ID CVE-2001-0913 Type cve Reporter cve@mitre.org Modified 2016-10-18T02:13:00
Description
Format string vulnerability in Network Solutions Rwhoisd 1.5.7.2 and earlier, when using syslog, allows remote attackers to corrupt memory and possibly execute arbitrary code via a rwhois request that contains format specifiers.
{"osvdb": [{"lastseen": "2017-04-28T13:19:55", "bulletinFamily": "software", "cvelist": ["CVE-2001-0913"], "edition": 1, "description": "# No description provided by the source\n\n## References:\nMail List Post: http://marc.theaimsgroup.com/?l=bugtraq&m=100655265508104&w=2\nISS X-Force ID: 7597\n[CVE-2001-0913](https://vulners.com/cve/CVE-2001-0913)\n", "modified": "2001-11-22T00:00:00", "published": "2001-11-22T00:00:00", "href": "https://vulners.com/osvdb/OSVDB:671", "id": "OSVDB:671", "title": "Network Solutions Rwhoisd Syslog Remote Format String", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "nessus": [{"lastseen": "2021-01-01T05:31:20", "description": "The remote rwhois daemon is vulnerable to a format string attack when \nsupplied malformed arguments to a malformed request (such as %p%p%p).\n\nAn attacker may use this flaw to gain a shell on this host.\n\n*** Note that Nessus solely relied on the banner version to\n*** issue this warning. If you manually patched rwhoisd, you\n*** may not be vulnerable to this flaw", "edition": 22, "published": "2001-11-25T00:00:00", "title": "Network Solutions Rwhoisd Syslog Remote Format String", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2001-0913"], "modified": "2021-01-02T00:00:00", "cpe": [], "id": "RWHOIS_FORMAT_STRING2.NASL", "href": "https://www.tenable.com/plugins/nessus/10804", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\ninclude(\"compat.inc\");\n\nif(description)\n{\n script_id(10804);\n script_version (\"1.14\");\n script_cvs_date(\"Date: 2018/08/13 14:32:36\");\n script_cve_id(\"CVE-2001-0913\");\n\n script_name(english:\"Network Solutions Rwhoisd Syslog Remote Format String\");\n \n script_set_attribute(attribute:\"synopsis\", value:\n\"Arbitrary code may be run on the remote server.\" );\n script_set_attribute(attribute:\"description\", value:\n\"The remote rwhois daemon is vulnerable to a format string attack when \nsupplied malformed arguments to a malformed request (such as %p%p%p).\n\nAn attacker may use this flaw to gain a shell on this host.\n\n*** Note that Nessus solely relied on the banner version to\n*** issue this warning. If you manually patched rwhoisd, you\n*** may not be vulnerable to this flaw\" );\n script_set_attribute(attribute:\"solution\", value:\n\"Disable this service or upgrade to version 1.5.7.3 or newer\" );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2001/11/25\");\n script_set_attribute(attribute:\"vuln_publication_date\", value: \"2001/11/22\");\nscript_set_attribute(attribute:\"plugin_type\", value:\"remote\");\nscript_end_attributes();\n\n script_summary(english: \"Checks the version of rwhois\");\n script_category(ACT_ATTACK);\n script_copyright(english:\"This script is Copyright (C) 2001-2018 Tenable Network Security, Inc.\");\n script_family(english: \"Gain a shell remotely\");\n script_dependencie(\"find_service1.nasl\");\n script_require_ports(\"Services/rwhois\", 4321);\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\nport = 4321;\nif(get_port_state(port))\n{\n soc = open_sock_tcp(port);\n if(soc)\n {\n # There's no way to determine remotely if the service if vulnerable\n # or not.\n r = recv(socket:soc, length:4096);\n if(egrep(pattern:\"V-1\\.([0-4]|5\\.([0-6]|7\\.[0-2]))\", \n string:r))security_hole(4321);\n }\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}]}
