Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.DEBIAN_DSA-1930.NASL
HistoryFeb 24, 2010 - 12:00 a.m.

Debian DSA-1930-1 : drupal6 - several vulnerabilities

2010-02-2400:00:00
This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
13

CVSS2

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

EPSS

0.003

Percentile

68.8%

JSON

Several vulnerabilities have been found in drupal6, a fully-featured content management framework. The Common Vulnerabilities and Exposures project identifies the following problems :

  • CVE-2009-2372 Gerhard Killesreiter discovered a flaw in the way user signatures are handled. It is possible for a user to inject arbitrary code via a crafted user signature.
    (SA-CORE-2009-007)

  • CVE-2009-2373 Mark Piper, Sven Herrmann and Brandon Knight discovered a cross-site scripting issue in the forum module, which could be exploited via the tid parameter.
    (SA-CORE-2009-007)

  • CVE-2009-2374 Sumit Datta discovered that certain drupal6 pages leak sensitive information such as user credentials.
    (SA-CORE-2009-007)

Several design flaws in the OpenID module have been fixed, which could lead to cross-site request forgeries or privilege escalations. Also, the file upload function does not process all extensions properly leading to the possible execution of arbitrary code.
(SA-CORE-2009-008)

The oldstable distribution (etch) does not contain drupal6.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Debian Security Advisory DSA-1930. The text 
# itself is copyright (C) Software in the Public Interest, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(44795);
  script_version("1.14");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/04");

  script_cve_id("CVE-2009-2372", "CVE-2009-2373", "CVE-2009-2374");
  script_bugtraq_id(35548);
  script_xref(name:"DSA", value:"1930");

  script_name(english:"Debian DSA-1930-1 : drupal6 - several vulnerabilities");
  script_summary(english:"Checks dpkg output for the updated package");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Debian host is missing a security-related update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Several vulnerabilities have been found in drupal6, a fully-featured
content management framework. The Common Vulnerabilities and Exposures
project identifies the following problems :

  - CVE-2009-2372
    Gerhard Killesreiter discovered a flaw in the way user
    signatures are handled. It is possible for a user to
    inject arbitrary code via a crafted user signature.
    (SA-CORE-2009-007)

  - CVE-2009-2373
    Mark Piper, Sven Herrmann and Brandon Knight discovered
    a cross-site scripting issue in the forum module, which
    could be exploited via the tid parameter.
    (SA-CORE-2009-007)

  - CVE-2009-2374
    Sumit Datta discovered that certain drupal6 pages leak
    sensitive information such as user credentials.
    (SA-CORE-2009-007)

Several design flaws in the OpenID module have been fixed, which could
lead to cross-site request forgeries or privilege escalations. Also,
the file upload function does not process all extensions properly
leading to the possible execution of arbitrary code.
(SA-CORE-2009-008)

The oldstable distribution (etch) does not contain drupal6."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=535435"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=547140"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2009-2372"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2009-2373"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2009-2374"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.debian.org/security/2009/dsa-1930"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"Upgrade the drupal6 packages.

For the stable distribution (lenny), these problems have been fixed in
version 6.6-3lenny3."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploit_framework_core", value:"true");
  script_cwe_id(79, 94, 255);

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:drupal6");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:5.0");

  script_set_attribute(attribute:"patch_publication_date", value:"2009/11/07");
  script_set_attribute(attribute:"plugin_publication_date", value:"2010/02/24");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Debian Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("debian_package.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;
if (deb_check(release:"5.0", prefix:"drupal6", reference:"6.6-3lenny3")) flag++;

if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());
  else security_warning(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
VendorProductVersionCPE
debiandebian_linuxdrupal6p-cpe:/a:debian:debian_linux:drupal6
debiandebian_linux5.0cpe:/o:debian:debian_linux:5.0

Related

debian 1
openvas 6
osv 1
nessus 1
freebsd 1
nvd 3
ubuntucve 3
cvelist 3
prion 3
cve 3
debian
debian
[SECURITY] [DSA 1930-1] New drupal6 packages fix several vulnerabilities
2009-11-07 00:46:57
openvas
openvas
Debian: Security Advisory (DSA-1930-1)
2009-11-11 00:00:00
Debian Security Advisory DSA 1930-1 (drupal6)
2009-11-11 00:00:00
FreeBSD Ports: drupal5
2009-07-15 00:00:00
osv
osv
drupal6 - several vulnerabilities
2009-11-07 00:00:00
nessus
nessus
FreeBSD : drupal -- multiple vulnerabilities (be927298-6f97-11de-b444-001372fd0af2)
2009-07-14 00:00:00
freebsd
freebsd
drupal -- multiple vulnerabilities
2009-07-01 00:00:00
nvd
nvd
CVE-2009-2374
2009-07-08 15:30:01
CVE-2009-2373
2009-07-08 15:30:01
CVE-2009-2372
2009-07-08 15:30:01
ubuntucve
ubuntucve
CVE-2009-2373
2009-07-08 00:00:00
CVE-2009-2374
2009-07-08 00:00:00
CVE-2009-2372
2009-07-08 00:00:00
cvelist
cvelist
CVE-2009-2374
2009-07-08 15:00:00
CVE-2009-2373
2009-07-08 15:00:00
CVE-2009-2372
2009-07-08 15:00:00
prion
prion
Default credentials
2009-07-08 15:30:00
Cross site scripting
2009-07-08 15:30:00
Format string
2009-07-08 15:30:00
cve
cve
CVE-2009-2373
2009-07-08 15:30:01
CVE-2009-2374
2009-07-08 15:30:01
CVE-2009-2372
2009-07-08 15:30:01

CVSS2

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

EPSS

0.003

Percentile

68.8%

JSON
Related for DEBIAN_DSA-1930.NASL
debian1openvas6osv1nessus1freebsd1nvd3ubuntucve3cvelist3prion3cve3