Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2006-2021 Tenable Network Security, Inc.DEBIAN_DSA-1190.NASL
HistoryOct 25, 2006 - 12:00 a.m.

Debian DSA-1190-1 : maxdb-7.5.00 - buffer overflow

2006-10-2500:00:00
This script is Copyright (C) 2006-2021 Tenable Network Security, Inc.
www.tenable.com
56

10 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.967 High

EPSS

Percentile

99.6%

JSON

Oliver Karow discovered that the WebDBM frontend of the MaxDB database performs insufficient sanitising of requests passed to it, which might lead to the execution of arbitrary code.

#%NASL_MIN_LEVEL 70300

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Debian Security Advisory DSA-1190. The text 
# itself is copyright (C) Software in the Public Interest, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(22904);
  script_version("1.15");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/04");

  script_cve_id("CVE-2006-4305");
  script_xref(name:"DSA", value:"1190");

  script_name(english:"Debian DSA-1190-1 : maxdb-7.5.00 - buffer overflow");
  script_summary(english:"Checks dpkg output for the updated package");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Debian host is missing a security-related update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Oliver Karow discovered that the WebDBM frontend of the MaxDB database
performs insufficient sanitising of requests passed to it, which might
lead to the execution of arbitrary code."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=386182"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.debian.org/security/2006/dsa-1190"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"Upgrade the maxdb-7.5.00 package.

For the stable distribution (sarge) this problem has been fixed in
version 7.5.00.24-4."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"metasploit_name", value:'MaxDB WebDBM Database Parameter Overflow');
  script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:maxdb-7.5.00");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:3.1");

  script_set_attribute(attribute:"patch_publication_date", value:"2006/10/04");
  script_set_attribute(attribute:"plugin_publication_date", value:"2006/10/25");
  script_set_attribute(attribute:"vuln_publication_date", value:"2006/08/29");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2006-2021 Tenable Network Security, Inc.");
  script_family(english:"Debian Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("debian_package.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;
if (deb_check(release:"3.1", prefix:"libsqldbc7.5.00", reference:"7.5.00.24-4")) flag++;
if (deb_check(release:"3.1", prefix:"libsqldbc7.5.00-dev", reference:"7.5.00.24-4")) flag++;
if (deb_check(release:"3.1", prefix:"libsqlod7.5.00", reference:"7.5.00.24-4")) flag++;
if (deb_check(release:"3.1", prefix:"libsqlod7.5.00-dev", reference:"7.5.00.24-4")) flag++;
if (deb_check(release:"3.1", prefix:"maxdb-dbanalyzer", reference:"7.5.00.24-4")) flag++;
if (deb_check(release:"3.1", prefix:"maxdb-dbmcli", reference:"7.5.00.24-4")) flag++;
if (deb_check(release:"3.1", prefix:"maxdb-loadercli", reference:"7.5.00.24-4")) flag++;
if (deb_check(release:"3.1", prefix:"maxdb-lserver", reference:"7.5.00.24-4")) flag++;
if (deb_check(release:"3.1", prefix:"maxdb-server", reference:"7.5.00.24-4")) flag++;
if (deb_check(release:"3.1", prefix:"maxdb-server-7.5.00", reference:"7.5.00.24-4")) flag++;
if (deb_check(release:"3.1", prefix:"maxdb-server-dbg-7.5.00", reference:"7.5.00.24-4")) flag++;
if (deb_check(release:"3.1", prefix:"maxdb-sqlcli", reference:"7.5.00.24-4")) flag++;
if (deb_check(release:"3.1", prefix:"maxdb-webtools", reference:"7.5.00.24-4")) flag++;
if (deb_check(release:"3.1", prefix:"python-maxdb", reference:"7.5.00.24-4")) flag++;
if (deb_check(release:"3.1", prefix:"python-maxdb-loader", reference:"7.5.00.24-4")) flag++;
if (deb_check(release:"3.1", prefix:"python2.3-maxdb", reference:"7.5.00.24-4")) flag++;
if (deb_check(release:"3.1", prefix:"python2.3-maxdb-loader", reference:"7.5.00.24-4")) flag++;
if (deb_check(release:"3.1", prefix:"python2.4-maxdb", reference:"7.5.00.24-4")) flag++;
if (deb_check(release:"3.1", prefix:"python2.4-maxdb-loader", reference:"7.5.00.24-4")) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
  else security_hole(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
VendorProductVersionCPE
debiandebian_linuxmaxdb-7.5.00p-cpe:/a:debian:debian_linux:maxdb-7.5.00
debiandebian_linux3.1cpe:/o:debian:debian_linux:3.1

Related

saint 4
nvd 1
checkpoint_advisories 1
ubuntucve 1
nessus 1
cvelist 1
openvas 2
osv 1
debian 1
securityvulns 1
packetstorm 1
cve 1
saint
saint
MySQL MaxDB WebDBM database name buffer overflow
2006-09-06 00:00:00
MySQL MaxDB WebDBM database name buffer overflow
2006-09-06 00:00:00
MySQL MaxDB WebDBM database name buffer overflow
2006-09-06 00:00:00
nvd
nvd
CVE-2006-4305
2006-08-30 01:04:00
checkpoint_advisories
checkpoint_advisories
MySQL MaxDB WebDBM Server Buffer Overflow (CVE-2006-4305)
2009-11-10 00:00:00
ubuntucve
ubuntucve
CVE-2006-4305
2006-08-30 00:00:00
nessus
nessus
SAP DB / MaxDB WebDBM Client Database Name Remote Overflow
2006-09-06 00:00:00
cvelist
cvelist
CVE-2006-4305
2006-08-30 01:00:00
openvas
openvas
Debian Security Advisory DSA 1190-1 (maxdb-7.5.00)
2008-01-17 00:00:00
Debian: Security Advisory (DSA-1190-1)
2008-01-17 00:00:00
osv
osv
maxdb-7.5.00
2006-10-04 00:00:00
debian
debian
[SECURITY] [DSA 1190-1] New maxdb-7.5.00 packages fix execution of arbitrary code
2006-10-04 19:41:32
securityvulns
securityvulns
SYMSA-2006-009
2006-08-30 00:00:00
packetstorm
packetstorm
MaxDB WebDBM Database Parameter Overflow
2009-10-30 00:00:00
cve
cve
CVE-2006-4305
2006-08-30 01:04:00

10 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.967 High

EPSS

Percentile

99.6%

JSON
Related for DEBIAN_DSA-1190.NASL
saint4nvd1checkpoint_advisories1ubuntucve1nessus1cvelist1openvas2osv1debian1securityvulns1packetstorm1cve1