Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Ubuntu: Security Advisory (USN-458-1)

🗓️ 23 Mar 2009 00:00:00Reported by Copyright (C) 2009 Greenbone AGType 
openvas
 openvas🔗 plugins.openvas.org👁 18 Views

Ubuntu: Security Advisory (USN-458-1) - MoinMoin package vulnerabilitie

Show more

5 of 5AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Related
Refs
Code
ReporterTitlePublishedViews
Family
Ubuntu		MoinMoin vulnerabilities
8 May 200700:00
ubuntu
Tenable Nessus		Ubuntu 6.06 LTS / 6.10 / 7.04 : moin vulnerabilities (USN-458-1)
10 Nov 200700:00
nessus
Tenable Nessus		Debian DSA-1514-1 : moin - several vulnerabilities
13 Mar 200800:00
nessus
Tenable Nessus		FreeBSD : moinmoin -- multiple vulnerabilities (f113bbeb-e3ac-11dc-bb89-000bcdc1757a)
26 Feb 200800:00
nessus
NVD		CVE-2007-2637
13 May 200723:19
nvd
NVD		CVE-2007-2423
2 May 200700:19
nvd
securityvulns		[USN-458-1] MoinMoin vulnerabilities
9 May 200700:00
securityvulns
securityvulns		Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
9 May 200700:00
securityvulns
securityvulns		[SECURITY] [DSA 1514-1] New moin packages fix several vulnerabilities
10 Mar 200800:00
securityvulns
OSV		GHSA-CMG7-XR2J-4R9V MoinMoin Improper ACL handling for calendars and includes
1 May 202218:05
osv
Rows per page
# SPDX-FileCopyrightText: 2009 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.840079");
  script_cve_id("CVE-2007-2423", "CVE-2007-2637");
  script_tag(name:"creation_date", value:"2009-03-23 09:55:18 +0000 (Mon, 23 Mar 2009)");
  script_version("2024-02-02T05:06:04+0000");
  script_tag(name:"last_modification", value:"2024-02-02 05:06:04 +0000 (Fri, 02 Feb 2024)");
  script_tag(name:"cvss_base", value:"5.8");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:P/I:P/A:N");

  script_name("Ubuntu: Security Advisory (USN-458-1)");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2009 Greenbone AG");
  script_family("Ubuntu Local Security Checks");
  script_dependencies("gather-package-list.nasl");
  script_mandatory_keys("ssh/login/ubuntu_linux", "ssh/login/packages", re:"ssh/login/release=UBUNTU(6\.06\ LTS|6\.10|7\.04)");

  script_xref(name:"Advisory-ID", value:"USN-458-1");
  script_xref(name:"URL", value:"https://ubuntu.com/security/notices/USN-458-1");

  script_tag(name:"summary", value:"The remote host is missing an update for the 'moin' package(s) announced via the USN-458-1 advisory.");

  script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");

  script_tag(name:"insight", value:"A flaw was discovered in MoinMoin's error reporting when using the
AttachFile action. By tricking a user into viewing a crafted MoinMoin
URL, an attacker could execute arbitrary JavaScript as the current
MoinMoin user, possibly exposing the user's authentication information
for the domain where MoinMoin was hosted. (CVE-2007-2423)

Flaws were discovered in MoinMoin's ACL handling for calendars and
includes. Unauthorized users would be able to read pages that would
otherwise be unavailable to them.");

  script_tag(name:"affected", value:"'moin' package(s) on Ubuntu 6.06, Ubuntu 6.10, Ubuntu 7.04.");

  script_tag(name:"solution", value:"Please install the updated package(s).");

  script_tag(name:"solution_type", value:"VendorFix");
  script_tag(name:"qod_type", value:"package");

  exit(0);
}

include("revisions-lib.inc");
include("pkg-lib-deb.inc");

release = dpkg_get_ssh_release();
if(!release)
  exit(0);

res = "";
report = "";

if(release == "UBUNTU6.06 LTS") {

  if(!isnull(res = isdpkgvuln(pkg:"python2.4-moinmoin", ver:"1.5.2-1ubuntu2.3", rls:"UBUNTU6.06 LTS"))) {
    report += res;
  }

  if(report != "") {
    security_message(data:report);
  } else if(__pkg_match) {
    exit(99);
  }
  exit(0);
}

if(release == "UBUNTU6.10") {

  if(!isnull(res = isdpkgvuln(pkg:"python2.4-moinmoin", ver:"1.5.3-1ubuntu1.3", rls:"UBUNTU6.10"))) {
    report += res;
  }

  if(report != "") {
    security_message(data:report);
  } else if(__pkg_match) {
    exit(99);
  }
  exit(0);
}

if(release == "UBUNTU7.04") {

  if(!isnull(res = isdpkgvuln(pkg:"python-moinmoin", ver:"1.5.3-1.1ubuntu3.1", rls:"UBUNTU7.04"))) {
    report += res;
  }

  if(report != "") {
    security_message(data:report);
  } else if(__pkg_match) {
    exit(99);
  }
  exit(0);
}

exit(0);

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
23 Mar 2009 00:00Current
6.7Medium risk
Vulners AI Score6.7
CVSS25.8
EPSS0.04962
ubuntusecurity advisoryusn-458-1moinmoinpackagevulnerabilitiescve-2007-2423cve-2007-2637error reportingacl handling
18
.json
Report