{"nessus": [{"lastseen": "2018-09-02T00:04:52", "references": ["http://sourceforge.net/project/shownotes.php?group_id=40287&release_id=319316"], "pluginID": "18012", "description": "According to its version number, the DC++ client installed on the remote host is affected by a vulnerability that may let a remote user append data to files anywhere on the drive on which DC++ is installed.", "edition": 4, "reporter": "Tenable", "published": "2005-04-12T00:00:00", "title": "DC++ Download Drive Arbitrary File Appending", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 4.3}}, "naslFamily": "Peer-To-Peer File Sharing", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-1089"], "modified": "2018-07-06T00:00:00", "cpe": [], "id": "DCPLUSPLUS_DOWNLOAD_DRIVE_FILE_APPENDS.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=18012", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description) {\n script_id(18012);\n script_version(\"1.12\");\n script_cvs_date(\"Date: 2018/07/06 11:26:08\");\n\n script_cve_id(\"CVE-2005-1089\");\n script_bugtraq_id(13088);\n\n script_name(english:\"DC++ Download Drive Arbitrary File Appending\");\n script_summary(english:\"Checks for download drive file appending vulnerability in DC++\");\n \n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host contains an application that is affected by a\nfile integrity flaw.\" );\n script_set_attribute(attribute:\"description\", value:\n\"According to its version number, the DC++ client installed on the\nremote host is affected by a vulnerability that may let a remote user\nappend data to files anywhere on the drive on which DC++ is\ninstalled.\" );\n script_set_attribute(attribute:\"see_also\", value:\"http://sourceforge.net/project/shownotes.php?group_id=40287&release_id=319316\" );\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to DC++ 0.674 or later.\" );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2005/04/12\");\n script_set_attribute(attribute:\"vuln_publication_date\", value: \"2005/04/11\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_end_attributes();\n \n script_category(ACT_GATHER_INFO);\n script_family(english:\"Peer-To-Peer File Sharing\");\n script_copyright(english:\"This script is Copyright (C) 2005-2018 Tenable Network Security, Inc.\");\n script_dependencies(\"smb_hotfixes.nasl\");\n script_require_keys(\"SMB/Registry/Enumerated\");\n script_require_ports(139, 445);\n\n exit(0);\n}\n\n\n# Look in the registry for the version of DC++ installed.\nkey = \"SMB/Registry/HKLM/SOFTWARE/Microsoft/Windows/CurrentVersion/Uninstall/DC++/DisplayVersion\";\nver = get_kb_item(key);\nif (ver && ver =~ \"^0\\.([0-5]|6([0-6]|7[0-3]))\")\n security_warning(get_kb_item(\"SMB/transport\"));\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}]}
