nessus-plugins/scripts cvs_file_existence_info_weak.nasl,NONE,1.1
Update of /usr/local/cvs/nessus-plugins/scripts
In directory raccoon.nessus.org:/tmp/cvs-serv34435
Added Files:
cvs_file_existence_info_weak.nasl
Log Message:
new cvs check from David Maciejak
--- NEW FILE: cvs_file_existence_info_weak.nasl ---
# This script was written by David Maciejak <david dot maciejak at kyxar dot fr>
# based on work from
# (C) Tenable Network Security
#
# Ref: Sebastian Krahmer
if(description)
{
script_id(14313);
script_bugtraq_id(10955);
script_cve_id("CAN-2004-0778");
script_version ("$Revision: 1.1 $");
name["english"] = "CVS file existence information disclosure weakness";
script_name(english:name["english"]);
desc["english"] = "
The remote CVS server, according to its version number,
can be exploited by malicious users to gain knowledge of
certain system information.
This behaviour can be exploited to determine the existence
and permissions of arbitrary files and directories on a
vulnerable system.
Solution : Upgrade to CVS 1.11.17 and 1.12.9, or newer
Risk Factor : Low";
script_description(english:desc["english"]);
summary["english"] = "Logs into the remote CVS server and asks the version";
script_summary(english:summary["english"]);
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2004 David Maciejak");
family["english"] = "General";
script_family(english:family["english"]);
script_require_ports("Services/cvspserver", port);
script_dependencies("find_service.nes", "cvs_public_pserver.nasl");
exit(0);
}
port = get_kb_item("Services/cvspserver");
if(!port)
port = 2401;
if(!get_port_state(port))
exit(0);
login = get_kb_item(string("cvs/", port, "/login"));
pass = get_kb_item(string("cvs/", port, "/pass"));
dir = get_kb_item(string("cvs/", port, "/dir"));
if(!login || !dir) {
soc = open_sock_tcp(port);
if(!soc)
exit(0);
req = string("BEGIN AUTH REQUEST\n",
"\n",
"\n",
"A\n",
"END AUTH REQUEST\n");
send(socket:soc, data:req);
r = recv_line(socket:soc, length:4096);
if("repository" >< r || "I HATE" >< r)
exit(0);
}
soc = open_sock_tcp(port);
if(!soc)
exit(0);
req = string("BEGIN AUTH REQUEST\n",
dir, "\n",
login,"\n",
"A", pass,"\n",
"END AUTH REQUEST\n");
send(socket:soc, data:req);
r = recv_line(socket:soc, length:4096);
if("I LOVE YOU" >< r)
{
send(socket:soc, data:string("version\n"));
r = recv_line(socket:soc, length:4096);
if("Concurrent" >< r)
{
set_kb_item(name:string("cvs/", port, "/version"), value:r);
if(ereg(pattern:".* 1\.([0-9]\.|10\.|11\.([0-9][^0-9]|1[0-6])|12\.[0-8][^0-9]).*", string:r))
security_warning(port);
}
}
close(soc);
- Previous by Date: nessus-plugins/scripts nikto.nasl, 1.3, 1.4 ssh_settings.nasl, 1.7, 1.8 ssh_get_info.nasl, 1.17, 1.18 snmpwalk_portscan.nasl, 1.2, 1.3
- Next by Date: nessus-plugins/scripts kerio_webmail_multiple_flaws.nasl,1.4,1.5
- Previous by Thread: nessus-plugins/scripts cutenews_xss.nasl,NONE,1.1
- Next by Thread: nessus-plugins/scripts cvstrac_account_deletion.nasl, NONE, 1.1 cvstrac_cgi_overflows.nasl, NONE, 1.1 cvstrac_db_plaintext_pass.nasl, NONE, 1.1 cvstrac_history_overflow.nasl, NONE, 1.1 cvstrac_invalid_ticket_dos.nasl, NONE, 1.1 cvstrac_jail_escape.nasl, NONE, 1.1 cvstrac_malformed_uri_dos.nasl, NONE, 1.1 cvstrac_ticket_title.nasl, NONE, 1.1 cvstrac_timeline_overflow.nasl, NONE, 1.1 phpgroupware_html_injection.nasl, NONE, 1.1 phpgroupware_plaintext_cookie_auth_vuln.nasl, NONE, 1.1 phpgroupware_remote_file_include.nasl, NONE, 1.1 phpgroupware_server_side_exec_vuln.nasl, NONE, 1.1 phpgroupware_sql_injection.nasl, NONE, 1.1 simple_form_mail_relaying.nasl, NONE, 1.1 sympa_do_search_list_overflow.nasl, NONE, 1.1 sympa_invalid_ldap_pass.nasl, NONE, 1.1 sympa_unauthorised_list_creation.nasl, NONE, 1.1 wu_ftpd_abor_priviledge_escalation.nasl, NONE, 1.1 wu_ftpd_rnfr_file_overwrite.nasl, NONE, 1.1
-
Nessus-cvs August 2004 archives indexes sorted by: [ thread ]
[ subject ]
[ author ]
[ date ]
-
Nessus-cvs list archive Table of Contents
-
More information about the Nessus-cvs mailing list
This archive was generated by a fusion of
Pipermail 0.09 (Mailman edition) and
MHonArc 2.6.8.