Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.DEBIAN_DLA-68.NASL
HistoryMar 26, 2015 - 12:00 a.m.

Debian DLA-68-1 : fex security update

2015-03-2600:00:00
This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
13
JSON

[CVE-2014-3875]

When inserting encoded newline characters into a request to rup, additional HTTP headers can be injected into the reply, as well as new HTML code on the top of the website.

[CVE-2014-3876] The parameter akey is reflected unfiltered as part of the HTML page. Some characters are forbidden in the GET parameter due to filtering of the URL, but this can be circumvented by using a POST parameter. Nevertheless, this issue is exploitable via the GET parameter alone, with some user interaction.

[CVE-2014-3877] The parameter addto is reflected only slightly filtered back to the user as part of the HTML page. Some characters are forbidden in the GET parameter due to filtering of the URL, but this can be circumvented by using a POST parameter. Nevertheless, this issue is exploitable via the GET parameter alone, with some user interaction.

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Debian Security Advisory DLA-68-1. The text
# itself is copyright (C) Software in the Public Interest, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(82213);
  script_version("1.7");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/11");

  script_cve_id("CVE-2014-3875", "CVE-2014-3876", "CVE-2014-3877");
  script_bugtraq_id(67783, 67785, 67788);

  script_name(english:"Debian DLA-68-1 : fex security update");
  script_summary(english:"Checks dpkg output for the updated packages.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Debian host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"[CVE-2014-3875]

When inserting encoded newline characters into a request to rup,
additional HTTP headers can be injected into the reply, as well as new
HTML code on the top of the website.

[CVE-2014-3876] The parameter akey is reflected unfiltered as part of
the HTML page. Some characters are forbidden in the GET parameter due
to filtering of the URL, but this can be circumvented by using a POST
parameter. Nevertheless, this issue is exploitable via the GET
parameter alone, with some user interaction.

[CVE-2014-3877] The parameter addto is reflected only slightly
filtered back to the user as part of the HTML page. Some characters
are forbidden in the GET parameter due to filtering of the URL, but
this can be circumvented by using a POST parameter. Nevertheless, this
issue is exploitable via the GET parameter alone, with some user
interaction.

NOTE: Tenable Network Security has extracted the preceding description
block directly from the DLA security advisory. Tenable has attempted
to automatically clean and format it as much as possible without
introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://lists.debian.org/debian-lts-announce/2014/09/msg00025.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://packages.debian.org/source/squeeze-lts/fex"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Upgrade the affected fex, and fex-utils packages."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:fex");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:fex-utils");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:6.0");

  script_set_attribute(attribute:"vuln_publication_date", value:"2014/06/18");
  script_set_attribute(attribute:"patch_publication_date", value:"2014/09/30");
  script_set_attribute(attribute:"plugin_publication_date", value:"2015/03/26");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Debian Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("debian_package.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;
if (deb_check(release:"6.0", prefix:"fex", reference:"20100208+debian1-1+squeeze4")) flag++;
if (deb_check(release:"6.0", prefix:"fex-utils", reference:"20100208+debian1-1+squeeze4")) flag++;

if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());
  else security_warning(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
VendorProductVersionCPE
debiandebian_linuxfex-utilsp-cpe:/a:debian:debian_linux:fex-utils
debiandebian_linux6.0cpe:/o:debian:debian_linux:6.0
debiandebian_linuxfexp-cpe:/a:debian:debian_linux:fex

Related

openvas 2
packetstorm 1
securityvulns 2
osv 1
zdt 1
debian 1
cvelist 3
debiancve 3
cve 3
ubuntucve 3
prion 3
openvas
openvas
Frams&qt Fast File EXchange Multiple Vulnerabilities
2014-07-04 00:00:00
Debian: Security Advisory (DLA-68-1)
2023-03-08 00:00:00
packetstorm
packetstorm
F*EX 20140313-1 HTTP Response Splitting / Cross Site Scripting
2014-06-03 00:00:00
securityvulns
securityvulns
LSE Leading Security Experts GmbH - LSE-2014-05-22 - F*EX - Multiple Issues
2014-06-14 00:00:00
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
2014-06-14 00:00:00
osv
osv
fex - security update
2014-09-30 00:00:00
zdt
zdt
F*EX 20140313-1 HTTP Response Splitting / Cross Site Scripting
2014-06-05 00:00:00
debian
debian
[SECURITY] [DLA 68-1] fex security update
2014-09-30 20:47:01
cvelist
cvelist
CVE-2014-3876
2014-06-18 14:00:00
CVE-2014-3877
2014-06-18 14:00:00
CVE-2014-3875
2019-11-27 18:35:08
debiancve
debiancve
CVE-2014-3876
2014-06-18 14:55:00
CVE-2014-3875
2019-11-27 19:15:00
CVE-2014-3877
2014-06-18 14:55:00
cve
cve
CVE-2014-3876
2014-06-18 14:55:00
CVE-2014-3877
2014-06-18 14:55:00
CVE-2014-3875
2019-11-27 19:15:00
ubuntucve
ubuntucve
CVE-2014-3877
2014-06-18 00:00:00
CVE-2014-3875
2019-11-27 00:00:00
CVE-2014-3876
2014-06-18 00:00:00
prion
prion
Cross site scripting
2019-11-27 19:15:00
Cross site scripting
2014-06-18 14:55:00
Cross site scripting
2014-06-18 14:55:00
JSON
Related for DEBIAN_DLA-68.NASL
openvas2packetstorm1securityvulns2osv1zdt1debian1cvelist3debiancve3cve3ubuntucve3prion3