FreeBSD : gforge -- XSS and email flood vulnerabilities (d7cd5015-08c9-11da-bc08-0001020eed82)

medium Nessus Plugin ID 56498

Synopsis

The remote FreeBSD host is missing a security-related update.

Description

Jose Antonio Coret reports that GForge contains multiple Cross Site Scripting vulnerabilities and an e-mail flood vulnerability :

The login form is also vulnerable to XSS (Cross Site Scripting) attacks. This may be used to launch phising attacks by sending HTML e-mails (i.e.: saying that you need to upgrade to the latest GForge version due to a security problem) and putting in the e-mail an HTML link that points to an specially crafted url that inserts an html form in the GForge login page and when the user press the login button, he/she send the credentials to the attackers website.

The 'forgot your password?' feature allows a remote user to load a certain URL to cause the service to send a validation e-mail to the specified user's e-mail address. There is no limit to the number of messages sent over a period of time, so a remote user can flood the target user's secondary e-mail address. E-Mail Flood, E-Mail bomber.

Solution

Update the affected package.

See Also

http://marc.info/?l=bugtraq&m=112259845904350

http://www.nessus.org/u?989c3706

Plugin Details

Severity: Medium

ID: 56498

File Name: freebsd_pkg_d7cd501508c911dabc080001020eed82.nasl

Version: 1.6

Type: local

Published: 10/14/2011

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.8

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

Vulnerability Information

CPE: cpe:/o:freebsd:freebsd, p-cpe:/a:freebsd:freebsd:gforge

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Exploit Available: true

Exploit Ease: No exploit is required

Patch Publication Date: 8/9/2005

Vulnerability Publication Date: 7/27/2005

Reference Information

CVE: CVE-2005-2430, CVE-2005-2431

BID: 14405