Summary
The remote host is missing an update to twiki
announced via advisory DSA 1639-1.
Solution
https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201639-1
Insight
It was discovered that twiki, a web based collaboration platform, didn't properly sanitize the image parameter in its configuration script.
This could allow remote users to execute arbitrary commands upon the system, or read any files which were readable by the webserver user.
For the stable distribution (etch), this problem has been fixed in version 1:4.0.5-9.1etch1.
For the unstable distribution (sid), this problem will be fixed soon.
We recommend that you upgrade your twiki package.
Severity
Classification
-
CVE CVE-2008-3195 -
CVSS Base Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P
Related Vulnerabilities