Debian Local Security Checks : Debian Security Advisory DSA 2414-1 (fex)

Vulnerability Search		Search 324607 CVE descriptions and 146377 test descriptions, access 10,000+ cross references.
	Tests CVE All

Test ID: 1.3.6.1.4.1.25623.1.0.71141

Category: Debian Local Security Checks

Title: Debian Security Advisory DSA 2414-1 (fex)

Summary: The remote host is missing an update to fex announced via advisory DSA 2414-1.;; This VT has been deprecated and merged into the VT 'Debian: Security Advisory (DSA-2414)' (OID: 1.3.6.1.4.1.25623.1.0.71145).

Description: Summary:
The remote host is missing an update to fex announced via advisory DSA 2414-1.

This VT has been deprecated and merged into the VT 'Debian: Security Advisory (DSA-2414)' (OID: 1.3.6.1.4.1.25623.1.0.71145).

Vulnerability Insight:
Nicola Fioravanti discovered that F*X, a web service for transferring
very large files, is not properly sanitizing input parameters of the fup
script. An attacker can use this flaw to conduct reflected cross-site
scripting attacks via various script parameters.

For the stable distribution (squeeze), this problem has been fixed in
version 20100208+debian1-1+squeeze2.

For the testing distribution (wheezy), this problem will be fixed soon.

For the unstable distribution (sid), this problem has been fixed
in version 20120215-1.

Solution:
We recommend that you upgrade your fex packages.

CVSS Score:
4.3

CVSS Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2012-0869
BugTraq ID: 52085
http://www.securityfocus.com/bid/52085
Bugtraq: 20120220 Re: Vulnerabilitites in Debian F*EX <= 20100208 and F*EX 20111129-2. (Google Search)
http://archives.neohapsis.com/archives/bugtraq/2012-02/0112.html
Bugtraq: 20120220 Vulnerabilitites in Debian F*EX <= 20100208 and F*EX 20111129-2. (Google Search)
http://archives.neohapsis.com/archives/bugtraq/2012-02/0109.html
Debian Security Information: DSA-2414 (Google Search)
http://www.debian.org/security/2012/dsa-2414
http://www.openwall.com/lists/oss-security/2012/02/20/8
http://www.openwall.com/lists/oss-security/2012/02/20/1
http://www.openwall.com/lists/oss-security/2012/02/23/2
http://osvdb.org/79420
http://secunia.com/advisories/47971
XForce ISS Database: fastfileexchange-fup-id-xss(78966)
https://exchange.xforce.ibmcloud.com/vulnerabilities/78966

Copyright Copyright (C) 2012 E-Soft Inc.

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

Test ID:	1.3.6.1.4.1.25623.1.0.71141
Category:	Debian Local Security Checks
Title:	Debian Security Advisory DSA 2414-1 (fex)
Summary:	The remote host is missing an update to fex announced via advisory DSA 2414-1.;; This VT has been deprecated and merged into the VT 'Debian: Security Advisory (DSA-2414)' (OID: 1.3.6.1.4.1.25623.1.0.71145).
Description:	Summary: The remote host is missing an update to fex announced via advisory DSA 2414-1. This VT has been deprecated and merged into the VT 'Debian: Security Advisory (DSA-2414)' (OID: 1.3.6.1.4.1.25623.1.0.71145). Vulnerability Insight: Nicola Fioravanti discovered that F*X, a web service for transferring very large files, is not properly sanitizing input parameters of the fup script. An attacker can use this flaw to conduct reflected cross-site scripting attacks via various script parameters. For the stable distribution (squeeze), this problem has been fixed in version 20100208+debian1-1+squeeze2. For the testing distribution (wheezy), this problem will be fixed soon. For the unstable distribution (sid), this problem has been fixed in version 20120215-1. Solution: We recommend that you upgrade your fex packages. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2012-0869 BugTraq ID: 52085 http://www.securityfocus.com/bid/52085 Bugtraq: 20120220 Re: Vulnerabilitites in Debian FEX <= 20100208 and FEX 20111129-2. (Google Search) http://archives.neohapsis.com/archives/bugtraq/2012-02/0112.html Bugtraq: 20120220 Vulnerabilitites in Debian FEX <= 20100208 and FEX 20111129-2. (Google Search) http://archives.neohapsis.com/archives/bugtraq/2012-02/0109.html Debian Security Information: DSA-2414 (Google Search) http://www.debian.org/security/2012/dsa-2414 http://www.openwall.com/lists/oss-security/2012/02/20/8 http://www.openwall.com/lists/oss-security/2012/02/20/1 http://www.openwall.com/lists/oss-security/2012/02/23/2 http://osvdb.org/79420 http://secunia.com/advisories/47971 XForce ISS Database: fastfileexchange-fup-id-xss(78966) https://exchange.xforce.ibmcloud.com/vulnerabilities/78966
Copyright	Copyright (C) 2012 E-Soft Inc.