FreeBSD Ports: Rt40 Network Vulnerability

Summary

The remote host is missing an update to the system as announced in the referenced advisory.

Solution

Update your system with the appropriate patches or software upgrades. http://blog.bestpractical.com/2012/05/security-vulnerabilities-in-rt.html http://www.vuxml.org/freebsd/e0a969e4-a512-11e1-90b4-e0cb4e266481.html

Insight

The following packages are affected: rt40 rt38 CVE-2011-0009 Best Practical Solutions RT 3.x before 3.8.9rc2 and 4.x before 4.0.0rc4 uses the MD5 algorithm for password hashes, which makes it easier for context-dependent attackers to determine cleartext passwords via a brute-force attack on the database.

Severity

Classification

CVE CVE-2011-0009, CVE-2011-2082, CVE-2011-2083, CVE-2011-2084, CVE-2011-2085, CVE-2011-4458, CVE-2011-4459, CVE-2011-4460

CVSS	Base Score: 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P

Related Vulnerabilities

FreeBSD Ports: asterisk16
FreeBSD Ports: clamav
django -- cross-site scripting vulnerability
FreeBSD Ports: clamav
FreeBSD Ports: asterisk

FreeBSD Ports: rt40

Take action and discover your vulnerabilities