ID CVE-2014-6262 Type cve Reporter cve@mitre.org Modified 2020-02-26T14:15:00
Description
Multiple format string vulnerabilities in the python module in RRDtool, as used in Zenoss Core before 4.2.5 and other products, allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted third argument to the rrdtool.graph function, aka ZEN-15415, a related issue to CVE-2013-2131.
{"id": "CVE-2014-6262", "bulletinFamily": "NVD", "title": "CVE-2014-6262", "description": "Multiple format string vulnerabilities in the python module in RRDtool, as used in Zenoss Core before 4.2.5 and other products, allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted third argument to the rrdtool.graph function, aka ZEN-15415, a related issue to CVE-2013-2131.", "published": "2020-02-12T02:15:00", "modified": "2020-02-26T14:15:00", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6262", "reporter": "cve@mitre.org", "references": ["https://docs.google.com/spreadsheets/d/1dHAc4PxUbs-4Dxzm1wSCE0sMz5UCMY6SW3PlMHSyuuQ/edit?usp=sharing", "https://lists.debian.org/debian-lts-announce/2020/03/msg00000.html", "https://lists.debian.org/debian-lts-announce/2020/03/msg00003.html", "https://github.com/oetiker/rrdtool-1.x/commit/85261a013112e278c90224033f5b0592ee387786", "http://www.kb.cert.org/vuls/id/449452", "https://github.com/oetiker/rrdtool-1.x/pull/532", "https://github.com/oetiker/rrdtool-1.x/commit/64ed5314af1255ab6dded45f70b39cdeab5ae2ec", "https://www.securityfocus.com/bid/71540"], "cvelist": ["CVE-2014-6262"], "type": "cve", "lastseen": "2020-12-09T19:58:26", "edition": 9, "viewCount": 29, "enchantments": {"dependencies": {"references": [{"type": "nessus", "idList": ["DEBIAN_DLA-2131.NASL"]}, {"type": "debian", "idList": ["DEBIAN:DLA-2131-1:255A0", "DEBIAN:DLA-2131-2:719C5"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310892131"]}, {"type": "cert", "idList": ["VU:449452"]}], "modified": "2020-12-09T19:58:26", "rev": 2}, "score": {"value": 7.6, "vector": "NONE", "modified": "2020-12-09T19:58:26", "rev": 2}, "vulnersScore": 7.6}, "cpe": [], "affectedSoftware": [{"cpeName": "zenoss:zenoss_core", "name": "zenoss zenoss core", "operator": "lt", "version": "4.2.5"}], "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6}, "cpe23": [], "cwe": ["CWE-134"], "scheme": null, "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:zenoss:zenoss_core:4.2.5:*:*:*:*:*:*:*", "versionEndExcluding": "4.2.5", "vulnerable": true}], "operator": "OR"}]}}
{"nessus": [{"lastseen": "2021-01-12T09:42:12", "description": "It was discovered that there was a regression in a previous fix, which\nresulted in the following error :\n\nERROR: cannot compile regular expression: Error while compiling\nregular expression ^(?:[^%]+|%%)*%[+-\n0#]?[0-9]*([.][0-9]+)?l[eEfF](?:[^%]+|%%)*%s(?:[^%]+|%%)*$ at char 18:\nrange out of order in character class (^(?:[^%]+|%%)*%[+-\n0#]?[0-9]*([.][0-9]+)?l[eEfF](?:[^%]+|%%)*%s(?:[^%]+|%%)*$)\n\nFor Debian 8 'Jessie', this problem has been fixed in version\n1.4.8-1.2+deb8u2.\n\nWe recommend that you upgrade your rrdtool packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.", "edition": 4, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2020-03-02T00:00:00", "title": "Debian DLA-2131-2 : rrdtool regression update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-6262"], "modified": "2020-03-02T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:ruby-rrd", "cpe:/o:debian:debian_linux:8.0", "p-cpe:/a:debian:debian_linux:liblua5.1-rrd-dev", "p-cpe:/a:debian:debian_linux:librrd-dev", "p-cpe:/a:debian:debian_linux:python-rrdtool", "p-cpe:/a:debian:debian_linux:librrd-ruby1.9.1", "p-cpe:/a:debian:debian_linux:rrdcached", "p-cpe:/a:debian:debian_linux:rrdtool", "p-cpe:/a:debian:debian_linux:rrdtool-dbg", "p-cpe:/a:debian:debian_linux:rrdtool-tcl", "p-cpe:/a:debian:debian_linux:librrds-perl", "p-cpe:/a:debian:debian_linux:librrd4", "p-cpe:/a:debian:debian_linux:librrd-ruby", "p-cpe:/a:debian:debian_linux:liblua5.1-rrd0", "p-cpe:/a:debian:debian_linux:librrdp-perl", "p-cpe:/a:debian:debian_linux:librrd-ruby1.8"], "id": "DEBIAN_DLA-2131.NASL", "href": "https://www.tenable.com/plugins/nessus/134182", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-2131-2. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(134182);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2014-6262\");\n script_bugtraq_id(71540);\n\n script_name(english:\"Debian DLA-2131-2 : rrdtool regression update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that there was a regression in a previous fix, which\nresulted in the following error :\n\nERROR: cannot compile regular expression: Error while compiling\nregular expression ^(?:[^%]+|%%)*%[+-\n0#]?[0-9]*([.][0-9]+)?l[eEfF](?:[^%]+|%%)*%s(?:[^%]+|%%)*$ at char 18:\nrange out of order in character class (^(?:[^%]+|%%)*%[+-\n0#]?[0-9]*([.][0-9]+)?l[eEfF](?:[^%]+|%%)*%s(?:[^%]+|%%)*$)\n\nFor Debian 8 'Jessie', this problem has been fixed in version\n1.4.8-1.2+deb8u2.\n\nWe recommend that you upgrade your rrdtool packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2020/03/msg00003.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/rrdtool\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:U/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:U/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:liblua5.1-rrd-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:liblua5.1-rrd0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:librrd-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:librrd-ruby\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:librrd-ruby1.8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:librrd-ruby1.9.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:librrd4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:librrdp-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:librrds-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:python-rrdtool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:rrdcached\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:rrdtool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:rrdtool-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:rrdtool-tcl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ruby-rrd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/02/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/03/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/03/02\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"liblua5.1-rrd-dev\", reference:\"1.4.8-1.2+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"liblua5.1-rrd0\", reference:\"1.4.8-1.2+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"librrd-dev\", reference:\"1.4.8-1.2+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"librrd-ruby\", reference:\"1.4.8-1.2+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"librrd-ruby1.8\", reference:\"1.4.8-1.2+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"librrd-ruby1.9.1\", reference:\"1.4.8-1.2+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"librrd4\", reference:\"1.4.8-1.2+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"librrdp-perl\", reference:\"1.4.8-1.2+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"librrds-perl\", reference:\"1.4.8-1.2+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"python-rrdtool\", reference:\"1.4.8-1.2+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"rrdcached\", reference:\"1.4.8-1.2+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"rrdtool\", reference:\"1.4.8-1.2+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"rrdtool-dbg\", reference:\"1.4.8-1.2+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"rrdtool-tcl\", reference:\"1.4.8-1.2+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"ruby-rrd\", reference:\"1.4.8-1.2+deb8u2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "debian": [{"lastseen": "2021-01-20T13:16:15", "bulletinFamily": "unix", "cvelist": ["CVE-2014-6262"], "description": "Package : rrdtool\nVersion : 1.4.8-1.2+deb8u2\nCVE ID : CVE-2014-6262\nDebian Bug : 952958\n\n\nIt was discovered that there was a regression in a previous fix, which\nresulted in the following error:\n\nERROR: cannot compile regular expression: Error while compiling regular\nexpression ^(?:[^%]+|%%)*%[+-\n0#]?[0-9]*([.][0-9]+)?l[eEfF](?:[^%]+|%%)*%s(?:[^%]+|%%)*$ at char 18:\nrange out of order in character class (^(?:[^%]+|%%)*%[+-\n0#]?[0-9]*([.][0-9]+)?l[eEfF](?:[^%]+|%%)*%s(?:[^%]+|%%)*$)\n\nFor Debian 8 "Jessie", this problem has been fixed in version\n1.4.8-1.2+deb8u2.\n\nWe recommend that you upgrade your rrdtool packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\n\n\nBest,\nUtkarsh\n", "edition": 9, "modified": "2020-03-02T18:58:40", "published": "2020-03-02T18:58:40", "id": "DEBIAN:DLA-2131-2:719C5", "href": "https://lists.debian.org/debian-lts-announce/2020/debian-lts-announce-202003/msg00003.html", "title": "[SECURITY] [DLA 2131-2] rrdtool regression update", "type": "debian", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-20T13:25:52", "bulletinFamily": "unix", "cvelist": ["CVE-2014-6262", "CVE-2013-2131"], "description": "Package : rrdtool\nVersion : 1.4.8-1.2+deb8u1\nCVE ID : CVE-2014-6262\n\n\nMultiple format string vulnerabilities in RRDtool, as used in Zenoss\nCore before 4.2.5 and other products, allow remote attackers to\nexecute arbitrary code or cause a denial of service (application\ncrash) via a crafted third argument to the rrdtool.graph function, aka\nZEN-15415, a related issue to CVE-2013-2131.\n\nFor Debian 8 "Jessie", this problem has been fixed in version\n1.4.8-1.2+deb8u1.\n\nWe recommend that you upgrade your rrdtool packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\n\n\nBest,\nUtkarsh\n", "edition": 9, "modified": "2020-03-01T20:41:53", "published": "2020-03-01T20:41:53", "id": "DEBIAN:DLA-2131-1:255A0", "href": "https://lists.debian.org/debian-lts-announce/2020/debian-lts-announce-202003/msg00000.html", "title": "[SECURITY] [DLA 2131-1] rrdtool security update", "type": "debian", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "openvas": [{"lastseen": "2020-03-03T18:54:54", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-6262", "CVE-2013-2131"], "description": "The remote host is missing an update for the ", "modified": "2020-03-02T00:00:00", "published": "2020-03-02T00:00:00", "id": "OPENVAS:1361412562310892131", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310892131", "type": "openvas", "title": "Debian LTS: Security Advisory for rrdtool (DLA-2131-1)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.892131\");\n script_version(\"2020-03-02T04:00:06+0000\");\n script_cve_id(\"CVE-2013-2131\", \"CVE-2014-6262\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-03-02 04:00:06 +0000 (Mon, 02 Mar 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-03-02 04:00:06 +0000 (Mon, 02 Mar 2020)\");\n script_name(\"Debian LTS: Security Advisory for rrdtool (DLA-2131-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB8\");\n\n script_xref(name:\"URL\", value:\"https://lists.debian.org/debian-lts-announce/2020/03/msg00000.html\");\n script_xref(name:\"URL\", value:\"https://security-tracker.debian.org/tracker/DLA-2131-1\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'rrdtool'\n package(s) announced via the DLA-2131-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple format string vulnerabilities in RRDtool, as used in Zenoss\nCore before 4.2.5 and other products, allow remote attackers to\nexecute arbitrary code or cause a denial of service (application\ncrash) via a crafted third argument to the rrdtool.graph function, aka\nZEN-15415, a related issue to CVE-2013-2131.\");\n\n script_tag(name:\"affected\", value:\"'rrdtool' package(s) on Debian Linux.\");\n\n script_tag(name:\"solution\", value:\"For Debian 8 'Jessie', this problem has been fixed in version\n1.4.8-1.2+deb8u1.\n\nWe recommend that you upgrade your rrdtool packages.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"liblua5.1-rrd-dev\", ver:\"1.4.8-1.2+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"liblua5.1-rrd0\", ver:\"1.4.8-1.2+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"librrd-dev\", ver:\"1.4.8-1.2+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"librrd-ruby\", ver:\"1.4.8-1.2+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"librrd-ruby1.8\", ver:\"1.4.8-1.2+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"librrd-ruby1.9.1\", ver:\"1.4.8-1.2+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"librrd4\", ver:\"1.4.8-1.2+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"librrdp-perl\", ver:\"1.4.8-1.2+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"librrds-perl\", ver:\"1.4.8-1.2+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"python-rrdtool\", ver:\"1.4.8-1.2+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"rrdcached\", ver:\"1.4.8-1.2+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"rrdtool\", ver:\"1.4.8-1.2+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"rrdtool-dbg\", ver:\"1.4.8-1.2+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"rrdtool-tcl\", ver:\"1.4.8-1.2+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"ruby-rrd\", ver:\"1.4.8-1.2+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n\nexit(0);\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "cert": [{"lastseen": "2020-09-18T20:41:44", "bulletinFamily": "info", "cvelist": ["CVE-2014-6253", "CVE-2014-6254", "CVE-2014-6255", "CVE-2014-6256", "CVE-2014-6257", "CVE-2014-6258", "CVE-2014-6259", "CVE-2014-6260", "CVE-2014-6261", "CVE-2014-6262", "CVE-2014-9245", "CVE-2014-9246", "CVE-2014-9247", "CVE-2014-9248", "CVE-2014-9249", "CVE-2014-9250", "CVE-2014-9251", "CVE-2014-9252"], "description": "### Overview \n\nThe Zenoss Core application, server, and network management platform software contains multiple vulnerabilities, the most severe of which could allow a remote attacker to execute arbitrary code.\n\n### Description \n\nThe Zenoss Core application, server, and network management platform software version 4.2.4 contains a collection of vulnerabilities that impacts several aspects of the software. A brief summary of the types of vulnerabilities present is provided below.\n\nCVE-2014-6253: Systemic Cross Site Request Forgery \nCVE-2014-6254: Systemic Stored Cross-Site Scripting in Zenoss Attributes \nCVE-2014-6254: Cross Site Scripting from Exposed Helper Methods \nCVE-2014-6255: Open Redirect in Login Form \nCVE-2014-6256: Authorization Bypass Allows Moving Arbitrary Files \nCVE-2014-6257: Systemic Authorization Bypasses \nCVE-2014-6258: Denial of Service from User-Supplied Regular Expression \nCVE-2014-6259: Denial of Service via XML Recursive Entity Expansion (\"Billion Laughs\") \nCVE-2014-6260: Page Command can be Edited Without Password Re-Entry \nCVE-2014-6261: Remote Code Execution via Version Check \nCVE-2014-6262: Denial of Service via RRDtool Format String Vulnerability (this vulnerability is due to RRDtool) \nCVE-2014-9245: Stack Trace Contains Internal URLs and Other Sensitive Information \nCVE-2014-9246: Cross-Site Request Forgery Leads to ZenPack Installation \nCVE-2014-9246: Sessions Do Not Expire \nCVE-2014-9247: User Enumeration via User Manager \nCVE-2014-9248: No Password Complexity Requirements \nCVE-2014-9249: Exposed Services in Default Configuration \nCVE-2014-9250: Cookie Authentication is Insecure \nCVE-2014-9251: Weak Password Hashing Algorithm \nCVE-2014-9252: Plaintext Password Stored in Session on Server \n \nFor more details, please see [this spreadsheet](<https://docs.google.com/spreadsheets/d/1dHAc4PxUbs-4Dxzm1wSCE0sMz5UCMY6SW3PlMHSyuuQ/edit?usp=sharing>), specifically the \"Impact Description\" column. Included in the linked spreadsheet are Zenoss tracking numbers for each issue. \n \nThe CVSS score below is based on CVE-2014-9246. \n \n--- \n \n### Impact \n\nThe most severe issues (CVE-2014-6261 and CVE-2014-9246) allow remote code execution and installation of arbitrary packages, allowing full compromise of the system running Zenoss. For more details, please see [this spreadsheet](<https://docs.google.com/spreadsheets/d/1dHAc4PxUbs-4Dxzm1wSCE0sMz5UCMY6SW3PlMHSyuuQ/edit?usp=sharing>), specifically the \"Impact Description\" column. \n \n--- \n \n### Solution \n\n**Apply an update manually** \n \nCVE-2014-6255 and CVE-2014-9246 (Sessions Do Not Expire) are resolved in the latest Zenoss Core 4.2.5 SP. Manually download the update as described below (\"Disable automatic update check\"), and apply the update as soon as possible. \n \nZenoss plans for most of the rest of the issues to be addressed in a future maintenance release of Zenoss Core 5. \n \nFor more information, please see [this spreadsheet](<https://docs.google.com/spreadsheets/d/1dHAc4PxUbs-4Dxzm1wSCE0sMz5UCMY6SW3PlMHSyuuQ/edit?usp=sharing>); specifically the \"Vendor Status\" column which provides the vendor's response for the issue, and the \"Zenoss Bug ID\" column which provides Zenoss's internal tracking number for the issue. \n \n--- \n \n**Use SSL/HTTPS** \n \nCVE-2014-9250 can be mitigated by enabling SSL/HTTPS to better protect cookie-based authentication data. Please see Zenoss's recommendation in [this spreadsheet](<https://docs.google.com/spreadsheets/d/1dHAc4PxUbs-4Dxzm1wSCE0sMz5UCMY6SW3PlMHSyuuQ/edit?usp=sharing>). \n \n**Disable automatic update check** \n \nCVE-2014-6261 can be mitigated by unchecking \"Check For Updates\" in the Zenoss Versions page in the web interface. Note that you can also manually check for updates in the web interface, which triggers the same actions, and is therefore also vulnerable. Instead, users should check the Zenoss website for new versions, rather than using the in-app check. To avoid CSRF exploitation, users should also use a separate browser (or profile) for Zenoss, that is not shared with any other browsing. \n \n--- \n \n### Vendor Information\n\n449452\n\nFilter by status: All Affected Not Affected Unknown\n\nFilter by content: __ Additional information available\n\n__ Sort by: Status Alphabetical\n\nExpand all\n\n**Javascript is disabled. Click here to view vendors.**\n\n### Zenoss __ Affected\n\nNotified: November 12, 2014 Updated: December 03, 2014 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nThe vendor has provided a statement regarding the vulnerabilities. The vendor's statement is available as the \"Vendor Status\" column in[ this spreadsheet summary](<https://docs.google.com/spreadsheets/d/1dHAc4PxUbs-4Dxzm1wSCE0sMz5UCMY6SW3PlMHSyuuQ/edit?usp=sharing>) of the vulnerabilities.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n \n\n\n### CVSS Metrics \n\nGroup | Score | Vector \n---|---|--- \nBase | 8.5 | AV:N/AC:M/Au:S/C:C/I:C/A:C \nTemporal | 7.7 | E:POC/RL:U/RC:C \nEnvironmental | 7.7 | CDP:ND/TD:H/CR:ND/IR:ND/AR:ND \n \n \n\n\n### References \n\n<https://docs.google.com/spreadsheets/d/1dHAc4PxUbs-4Dxzm1wSCE0sMz5UCMY6SW3PlMHSyuuQ/edit?usp=sharing>\n\n### Acknowledgements\n\nThanks to Ryan Koppenhaver and Andy Schmitz of Matasano Security for reporting these vulnerabilities.\n\nThis document was written by Garret Wassermann.\n\n### Other Information\n\n**CVE IDs:** | [CVE-2014-6253](<http://web.nvd.nist.gov/vuln/detail/CVE-2014-6253>), [CVE-2014-6254](<http://web.nvd.nist.gov/vuln/detail/CVE-2014-6254>), [CVE-2014-9245](<http://web.nvd.nist.gov/vuln/detail/CVE-2014-9245>), [CVE-2014-6255](<http://web.nvd.nist.gov/vuln/detail/CVE-2014-6255>), [CVE-2014-6261](<http://web.nvd.nist.gov/vuln/detail/CVE-2014-6261>), [CVE-2014-6256](<http://web.nvd.nist.gov/vuln/detail/CVE-2014-6256>), [CVE-2014-9246](<http://web.nvd.nist.gov/vuln/detail/CVE-2014-9246>), [CVE-2014-9247](<http://web.nvd.nist.gov/vuln/detail/CVE-2014-9247>), [CVE-2014-9248](<http://web.nvd.nist.gov/vuln/detail/CVE-2014-9248>), [CVE-2014-6257](<http://web.nvd.nist.gov/vuln/detail/CVE-2014-6257>), [CVE-2014-9249](<http://web.nvd.nist.gov/vuln/detail/CVE-2014-9249>), [CVE-2014-9250](<http://web.nvd.nist.gov/vuln/detail/CVE-2014-9250>), [CVE-2014-6258](<http://web.nvd.nist.gov/vuln/detail/CVE-2014-6258>), [CVE-2014-6260](<http://web.nvd.nist.gov/vuln/detail/CVE-2014-6260>), [CVE-2014-9251](<http://web.nvd.nist.gov/vuln/detail/CVE-2014-9251>), [CVE-2014-6259](<http://web.nvd.nist.gov/vuln/detail/CVE-2014-6259>), [CVE-2014-6262](<http://web.nvd.nist.gov/vuln/detail/CVE-2014-6262>), [CVE-2014-9252](<http://web.nvd.nist.gov/vuln/detail/CVE-2014-9252>) \n---|--- \n**Date Public:** | 2014-12-05 \n**Date First Published:** | 2014-12-05 \n**Date Last Updated: ** | 2014-12-08 15:54 UTC \n**Document Revision: ** | 46 \n", "modified": "2014-12-08T15:54:00", "published": "2014-12-05T00:00:00", "id": "VU:449452", "href": "https://www.kb.cert.org/vuls/id/449452", "type": "cert", "title": "Zenoss Core contains multiple vulnerabilities", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}]}
