 11.04, Ubuntu 11.10. Solution: Please install the updated package(s). CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2011-3361 BugTraq ID: 50406 http://www.securityfocus.com/bid/50406 https://www.htbridge.ch/advisory/multiple_xss_vulnerabilities_in_backuppc.html http://sourceforge.net/mailarchive/message.php?msg_id=26919997 http://www.openwall.com/lists/oss-security/2011/09/13/3 http://www.openwall.com/lists/oss-security/2011/09/14/7 http://secunia.com/advisories/44259 http://secunia.com/advisories/46621 http://ubuntu.com/usn/usn-1249-1 XForce ISS Database: backuppc-num-xss(71030) https://exchange.xforce.ibmcloud.com/vulnerabilities/71030
Copyright	Copyright (C) 2011 Greenbone AG