Detections
Analytics

FreeBSD : drupal-pubcookie -- authentication may be bypassed (c0fd7890-4346-11db-89cc-000ae42e9b93)

high Nessus Plugin ID 22342

Synopsis

The remote FreeBSD host is missing a security-related update.

Description

The Drupal Project reports :

It is possible for a malicious user to spoof a user's identity by bypassing the login redirection mechanism in the pubcookie module. The malicious user may gain the privileges of the user they are spoofing, including the administrative user.

Solution

Update the affected package.

See Also

http://drupal.org/node/83064

http://www.nessus.org/u?6fdf1f64

Plugin Details

Severity: High

ID: 22342

File Name: freebsd_pkg_c0fd7890434611db89cc000ae42e9b93.nasl

Version: 1.13

Type: local

Published: 9/14/2006

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.5

CVSS v2

Risk Factor: High

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:drupal-pubcookie, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 9/13/2006

Vulnerability Publication Date: 9/8/2006

Reference Information

CVE: CVE-2006-4717