ID CERBERUS_FTP_INSTALLED.NASL Type nessus Reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. Modified 2021-01-02T00:00:00
Description
Cerberus FTP server is installed on the remote host.
#
# (C) Tenable Network Security, Inc.
#
include("compat.inc");
if (description)
{
script_id(40820);
script_version("1.13");
script_cvs_date("Date: 2019/11/22");
script_name(english:"Cerberus FTP Server Detection");
script_summary(english:"Checks if Cerberus FTP is installed.");
script_set_attribute(attribute:"synopsis", value:"An FTP server is installed on the remote Windows host.");
script_set_attribute(attribute:"description", value:"Cerberus FTP server is installed on the remote host.");
script_set_attribute(attribute:"see_also", value:"https://www.cerberusftp.com/");
script_set_attribute(attribute:"solution", value:"n/a");
script_set_attribute(attribute:"risk_factor", value:"None");
script_set_attribute(attribute:"agent", value:"windows");
script_set_attribute(attribute:"plugin_publication_date", value:"2009/08/31");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:cerberusftp:ftp_server");
script_set_attribute(attribute:"asset_inventory", value:"True");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"FTP");
script_copyright(english:"This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("smb_hotfixes.nasl");
script_require_keys("SMB/Registry/Enumerated");
script_require_ports(139, 445);
exit(0);
}
include("audit.inc");
include("smb_hotfixes.inc");
include("smb_hotfixes_fcheck.inc");
include("smb_func.inc");
include("misc_func.inc");
include("smb_reg_query.inc");
include("install_func.inc");
app = "Cerberus FTP";
get_kb_item_or_exit("SMB/Registry/Enumerated");
# Connect to the appropriate share.
name = kb_smb_name();
port = kb_smb_transport();
login = kb_smb_login();
pass = kb_smb_password();
domain = kb_smb_domain();
if(! smb_session_init()) audit(AUDIT_FN_FAIL, 'smb_session_init');
win_prog_paths = make_list();
path_86 = hotfix_get_programfilesdir();
if (!isnull(path_86)) win_prog_paths = make_list(path_86);
arch = get_kb_item_or_exit('SMB/ARCH');
if (arch == "x64")
{
path_64 = hotfix_get_programfilesdirx86();
if (!isnull(path_64)) win_prog_paths = make_list(win_prog_paths, path_64);
}
potentials = make_array(
"CerberusGUI.exe", "\Cerberus LLC\Cerberus FTP Server",
"Cerberus.exe", "\Cerberus"
);
info = NULL;
current_share = NULL;
open_share = NULL;
errors = make_list();
foreach win_prog_path (win_prog_paths)
{
current_share = ereg_replace(pattern:"^([A-Za-z]):.*", replace:"\1$", string:win_prog_path);
if (isnull(open_share) || current_share != open_share)
{
if (!isnull(open_share)) NetUseDel(close:FALSE);
rc = NetUseAdd(login:login, password:pass, domain:domain, share:current_share);
if (rc != 1)
{
errors = make_list(errors, "Failed to access '"+current_share+".");
NetUseDel(close:FALSE);
open_share = NULL;
continue;
}
else open_share = current_share;
}
foreach potential (keys(potentials))
{
path = win_prog_path + potentials[potential];
file = path + "\" + potential;
file2 = ereg_replace(pattern:"^[A-Za-z]:(.*)", replace:"\1", string:file);
fh = CreateFile(
file:file2,
desired_access:GENERIC_READ,
file_attributes:FILE_ATTRIBUTE_NORMAL,
share_mode:FILE_SHARE_READ,
create_disposition:OPEN_EXISTING
);
if (!isnull(fh))
{
version = GetProductVersion(handle:fh);
if (!isnull(version) && strlen(version) > 0)
{
# Older versions return version like "#, #, #"
if (", " >< version)
version = str_replace(string:version, find:", ", replace:".");
set_kb_item(name:"SMB/CerberusFTP/" + path + "/file", value:potential);
set_kb_item(name:"SMB/CerberusFTP/" + path + "/version", value:version);
info +=
'\n' +
'\n Path : ' + path +
'\n Version : ' + version;
}
else errors = make_list(errors, "Failed to get version of "+file+".");
CloseFile(handle:fh);
}
}
}
NetUseDel();
# Grab interface configuration if possible
winroot = hotfix_get_systemroot();
share = ereg_replace(pattern:'^([A-Za-z]:).*', replace:"\1\", string:winroot);
interface_files = make_list(
"ProgramData\Cerberus LLC\Cerberus FTP Server\interfaces.xml",
"ProgramData\Cerberus LLC\Cerberus FTP Server\listeners_2.0.xml",
"Documents and Settings\All Users\Application Data\Cerberus LLC\Cerberus FTP Server\interfaces.xml",
"Documents and Settings\All Users\Application Data\Cerberus LLC\Cerberus FTP Server\listeners_2.0.xml"
);
registry_init();
foreach interface_file (interface_files)
{
if ("_2.0" >< interface_file) sep = "</listener>";
else sep = "</interface>";
contents = hotfix_get_file_contents(share + interface_file);
# Skip on error
if (contents["error"] != HCF_OK) continue;
interface_chunks = split(contents['data'], sep:sep, keep:TRUE);
foreach interface_chunk (interface_chunks)
{
if (
"<active>1</active>" >!< interface_chunk
&&
"<isActive>true</isActive>" >!< interface_chunk
) continue;
if (interface_chunk =~ '<(interface|listener) (name="[^"]+" type="1">|type="FTP")')
set_kb_item(name:"SMB/CerberusFTP/active_ftp", value:TRUE);
if (interface_chunk =~ '<(interface|listener) (name="[^"]+" type="2">|type="FTPS")')
set_kb_item(name:"SMB/CerberusFTP/active_ftps", value:TRUE);
if (interface_chunk =~ '<(interface|listener) (name="[^"]+" type="4">|type="SSH FTP"|type="SSH SFTP")')
set_kb_item(name:"SMB/CerberusFTP/active_sshftp", value:TRUE);
if (interface_chunk =~ '<(interface|listener) (name="[^"]+" type="8">|type="HTTP")')
set_kb_item(name:"SMB/CerberusFTP/active_http", value:TRUE);
if (interface_chunk =~ '<(interface|listener) (name="[^"]+" type="16">|type="HTTPS")')
set_kb_item(name:"SMB/CerberusFTP/active_https", value:TRUE);
}
}
# Close handles.
hotfix_check_fversion_end();
if (!isnull(info))
{
set_kb_item(name:"SMB/CerberusFTP/Installed", value:TRUE);
register_install(
app_name:app,
path:path,
version:version,
cpe:"cpe:/a:cerberusftp:ftp_server");
# Add errors if present
if (max_index(errors))
{
report +=
'\n\n' +
' Note that the results may be incomplete because of the following ';
if (max_index(errors) == 1) report += 'error\n that was';
else report += 'errors\n that were';
report +=
' encountered :\n' +
'\n' +
' ' + join(errors, sep:'\n ') + '\n';
}
report_installs(app_name:app, port:port, extra:report);
if (max_index(errors)) exit(1, "The results may be incomplete because of one or more errors verifying installs.");
else exit(0);
}
if (max_index(errors))
{
if (max_index(errors) == 1) errmsg = errors[0];
else errmsg = 'Errors were encountered verifying installs : \n ' + join(errors, sep:'\n ');
exit(1, errmsg);
}
else audit(AUDIT_NOT_INST, app);
{"id": "CERBERUS_FTP_INSTALLED.NASL", "bulletinFamily": "scanner", "title": "Cerberus FTP Server Detection", "description": "Cerberus FTP server is installed on the remote host.", "published": "2009-08-31T00:00:00", "modified": "2021-01-02T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://www.tenable.com/plugins/nessus/40820", "reporter": "This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://www.cerberusftp.com/"], "cvelist": [], "type": "nessus", "lastseen": "2021-01-01T01:32:01", "edition": 22, "viewCount": 4, "enchantments": {"dependencies": {"references": [{"type": "nessus", "idList": ["CERBERUS_FTP_5_0_6.NASL", "CERBERUS_FTP_4_0_3.NASL", "CERBERUS_FTP_5_0_4.NASL", "CERBERUS_FTP_7_0_0_2.NASL", "CERBERUS_FTP_7_0_0_3.NASL", "CERBERUS_FTP_3_0_2.NASL", "CERBERUS_FTP_6_0_7.NASL", "CERBERUS_FTP_5_0_5.NASL"]}], "modified": "2021-01-01T01:32:01", "rev": 2}, "score": {"value": 0.3, "vector": "NONE", "modified": "2021-01-01T01:32:01", "rev": 2}, "vulnersScore": 0.3}, "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(40820);\n script_version(\"1.13\");\n script_cvs_date(\"Date: 2019/11/22\");\n\n script_name(english:\"Cerberus FTP Server Detection\");\n script_summary(english:\"Checks if Cerberus FTP is installed.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\"An FTP server is installed on the remote Windows host.\");\n script_set_attribute(attribute:\"description\", value:\"Cerberus FTP server is installed on the remote host.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.cerberusftp.com/\");\n script_set_attribute(attribute:\"solution\", value:\"n/a\");\n script_set_attribute(attribute:\"risk_factor\", value:\"None\");\n script_set_attribute(attribute:\"agent\", value:\"windows\");\n\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/08/31\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:cerberusftp:ftp_server\");\n script_set_attribute(attribute:\"asset_inventory\", value:\"True\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"FTP\");\n script_copyright(english:\"This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_dependencies(\"smb_hotfixes.nasl\");\n script_require_keys(\"SMB/Registry/Enumerated\");\n script_require_ports(139, 445);\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"smb_reg_query.inc\");\ninclude(\"install_func.inc\");\n\napp = \"Cerberus FTP\";\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\n\n# Connect to the appropriate share.\nname = kb_smb_name();\nport = kb_smb_transport();\n\nlogin = kb_smb_login();\npass = kb_smb_password();\ndomain = kb_smb_domain();\n\n\n\nif(! smb_session_init()) audit(AUDIT_FN_FAIL, 'smb_session_init');\n\nwin_prog_paths = make_list();\n\npath_86 = hotfix_get_programfilesdir();\nif (!isnull(path_86)) win_prog_paths = make_list(path_86);\n\narch = get_kb_item_or_exit('SMB/ARCH');\nif (arch == \"x64\")\n{\n path_64 = hotfix_get_programfilesdirx86();\n if (!isnull(path_64)) win_prog_paths = make_list(win_prog_paths, path_64);\n}\n\npotentials = make_array(\n \"CerberusGUI.exe\", \"\\Cerberus LLC\\Cerberus FTP Server\",\n \"Cerberus.exe\", \"\\Cerberus\"\n);\n\ninfo = NULL;\ncurrent_share = NULL;\nopen_share = NULL;\nerrors = make_list();\n\nforeach win_prog_path (win_prog_paths)\n{\n current_share = ereg_replace(pattern:\"^([A-Za-z]):.*\", replace:\"\\1$\", string:win_prog_path);\n\n if (isnull(open_share) || current_share != open_share)\n {\n if (!isnull(open_share)) NetUseDel(close:FALSE);\n\n rc = NetUseAdd(login:login, password:pass, domain:domain, share:current_share);\n if (rc != 1)\n {\n errors = make_list(errors, \"Failed to access '\"+current_share+\".\");\n NetUseDel(close:FALSE);\n open_share = NULL;\n continue;\n }\n else open_share = current_share;\n }\n\n foreach potential (keys(potentials))\n {\n path = win_prog_path + potentials[potential];\n file = path + \"\\\" + potential;\n file2 = ereg_replace(pattern:\"^[A-Za-z]:(.*)\", replace:\"\\1\", string:file);\n\n fh = CreateFile(\n file:file2,\n desired_access:GENERIC_READ,\n file_attributes:FILE_ATTRIBUTE_NORMAL,\n share_mode:FILE_SHARE_READ,\n create_disposition:OPEN_EXISTING\n );\n\n if (!isnull(fh))\n {\n version = GetProductVersion(handle:fh);\n if (!isnull(version) && strlen(version) > 0)\n {\n # Older versions return version like \"#, #, #\"\n if (\", \" >< version)\n version = str_replace(string:version, find:\", \", replace:\".\");\n\n set_kb_item(name:\"SMB/CerberusFTP/\" + path + \"/file\", value:potential);\n set_kb_item(name:\"SMB/CerberusFTP/\" + path + \"/version\", value:version);\n\n info +=\n '\\n' +\n '\\n Path : ' + path +\n '\\n Version : ' + version;\n }\n else errors = make_list(errors, \"Failed to get version of \"+file+\".\");\n CloseFile(handle:fh);\n }\n }\n}\nNetUseDel();\n\n# Grab interface configuration if possible\nwinroot = hotfix_get_systemroot();\nshare = ereg_replace(pattern:'^([A-Za-z]:).*', replace:\"\\1\\\", string:winroot);\ninterface_files = make_list(\n \"ProgramData\\Cerberus LLC\\Cerberus FTP Server\\interfaces.xml\",\n \"ProgramData\\Cerberus LLC\\Cerberus FTP Server\\listeners_2.0.xml\",\n \"Documents and Settings\\All Users\\Application Data\\Cerberus LLC\\Cerberus FTP Server\\interfaces.xml\",\n \"Documents and Settings\\All Users\\Application Data\\Cerberus LLC\\Cerberus FTP Server\\listeners_2.0.xml\"\n);\nregistry_init();\n\nforeach interface_file (interface_files)\n{\n if (\"_2.0\" >< interface_file) sep = \"</listener>\";\n else sep = \"</interface>\";\n\n contents = hotfix_get_file_contents(share + interface_file);\n\n # Skip on error\n if (contents[\"error\"] != HCF_OK) continue;\n\n interface_chunks = split(contents['data'], sep:sep, keep:TRUE);\n foreach interface_chunk (interface_chunks)\n {\n if (\n \"<active>1</active>\" >!< interface_chunk\n &&\n \"<isActive>true</isActive>\" >!< interface_chunk\n ) continue;\n\n if (interface_chunk =~ '<(interface|listener) (name=\"[^\"]+\" type=\"1\">|type=\"FTP\")')\n set_kb_item(name:\"SMB/CerberusFTP/active_ftp\", value:TRUE);\n if (interface_chunk =~ '<(interface|listener) (name=\"[^\"]+\" type=\"2\">|type=\"FTPS\")')\n set_kb_item(name:\"SMB/CerberusFTP/active_ftps\", value:TRUE);\n if (interface_chunk =~ '<(interface|listener) (name=\"[^\"]+\" type=\"4\">|type=\"SSH FTP\"|type=\"SSH SFTP\")')\n set_kb_item(name:\"SMB/CerberusFTP/active_sshftp\", value:TRUE);\n if (interface_chunk =~ '<(interface|listener) (name=\"[^\"]+\" type=\"8\">|type=\"HTTP\")')\n set_kb_item(name:\"SMB/CerberusFTP/active_http\", value:TRUE);\n if (interface_chunk =~ '<(interface|listener) (name=\"[^\"]+\" type=\"16\">|type=\"HTTPS\")')\n set_kb_item(name:\"SMB/CerberusFTP/active_https\", value:TRUE);\n }\n}\n# Close handles.\nhotfix_check_fversion_end();\n\nif (!isnull(info))\n{\n set_kb_item(name:\"SMB/CerberusFTP/Installed\", value:TRUE);\n\n\n register_install(\n app_name:app,\n path:path,\n version:version,\n cpe:\"cpe:/a:cerberusftp:ftp_server\");\n\n # Add errors if present\n if (max_index(errors))\n {\n report +=\n '\\n\\n' +\n ' Note that the results may be incomplete because of the following ';\n\n if (max_index(errors) == 1) report += 'error\\n that was';\n else report += 'errors\\n that were';\n\n report +=\n ' encountered :\\n' +\n '\\n' +\n ' ' + join(errors, sep:'\\n ') + '\\n';\n }\n\n report_installs(app_name:app, port:port, extra:report);\n\n if (max_index(errors)) exit(1, \"The results may be incomplete because of one or more errors verifying installs.\");\n else exit(0);\n}\n\nif (max_index(errors))\n{\n if (max_index(errors) == 1) errmsg = errors[0];\n else errmsg = 'Errors were encountered verifying installs : \\n ' + join(errors, sep:'\\n ');\n\n exit(1, errmsg);\n}\nelse audit(AUDIT_NOT_INST, app);\n", "naslFamily": "FTP", "pluginID": "40820", "cpe": ["cpe:/a:cerberusftp:ftp_server"], "scheme": null}
{"nessus": [{"lastseen": "2020-10-16T21:21:35", "description": "The version of Cerberus FTP Server on the remote host is version 6.x\nprior to 6.0.10.0 or version 7.x prior to 7.0.0.3. It is, therefore,\naffected by the following OpenSSL vulnerabilities :\n\n - An error exists in the 'ssl3_read_bytes' function\n that permits data to be injected into other sessions\n or allows denial of service attacks. Note that this\n issue is exploitable only if SSL_MODE_RELEASE_BUFFERS\n is enabled. (CVE-2010-5298)\n\n - A buffer overflow error exists related to invalid DTLS\n fragment handling that permits the execution of\n arbitrary code or allows denial of service attacks.\n Note that this issue only affects OpenSSL when used\n as a DTLS client or server. (CVE-2014-0195)\n\n - An error exists in the 'do_ssl3_write' function that\n permits a NULL pointer to be dereferenced, which could\n allow denial of service attacks. Note that this issue\n is exploitable only if SSL_MODE_RELEASE_BUFFERS is\n enabled. (CVE-2014-0198)\n\n - An error exists related to DTLS handshake handling that\n could allow denial of service attacks. Note that this\n issue only affects OpenSSL when used as a DTLS client.\n (CVE-2014-0221)\n\n - An error exists in the processing of ChangeCipherSpec\n messages that allows the usage of weak keying material.\n This permits simplified man-in-the-middle attacks to be\n done. (CVE-2014-0224)\n\n - An error exists in the 'dtls1_get_message_fragment'\n function related to anonymous ECDH cipher suites. This\n could allow denial of service attacks. Note that this\n issue only affects OpenSSL TLS clients. (CVE-2014-3470)", "edition": 24, "published": "2014-08-05T00:00:00", "title": "Cerberus FTP Server 6.x < 6.0.10.0 / 7.x < 7.0.0.3 Multiple OpenSSL Vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0224", "CVE-2014-3470", "CVE-2010-5298", "CVE-2014-0195", "CVE-2014-0198", "CVE-2014-0221"], "modified": "2014-08-05T00:00:00", "cpe": ["cpe:/a:cerberusftp:ftp_server"], "id": "CERBERUS_FTP_7_0_0_3.NASL", "href": "https://www.tenable.com/plugins/nessus/77004", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(77004);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/10/16\");\n\n script_cve_id(\n \"CVE-2010-5298\",\n \"CVE-2014-0195\",\n \"CVE-2014-0198\",\n \"CVE-2014-0221\",\n \"CVE-2014-0224\",\n \"CVE-2014-3470\"\n );\n script_bugtraq_id(\n 66801,\n 67193,\n 67898,\n 67899,\n 67900,\n 67901\n );\n script_xref(name:\"CERT\", value:\"978508\");\n\n script_name(english:\"Cerberus FTP Server 6.x < 6.0.10.0 / 7.x < 7.0.0.3 Multiple OpenSSL Vulnerabilities\");\n script_summary(english:\"Checks the version of the Cerberus FTP Server.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The FTP server installed on the remote Windows host is affected by\nmultiple OpenSSL vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Cerberus FTP Server on the remote host is version 6.x\nprior to 6.0.10.0 or version 7.x prior to 7.0.0.3. It is, therefore,\naffected by the following OpenSSL vulnerabilities :\n\n - An error exists in the 'ssl3_read_bytes' function\n that permits data to be injected into other sessions\n or allows denial of service attacks. Note that this\n issue is exploitable only if SSL_MODE_RELEASE_BUFFERS\n is enabled. (CVE-2010-5298)\n\n - A buffer overflow error exists related to invalid DTLS\n fragment handling that permits the execution of\n arbitrary code or allows denial of service attacks.\n Note that this issue only affects OpenSSL when used\n as a DTLS client or server. (CVE-2014-0195)\n\n - An error exists in the 'do_ssl3_write' function that\n permits a NULL pointer to be dereferenced, which could\n allow denial of service attacks. Note that this issue\n is exploitable only if SSL_MODE_RELEASE_BUFFERS is\n enabled. (CVE-2014-0198)\n\n - An error exists related to DTLS handshake handling that\n could allow denial of service attacks. Note that this\n issue only affects OpenSSL when used as a DTLS client.\n (CVE-2014-0221)\n\n - An error exists in the processing of ChangeCipherSpec\n messages that allows the usage of weak keying material.\n This permits simplified man-in-the-middle attacks to be\n done. (CVE-2014-0224)\n\n - An error exists in the 'dtls1_get_message_fragment'\n function related to anonymous ECDH cipher suites. This\n could allow denial of service attacks. Note that this\n issue only affects OpenSSL TLS clients. (CVE-2014-3470)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.cerberusftp.com/products/releasenotes/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/secadv/20140605.txt\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Cerberus FTP Server 6.0.10.0 / 7.0.0.3 or later.\");\n script_set_attribute(attribute:\"agent\", value:\"windows\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-0195\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/06/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/06/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/08/05\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:cerberusftp:ftp_server\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"FTP\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"cerberus_ftp_installed.nasl\");\n script_require_keys(\"SMB/CerberusFTP/Installed\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/CerberusFTP/Installed\");\ninstalls = get_kb_list_or_exit(\"SMB/CerberusFTP/*/version\");\n\nkb_entry = branch(keys(installs));\nkb_base = kb_entry - \"/version\";\n\nver = get_kb_item_or_exit(kb_entry);\nfile_name = get_kb_item_or_exit(kb_base + \"/file\");\n\nkb_pieces = split(kb_base, sep:\"/\");\nfile = kb_pieces[2] + \"\\\" + file_name;\n\nif (ver =~ \"^7\\.\" && ver_compare(ver:ver, fix:'7.0.0.3', strict:FALSE) < 0)\n fix = '7.0.0.3';\nelse if (ver =~ \"^6\\.\" && ver_compare(ver:ver, fix:'6.0.10.0', strict:FALSE) < 0)\n fix = '6.0.10.0';\nelse audit(AUDIT_INST_PATH_NOT_VULN, \"Cerberus FTP Server\", ver, file);\n\nport = get_kb_item(\"SMB/transport\");\nif (!port) port = 445;\n\nif (report_verbosity > 0)\n{\n report =\n '\\n File : ' + file +\n '\\n Installed version : ' + ver +\n '\\n Fixed version : ' + fix +\n '\\n';\n security_warning(port:port, extra:report);\n}\nelse security_warning(port);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-10-16T21:21:35", "description": "The version of Cerberus FTP Server on the remote host is version 6.x\nprior to 6.0.9.0 or version 7.x prior to 7.0.0.2. It is, therefore,\naffected by an unauthorized information disclosure vulnerability.\n\nA remote attacker can enumerate user accounts via an analysis of\nresponses from the SSH FTP service.", "edition": 22, "published": "2014-07-10T00:00:00", "title": "Cerberus FTP Server 6.x < 6.0.9.0 / 7.x < 7.0.0.2 SSH FTP Account Enumeration", "type": "nessus", "bulletinFamily": "scanner", "cvelist": [], "modified": "2014-07-10T00:00:00", "cpe": ["cpe:/a:cerberusftp:ftp_server"], "id": "CERBERUS_FTP_7_0_0_2.NASL", "href": "https://www.tenable.com/plugins/nessus/76459", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(76459);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/10/16\");\n\n script_bugtraq_id(67707);\n\n script_name(english:\"Cerberus FTP Server 6.x < 6.0.9.0 / 7.x < 7.0.0.2 SSH FTP Account Enumeration\");\n script_summary(english:\"Performs a version check.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The FTP server installed on the remote Windows host is affected by an\nunauthorized information disclosure vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Cerberus FTP Server on the remote host is version 6.x\nprior to 6.0.9.0 or version 7.x prior to 7.0.0.2. It is, therefore,\naffected by an unauthorized information disclosure vulnerability.\n\nA remote attacker can enumerate user accounts via an analysis of\nresponses from the SSH FTP service.\");\n # https://www.cerberusftp.com/products/releasenotes/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?371ce58b\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Cerberus FTP Server 6.0.9.0 / 7.0.0.2 or later.\");\n script_set_attribute(attribute:\"agent\", value:\"windows\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"manual\");\n script_set_attribute(attribute:\"cvss_score_rationale\", value:\"No CVE available: Information Disclosure\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/05/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/05/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/07/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:cerberusftp:ftp_server\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"FTP\");\n script_copyright(english:\"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"cerberus_ftp_installed.nasl\");\n script_require_keys(\"SMB/CerberusFTP/Installed\");\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/CerberusFTP/Installed\");\ninstalls = get_kb_list_or_exit(\"SMB/CerberusFTP/*/version\");\nkb_entry = branch(keys(installs));\nkb_base = kb_entry - \"/version\";\n\nver = get_kb_item_or_exit(kb_entry);\nfile_name = get_kb_item_or_exit(kb_base + \"/file\");\n\nkb_pieces = split(kb_base, sep:\"/\");\nfile = kb_pieces[2] + \"\\\" + file_name;\n\n# It appears the 5.x line does not suffer from this problem\nif (ver =~ \"^7\\.\" && ver_compare(ver:ver, fix:'7.0.0.2', strict:FALSE) < 0)\n fix = '7.0.0.2';\nelse if (ver =~ \"^6\\.\" && ver_compare(ver:ver, fix:'6.0.9.0', strict:FALSE) < 0)\n fix = '6.0.9.0';\nelse audit(AUDIT_INST_PATH_NOT_VULN, \"Cerberus FTP Server\", ver, file);\n\nif (report_paranoia < 2)\n{\n ssh_ftp_active = get_kb_item(\"SMB/CerberusFTP/active_sshftp\");\n if (!ssh_ftp_active) exit(0, \"The Cerberus FTP Server's SSH FTP service does not appear to be enabled.\");\n}\n\nport = get_kb_item(\"SMB/transport\");\nif (!port) port = 445;\n\nif (report_verbosity > 0)\n{\n report =\n '\\n File : ' + file +\n '\\n Installed version : ' + ver +\n '\\n Fixed version : ' + fix +\n '\\n';\n security_warning(port:port, extra:report);\n}\nelse security_warning(port);\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-10-16T21:21:35", "description": "The version of Cerberus FTP Server on the remote host is a version\nprior to 5.0.8.0 or version 6.x prior to 6.0.7.0. As such, it is\npotentially affected by a security bypass vulnerability.\n\nAn authenticated attacker could obtain sensitive files via the HTTP/S\ninterface.", "edition": 23, "published": "2014-03-31T00:00:00", "title": "Cerberus FTP Server < 5.0.8.0 / 6.x < 6.0.7.0 Web Client Security Bypass", "type": "nessus", "bulletinFamily": "scanner", "cvelist": [], "modified": "2014-03-31T00:00:00", "cpe": ["cpe:/a:cerberusftp:ftp_server"], "id": "CERBERUS_FTP_6_0_7.NASL", "href": "https://www.tenable.com/plugins/nessus/73270", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(73270);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/10/16\");\n\n script_bugtraq_id(66322);\n\n script_name(english:\"Cerberus FTP Server < 5.0.8.0 / 6.x < 6.0.7.0 Web Client Security Bypass\");\n script_summary(english:\"Does a version check\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The FTP server installed on the remote Windows host is potentially\naffected by a security bypass vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Cerberus FTP Server on the remote host is a version\nprior to 5.0.8.0 or version 6.x prior to 6.0.7.0. As such, it is\npotentially affected by a security bypass vulnerability.\n\nAn authenticated attacker could obtain sensitive files via the HTTP/S\ninterface.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.cerberusftp.com/products/releasenotes/\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Cerberus FTP Server 5.0.8.0, 6.0.7.0 or later.\");\n script_set_attribute(attribute:\"agent\", value:\"windows\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"manual\");\n script_set_attribute(attribute:\"cvss_score_rationale\", value:\"No CVE available: Information Disclosure\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/03/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/03/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/03/31\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:cerberusftp:ftp_server\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"FTP\");\n script_copyright(english:\"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"cerberus_ftp_installed.nasl\");\n script_require_keys(\"SMB/CerberusFTP/Installed\");\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/CerberusFTP/Installed\");\ninstalls = get_kb_list_or_exit(\"SMB/CerberusFTP/*/version\");\nkb_entry = branch(keys(installs));\nkb_base = kb_entry - \"/version\";\n\nver = get_kb_item_or_exit(kb_entry);\nfile_name = get_kb_item_or_exit(kb_base + \"/file\");\n\n# Extract path from KB name\nkb_pieces = split(kb_base, sep:\"/\");\nfile = kb_pieces[2] + \"\\\" + file_name;\n\n# Ensure Cerberus FTP Server HTTP/S is\n# actually running if not paranoid\nif (report_paranoia < 2)\n{\n www_is_alive = FALSE;\n foreach item (make_list(\"active_http\", \"active_https\"))\n if (get_kb_item(\"SMB/CerberusFTP/\" + item)) www_is_alive = TRUE;\n\n if (!www_is_alive) exit(0, \"The Cerberus FTP Server's Web Client does not appear to be enabled.\");\n}\n\nfix = FALSE;\n\n# 5.x and earlier\nif (ver_compare(ver:ver, fix:'5.0.8.0', strict:FALSE) < 0)\n fix = '5.0.8.0';\n\n# 6.x\nif (ver =~ \"^6\\.\" && ver_compare(ver:ver, fix:'6.0.7.0', strict:FALSE) < 0)\n fix = '6.0.7.0';\n\nif (fix)\n{\n port = get_kb_item(\"SMB/transport\");\n if (!port) port = 445;\n\n if (report_verbosity > 0)\n {\n report =\n '\\n' +\n '\\n File : ' + file +\n '\\n Installed version : ' + ver +\n '\\n Fixed version : ' + fix +\n '\\n';\n security_warning(port:port, extra:report);\n }\n else security_warning(port);\n}\nelse audit(AUDIT_INST_PATH_NOT_VULN, \"Cerberus FTP Server\", ver, file);\n", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}}, {"lastseen": "2020-10-16T21:21:35", "description": "The version of Cerberus FTP server on the remote host is earlier than\n5.0.6.0. As such, it is potentially affected by the following cross-\nsite scripting vulnerabilities :\n\n - The user-supplied input for fields under administration\n 'Messages' tab are not validated before being returned\n to the user.\n\n - The user-supplied input to the 'USER' FTP command is\n not validated before display in the administration\n logging page. \n\nA remote attacker could exploit these by tricking a user into requesting\na maliciously crafted URL, resulting in the execution of arbitrary\nscript code.", "edition": 25, "published": "2013-01-16T00:00:00", "title": "Cerberus FTP Server < 5.0.6.0 Multiple XSS", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-6339"], "modified": "2013-01-16T00:00:00", "cpe": ["cpe:/a:cerberusftp:ftp_server"], "id": "CERBERUS_FTP_5_0_6.NASL", "href": "https://www.tenable.com/plugins/nessus/63560", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(63560);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/10/16\");\n\n script_cve_id(\"CVE-2012-6339\");\n script_bugtraq_id(56906);\t\n\n script_name(english:\"Cerberus FTP Server < 5.0.6.0 Multiple XSS\");\n script_summary(english:\"Does a version check\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The FTP server installed on the remote Windows host has multiple\ncross-site scripting vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Cerberus FTP server on the remote host is earlier than\n5.0.6.0. As such, it is potentially affected by the following cross-\nsite scripting vulnerabilities :\n\n - The user-supplied input for fields under administration\n 'Messages' tab are not validated before being returned\n to the user.\n\n - The user-supplied input to the 'USER' FTP command is\n not validated before display in the administration\n logging page. \n\nA remote attacker could exploit these by tricking a user into requesting\na maliciously crafted URL, resulting in the execution of arbitrary\nscript code.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.cerberusftp.com/products/releasenotes/\");\n # http://sadgeeksinsnow.blogspot.com/2012/12/persistence-is-key-another-bug-hunt.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?f90a2068\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Cerberus FTP server 5.0.6.0 or later.\");\n script_set_attribute(attribute:\"agent\", value:\"windows\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2012-6339\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/12/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/12/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/01/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:cerberusftp:ftp_server\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"FTP\");\n script_copyright(english:\"This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"cerberus_ftp_installed.nasl\");\n script_require_keys(\"SMB/CerberusFTP/Installed\");\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\ninstalls = get_kb_list(\"SMB/CerberusFTP/*/version\");\nif (isnull(installs)) audit(AUDIT_NOT_INST, \"Cerberus FTP\");\n\nfixed = '5.0.6.0';\n\ninfo = \"\";\nnot_vuln_installs = make_list();\n\nforeach install (keys(installs))\n{\n ver = installs[install];\n path = (install - \"/version\") - \"SMB/CerberusFTP/\";;\n\n if (ver_compare(ver:ver, fix:fixed) < 0)\n {\n info +=\n '\\n' +\n '\\n Path : ' + path +\n '\\n Installed version : ' + ver +\n '\\n Fixed version : ' + fixed +\n '\\n';\n }\n else not_vuln_installs = make_list(not_vuln_installs, ver + \" under \" + path);\n}\n\nif (info)\n{\n set_kb_item(name:\"www/0/XSS\", value:TRUE);\n port = get_kb_item(\"SMB/transport\");\n\n if (report_verbosity > 0) security_warning(port:port, extra:info);\n else security_warning(port);\n\n exit(0);\n}\nelse\n{\n installs = max_index(not_vuln_installs);\n if (installs == 0) audit(AUDIT_NOT_INST, \"Cerberus FTP\");\n else if (installs == 1) audit(AUDIT_INST_VER_NOT_VULN, \"Cerberus FTP \" + not_vuln_installs[0]);\n else exit(0, \"The Cerberus FTP installs (\" + join(not_vuln_installs, sep:\", \") + \") are not affected.\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-10-16T21:21:35", "description": "The version of Cerberus FTP server on the remote host is earlier than\n5.0.4.0. Such versions reportedly support the DES cipher for SSH\nsessions. This can create more favorable conditions for brute-force\nattacks on the encrypted network traffic.", "edition": 22, "published": "2013-01-16T00:00:00", "title": "Cerberus FTP Server < 5.0.4.0 SSH DES Cipher Weakness", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-5301"], "modified": "2013-01-16T00:00:00", "cpe": ["cpe:/a:cerberusftp:ftp_server"], "id": "CERBERUS_FTP_5_0_4.NASL", "href": "https://www.tenable.com/plugins/nessus/63558", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(63558);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/10/16\");\n\n script_cve_id(\"CVE-2012-5301\");\n\n script_name(english:\"Cerberus FTP Server < 5.0.4.0 SSH DES Cipher Weakness\");\n script_summary(english:\"Does a version check\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The FTP server installed on the remote Windows host supports a weak\nencryption algorithm.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Cerberus FTP server on the remote host is earlier than\n5.0.4.0. Such versions reportedly support the DES cipher for SSH\nsessions. This can create more favorable conditions for brute-force\nattacks on the encrypted network traffic.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.cerberusftp.com/products/releasenotes/\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Cerberus FTP server 5.0.4.0 or later.\");\n script_set_attribute(attribute:\"agent\", value:\"windows\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2012-5301\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/06/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/06/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/01/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:cerberusftp:ftp_server\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"FTP\");\n\n script_copyright(english:\"This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"cerberus_ftp_installed.nasl\");\n script_require_keys(\"SMB/CerberusFTP/Installed\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\ninstalls = get_kb_list(\"SMB/CerberusFTP/*/version\");\nif (isnull(installs)) audit(AUDIT_NOT_INST, \"Cerberus FTP\");\n\nfixed = '5.0.4.0';\n\ninfo = \"\";\nnot_vuln_installs = make_list();\n\nforeach install (keys(installs))\n{\n ver = installs[install];\n path = (install - \"/version\") - \"SMB/CerberusFTP/\";;\n\n if (ver_compare(ver:ver, fix:fixed) < 0)\n {\n info +=\n '\\n' +\n '\\n Path : ' + path +\n '\\n Installed version : ' + ver +\n '\\n Fixed version : ' + fixed +\n '\\n';\n }\n else not_vuln_installs = make_list(not_vuln_installs, ver + \" under \" + path);\n}\n\nif (info)\n{\n port = get_kb_item(\"SMB/transport\");\n\n if (report_verbosity > 0) security_warning(port:port, extra:info);\n else security_warning(port);\n\n exit(0);\n}\nelse\n{\n installs = max_index(not_vuln_installs);\n if (installs == 0) audit(AUDIT_NOT_INST, \"Cerberus FTP\");\n else if (installs == 1) audit(AUDIT_INST_VER_NOT_VULN, \"Cerberus FTP \" + not_vuln_installs[0]);\n else exit(0, \"The Cerberus FTP installs (\" + join(not_vuln_installs, sep:\", \") + \") are not affected.\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-10-16T21:21:35", "description": "The version of Cerberus FTP server on the remote host is earlier than\n5.0.5.0. As such, it is potentially affected by a cross-site request\nforgery (CSRF) vulnerability that can be used to trick an authenticated\nadministrator into making unintended changes to the application.", "edition": 23, "published": "2013-01-16T00:00:00", "title": "Cerberus FTP Server < 5.0.5.0 Cross-Site Request Forgery", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-2999"], "modified": "2013-01-16T00:00:00", "cpe": ["cpe:/a:cerberusftp:ftp_server"], "id": "CERBERUS_FTP_5_0_5.NASL", "href": "https://www.tenable.com/plugins/nessus/63559", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(63559);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/10/16\");\n\n script_cve_id(\"CVE-2012-2999\");\n script_bugtraq_id(55788);\t\n script_xref(name:\"CERT\", value:\"989684\");\n\n script_name(english:\"Cerberus FTP Server < 5.0.5.0 Cross-Site Request Forgery\");\n script_summary(english:\"Does a version check\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The FTP server installed on the remote Windows host has a cross-site\nrequest forgery vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Cerberus FTP server on the remote host is earlier than\n5.0.5.0. As such, it is potentially affected by a cross-site request\nforgery (CSRF) vulnerability that can be used to trick an authenticated\nadministrator into making unintended changes to the application.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.cerberusftp.com/products/releasenotes/\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Cerberus FTP server 5.0.5.0 or later.\");\n script_set_attribute(attribute:\"agent\", value:\"windows\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2012-2999\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/09/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/09/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/01/16\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:cerberusftp:ftp_server\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"FTP\");\n script_copyright(english:\"This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"cerberus_ftp_installed.nasl\");\n script_require_keys(\"SMB/CerberusFTP/Installed\");\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\ninstalls = get_kb_list(\"SMB/CerberusFTP/*/version\");\nif (isnull(installs)) audit(AUDIT_NOT_INST, \"Cerberus FTP\");\n\nfixed = '5.0.5.0';\n\ninfo = \"\";\nnot_vuln_installs = make_list();\n\nforeach install (keys(installs))\n{\n ver = installs[install];\n path = (install - \"/version\") - \"SMB/CerberusFTP/\";;\n\n if (ver_compare(ver:ver, fix:fixed) < 0)\n {\n info +=\n '\\n' +\n '\\n Path : ' + path +\n '\\n Installed version : ' + ver +\n '\\n Fixed version : ' + fixed +\n '\\n';\n }\n else not_vuln_installs = make_list(not_vuln_installs, ver + \" under \" + path);\n}\n\nif (info)\n{\n set_kb_item(name:\"www/0/XSRF\", value:TRUE);\n port = get_kb_item(\"SMB/transport\");\n\n if (report_verbosity > 0) security_warning(port:port, extra:info);\n else security_warning(port);\n\n exit(0);\n}\nelse\n{\n installs = max_index(not_vuln_installs);\n if (installs == 0) audit(AUDIT_NOT_INST, \"Cerberus FTP\");\n else if (installs == 1) audit(AUDIT_INST_VER_NOT_VULN, \"Cerberus FTP \" + not_vuln_installs[0]);\n else exit(0, \"The Cerberus FTP installs (\" + join(not_vuln_installs, sep:\", \") + \") are not affected.\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-10-16T21:21:35", "description": "The version of Cerberus FTP server on the remote host is earlier than\n4.0.3.0. Such versions are potentially affected by a security bypass\nvulnerability. The 'MLSD' and 'MLST' commands list hidden files despite\nthe 'Display hidden files' option being disabled. A remote attacker,\npossibly uncredentialed, may be able to leverage this issue to enumerate\nhidden files on the affected system.", "edition": 24, "published": "2010-07-02T00:00:00", "title": "Cerberus FTP Server MLSD and MLST Command Hidden Files Security Bypass", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2004-2769"], "modified": "2010-07-02T00:00:00", "cpe": ["cpe:/a:cerberusftp:ftp_server"], "id": "CERBERUS_FTP_4_0_3.NASL", "href": "https://www.tenable.com/plugins/nessus/47588", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(47588);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/10/16\");\n\n script_cve_id(\"CVE-2004-2769\");\n script_bugtraq_id(41285);\n script_xref(name:\"Secunia\", value:\"40370\");\n\n script_name(english:\"Cerberus FTP Server MLSD and MLST Command Hidden Files Security Bypass\");\n script_summary(english:\"Does a version check\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The FTP server installed on the remote Windows host has a security\nbypass vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Cerberus FTP server on the remote host is earlier than\n4.0.3.0. Such versions are potentially affected by a security bypass\nvulnerability. The 'MLSD' and 'MLST' commands list hidden files despite\nthe 'Display hidden files' option being disabled. A remote attacker,\npossibly uncredentialed, may be able to leverage this issue to enumerate\nhidden files on the affected system.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.cerberusftp.com/phpBB3/viewtopic.php?f=4&t=644\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.cerberusftp.com/products/releasenotes/\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Cerberus FTP server 4.0.3 or later.\");\n script_set_attribute(attribute:\"agent\", value:\"windows\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:N/A:N\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2004-2769\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/06/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/06/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/07/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:cerberusftp:ftp_server\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"FTP\");\n script_copyright(english:\"This script is Copyright (C) 2010-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"cerberus_ftp_installed.nasl\");\n script_require_keys(\"SMB/CerberusFTP/Installed\");\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\ninstalls = get_kb_list(\"SMB/CerberusFTP/*/version\");\nif (isnull(installs)) audit(AUDIT_NOT_INST, \"Cerberus FTP\");\n\nfixed = '4.0.3.0';\n\ninfo = \"\";\nnot_vuln_installs = make_list();\n\nforeach install (keys(installs))\n{\n ver = installs[install];\n path = (install - \"/version\") - \"SMB/CerberusFTP/\";;\n\n if (ver_compare(ver:ver, fix:fixed) < 0)\n {\n info +=\n '\\n' +\n '\\n Path : ' + path +\n '\\n Installed version : ' + ver +\n '\\n Fixed version : ' + fixed +\n '\\n';\n }\n else not_vuln_installs = make_list(not_vuln_installs, ver + \" under \" + path);\n}\n\nif (vuln_found)\n{\n port = get_kb_item(\"SMB/transport\");\n\n if (report_verbosity > 0) security_warning(port:port, extra:info);\n else security_warning(port);\n\n exit(0);\n}\nelse\n{\n installs = max_index(not_vuln_installs);\n if (installs == 0) audit(AUDIT_NOT_INST, \"Cerberus FTP\");\n else if (installs == 1) audit(AUDIT_INST_VER_NOT_VULN, \"Cerberus FTP \" + not_vuln_installs[0]);\n else exit(0, \"The Cerberus FTP installs (\" + join(not_vuln_installs, sep:\", \") + \") are not affected.\");\n}\n", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}}, {"lastseen": "2020-10-16T21:21:35", "description": "The version of Cerberus FTP server on the remote host has a denial of\nservice vulnerability. Sending a very long argument (1400 bytes or\nmore) to any command causes the server to crash. This reportedly does\nnot result in memory corruption - the vulnerable versions abnormally\nterminate when a long argument is received (before any data is\nsuccessfully copied into the destination buffer). A remote attacker\ncould exploit this issue to cause a denial of service.", "edition": 22, "published": "2009-08-31T00:00:00", "title": "Cerberus FTP Server Command Processing DoS", "type": "nessus", "bulletinFamily": "scanner", "cvelist": [], "modified": "2009-08-31T00:00:00", "cpe": ["cpe:/a:cerberusftp:ftp_server"], "id": "CERBERUS_FTP_3_0_2.NASL", "href": "https://www.tenable.com/plugins/nessus/40821", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\ninclude(\"compat.inc\");\n\n\nif (description)\n{\n script_id(40821);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/10/16\");\n\n script_bugtraq_id(36134);\n script_xref(name:\"EDB-ID\", value:\"9515\");\n script_xref(name:\"Secunia\", value:\"36456\");\n\n script_name(english:\"Cerberus FTP Server Command Processing DoS\");\n script_summary(english:\"Does a version check\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The FTP server installed on the remote Windows host has a denial of\nservice vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Cerberus FTP server on the remote host has a denial of\nservice vulnerability. Sending a very long argument (1400 bytes or\nmore) to any command causes the server to crash. This reportedly does\nnot result in memory corruption - the vulnerable versions abnormally\nterminate when a long argument is received (before any data is\nsuccessfully copied into the destination buffer). A remote attacker\ncould exploit this issue to cause a denial of service.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cerberusftp.com/phpBB3/viewtopic.php?f=4&t=2411\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.cerberusftp.com/products/releasenotes/\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Cerberus FTP server 3.0.2 or later.\");\n script_set_attribute(attribute:\"agent\", value:\"windows\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"manual\");\n script_set_attribute(attribute:\"cvss_score_rationale\", value:\"No CVE available: DoS\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/08/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/08/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/08/31\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:cerberusftp:ftp_server\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"FTP\");\n script_copyright(english:\"This script is Copyright (C) 2009-2020 Tenable Network Security, Inc.\");\n\n script_dependencies(\"cerberus_ftp_installed.nasl\");\n script_require_keys(\"SMB/CerberusFTP/Installed\");\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\ninstalls = get_kb_list(\"SMB/CerberusFTP/*/version\");\nif (isnull(installs)) audit(AUDIT_NOT_INST, \"Cerberus FTP\");\n\nfixed = '3.0.2.0';\n\ninfo = \"\";\nnot_vuln_installs = make_list();\n\nforeach install (keys(installs))\n{\n ver = installs[install];\n path = (install - \"/version\") - \"SMB/CerberusFTP/\";;\n\n # Testing indicates this doesn't affect the 2.x branch. Version 3.0.0 is likely\n # affected, and 3.0.1 is definitely affected (per the developer)\n if (ver =~ \"3\\.\" && ver_compare(ver:ver, fix:fixed) < 0)\n {\n info +=\n '\\n' +\n '\\n Path : ' + path +\n '\\n Installed version : ' + ver +\n '\\n Fixed version : ' + fixed +\n '\\n';\n }\n else not_vuln_installs = make_list(not_vuln_installs, ver + \" under \" + path);\n}\n\nif (info)\n{\n port = get_kb_item(\"SMB/transport\");\n\n if (report_verbosity > 0) security_warning(port:port, extra:info);\n else security_warning(port);\n\n exit(0);\n}\nelse\n{\n installs = max_index(not_vuln_installs);\n if (installs == 0) audit(AUDIT_NOT_INST, \"Cerberus FTP\");\n else if (installs == 1) audit(AUDIT_INST_VER_NOT_VULN, \"Cerberus FTP \" + not_vuln_installs[0]);\n else exit(0, \"The Cerberus FTP installs (\" + join(not_vuln_installs, sep:\", \") + \") are not affected.\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}]}
