Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2004-2018 Tenable Network Security, Inc.CITADEL_FMT_STRING.NASL
HistoryDec 13, 2004 - 12:00 a.m.

Citadel/UX lprintf() Function Remote Format String

2004-12-1300:00:00
This script is Copyright (C) 2004-2018 Tenable Network Security, Inc.
www.tenable.com
22
JSON

The remote host is running Citadel/UX, a messaging server for Unix.

There is a format string issue in the remote version of this software.
A remote attacker could use this to crash the service, or execute arbitrary code.

#
# (C) Tenable Network Security, Inc.
#


include("compat.inc");


if(description)
{
 script_id(15942);

 script_cve_id("CVE-2004-1192");
 script_bugtraq_id(11885);
 script_xref(name:"Secunia", value:"13425");

 script_version("1.14");

 script_name(english:"Citadel/UX lprintf() Function Remote Format String");
 script_summary(english:"Checks the version of the remote Citadel server");

 script_set_attribute(
   attribute:"synopsis",
   value:"The remote BBS server has a format string vulnerability."
 );
 script_set_attribute( attribute:"description",  value:
"The remote host is running Citadel/UX, a messaging server for Unix.

There is a format string issue in the remote version of this software.
A remote attacker could use this to crash the service, or execute
arbitrary code." );
 script_set_attribute(
   attribute:"see_also",
   value:"https://seclists.org/bugtraq/2004/Dec/112"
 );
 script_set_attribute(
   attribute:"see_also",
   value:"https://seclists.org/bugtraq/2004/Dec/138"
 );
 script_set_attribute(
   attribute:"solution", 
   value:"Upgrade to Citadel 6.28 or later."
 );
 script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
 script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
 script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
 script_set_attribute(attribute:"exploit_available", value:"true");
 script_set_attribute(attribute:"plugin_publication_date", value: "2004/12/13");
 script_set_attribute(attribute:"vuln_publication_date", value: "2004/12/12");
 script_cvs_date("Date: 2018/11/15 20:50:22");
 script_set_attribute(attribute:"plugin_type", value:"remote");
 script_end_attributes();

 script_category(ACT_GATHER_INFO);
 script_family(english:"Gain a shell remotely");
 
 script_copyright(english:"This script is Copyright (C) 2004-2018 Tenable Network Security, Inc.");
 
 script_dependencies("citadel_overflow.nasl");
 script_require_ports("Services/citadel/ux", 504);
 exit(0);
}


port = get_kb_item("Services/citadel/ux");
if ( ! port ) port = 504;

kb = get_kb_item("citadel/" + port + "/version");
if ( ! kb ) exit(0);


version = egrep(pattern:"^Citadel(/UX)? ([0-5]\..*|6\.([0-1][0-9]|2[0-7])[^0-9])", string:kb);

if ( version )
	security_hole(port);

Related

cve 1
cve
cve
CVE-2004-1192
2005-01-10 05:00:00
JSON
Related for CITADEL_FMT_STRING.NASL
cve1