ID CVE-2015-5959 Type cve Reporter cve@mitre.org Modified 2017-09-07T19:53:00
Description
Froxlor before 0.9.33.2 with the default configuration/setup might allow remote attackers to obtain the database password by reading /logs/sql-error.log.
{"openvas": [{"lastseen": "2020-05-12T17:25:02", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-5959"], "description": "Froxlor is prone to a information disclosure vulnerability.", "modified": "2020-05-08T00:00:00", "published": "2015-08-03T00:00:00", "id": "OPENVAS:1361412562310106036", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310106036", "type": "openvas", "title": "Froxlor Information Disclosure Vulnerability", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Froxlor Information Disclosure Vulnerability\n#\n# Authors:\n# Christian Kuersteiner <christian.kuersteiner@greenbone.net>\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:froxlor:froxlor\";\n\nif (description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.106036\");\n script_version(\"2020-05-08T11:13:33+0000\");\n script_tag(name:\"last_modification\", value:\"2020-05-08 11:13:33 +0000 (Fri, 08 May 2020)\");\n script_tag(name:\"creation_date\", value:\"2015-08-03 13:44:55 +0700 (Mon, 03 Aug 2015)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n\n script_cve_id(\"CVE-2015-5959\");\n\n script_tag(name:\"qod_type\", value:\"remote_vul\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_name(\"Froxlor Information Disclosure Vulnerability\");\n\n script_category(ACT_ATTACK);\n\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Web application abuses\");\n script_dependencies(\"gb_froxlor_detect.nasl\");\n script_mandatory_keys(\"froxlor/installed\");\n\n script_tag(name:\"summary\", value:\"Froxlor is prone to a information disclosure vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Send a crafted GET request and check the response.\");\n\n script_tag(name:\"insight\", value:\"An unauthenticated remote attacker is able to get the database\n password via webaccess due to wrong file permissions of the /logs/ folder. The plain SQL password and\n username may be stored in the /logs/sql-error.log file.\");\n\n script_tag(name:\"impact\", value:\"An unauthenticated remote attacker may be able to get the plain\n SQL password and username or other sensitive information.\");\n\n script_tag(name:\"affected\", value:\"Froxlor version 0.9.33.1 and before.\");\n\n script_tag(name:\"solution\", value:\"Update to version 0.9.33.2 or later.\");\n\n script_xref(name:\"URL\", value:\"http://www.openwall.com/lists/oss-security/2015/07/29/8\");\n\n exit(0);\n}\n\ninclude(\"http_func.inc\");\ninclude(\"http_keepalive.inc\");\ninclude(\"host_details.inc\");\n\nif (!port = get_app_port(cpe: CPE))\n exit(0);\n\nif (!dir = get_app_location(cpe: CPE, port: port))\n exit(0);\n\nif (dir == \"/\")\n dir = \"\";\n\nurl = dir + \"/logs/sql-error.log\";\nreq = http_get(item: url, port: port);\nres = http_keepalive_send_recv(port: port, data: req, bodyonly: FALSE);\n\nif (res =~ \"^HTTP/1\\.[01] 200\" && \"SQLSTATE[HY000]\" >< res) {\n report = http_report_vuln_url( port:port, url:url );\n security_message(port: port, data:report);\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "nessus": [{"lastseen": "2021-01-07T10:48:36", "description": "oss-security-list@demlak.de reports :\n\nAn unauthenticated remote attacker is able to get the database\npassword via webaccess due to wrong file permissions of the /logs/\nfolder in froxlor version 0.9.33.1 and earlier. The plain SQL password\nand username may be stored in the /logs/sql-error.log file. This\ndirectory is publicly reachable under the default configuration/setup.\n\nNote that froxlor 0.9.33.2 prevents future logging of passwords but\ndoes not retroactively remove passwords already logged. Michael\nKaufmann, the Froxlor lead developer reports :\n\nRemoving all .log files from the directory should do the job,\nalternatively just use the class.ConfigIO.php from Github", "edition": 25, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2015-08-13T00:00:00", "title": "FreeBSD : froxlor -- database password information leak (9ee72858-4159-11e5-93ad-002590263bf5)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-5959"], "modified": "2015-08-13T00:00:00", "cpe": ["cpe:/o:freebsd:freebsd", "p-cpe:/a:freebsd:freebsd:froxlor"], "id": "FREEBSD_PKG_9EE72858415911E593AD002590263BF5.NASL", "href": "https://www.tenable.com/plugins/nessus/85369", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(85369);\n script_version(\"2.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2015-5959\");\n\n script_name(english:\"FreeBSD : froxlor -- database password information leak (9ee72858-4159-11e5-93ad-002590263bf5)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"oss-security-list@demlak.de reports :\n\nAn unauthenticated remote attacker is able to get the database\npassword via webaccess due to wrong file permissions of the /logs/\nfolder in froxlor version 0.9.33.1 and earlier. The plain SQL password\nand username may be stored in the /logs/sql-error.log file. This\ndirectory is publicly reachable under the default configuration/setup.\n\nNote that froxlor 0.9.33.2 prevents future logging of passwords but\ndoes not retroactively remove passwords already logged. Michael\nKaufmann, the Froxlor lead developer reports :\n\nRemoving all .log files from the directory should do the job,\nalternatively just use the class.ConfigIO.php from Github\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=202262\"\n );\n # http://seclists.org/oss-sec/2015/q3/238\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://seclists.org/oss-sec/2015/q3/238\"\n );\n # https://forum.froxlor.org/index.php/topic/13054-important-bugfix-release-09332/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?71339434\"\n );\n # https://vuxml.freebsd.org/freebsd/9ee72858-4159-11e5-93ad-002590263bf5.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f3254528\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:froxlor\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/07/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/08/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/08/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"froxlor<0.9.33.2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "freebsd": [{"lastseen": "2019-05-29T18:33:06", "bulletinFamily": "unix", "cvelist": ["CVE-2015-5959"], "description": "\noss-security-list@demlak.de reports:\n\nAn unauthenticated remote attacker is able to get the database\n\t password via webaccess due to wrong file permissions of the /logs/\n\t folder in froxlor version 0.9.33.1 and earlier. The plain SQL\n\t password and username may be stored in the /logs/sql-error.log file.\n\t This directory is publicly reachable under the default\n\t configuration/setup.\n\nNote that froxlor 0.9.33.2 prevents future logging of passwords but\n\t does not retroactively remove passwords already logged. Michael\n\t Kaufmann, the Froxlor lead developer reports:\n\nRemoving all .log files from the directory should do the job,\n\t alternatively just use the class.ConfigIO.php from Github\n\n", "edition": 5, "modified": "2015-07-29T00:00:00", "published": "2015-07-29T00:00:00", "id": "9EE72858-4159-11E5-93AD-002590263BF5", "href": "https://vuxml.freebsd.org/freebsd/9ee72858-4159-11e5-93ad-002590263bf5.html", "title": "froxlor -- database password information leak", "type": "freebsd", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}]}
