Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.DEBIAN_DSA-3942.NASL
HistoryAug 14, 2017 - 12:00 a.m.

Debian DSA-3942-1 : supervisor - security update

2017-08-1400:00:00
This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
12
JSON

Calum Hutton reported that the XML-RPC server in supervisor, a system for controlling process state, does not perform validation on requested XML-RPC methods, allowing an authenticated client to send a malicious XML-RPC request to supervisord that will run arbitrary shell commands on the server as the same user as supervisord.

The vulnerability has been fixed by disabling nested namespace lookup entirely. supervisord will now only call methods on the object registered to handle XML-RPC requests and not any child objects it may contain, possibly breaking existing setups. No publicly available plugins are currently known that use nested namespaces. Plugins that use a single namespace will continue to work as before. Details can be found on the upstream issue at https://github.com/Supervisor/supervisor/issues/964 .

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Debian Security Advisory DSA-3942. The text 
# itself is copyright (C) Software in the Public Interest, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(102449);
  script_version("3.7");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/04");

  script_cve_id("CVE-2017-11610");
  script_xref(name:"DSA", value:"3942");

  script_name(english:"Debian DSA-3942-1 : supervisor - security update");
  script_summary(english:"Checks dpkg output for the updated package");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Debian host is missing a security-related update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Calum Hutton reported that the XML-RPC server in supervisor, a system
for controlling process state, does not perform validation on
requested XML-RPC methods, allowing an authenticated client to send a
malicious XML-RPC request to supervisord that will run arbitrary shell
commands on the server as the same user as supervisord.

The vulnerability has been fixed by disabling nested namespace lookup
entirely. supervisord will now only call methods on the object
registered to handle XML-RPC requests and not any child objects it may
contain, possibly breaking existing setups. No publicly available
plugins are currently known that use nested namespaces. Plugins that
use a single namespace will continue to work as before. Details can be
found on the upstream issue at
https://github.com/Supervisor/supervisor/issues/964 ."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870187"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://github.com/Supervisor/supervisor/issues/964"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://packages.debian.org/source/jessie/supervisor"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://packages.debian.org/source/stretch/supervisor"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.debian.org/security/2017/dsa-3942"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"Upgrade the supervisor packages.

For the oldstable distribution (jessie), this problem has been fixed
in version 3.0r1-1+deb8u1.

For the stable distribution (stretch), this problem has been fixed in
version 3.3.1-1+deb9u1."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"metasploit_name", value:'Supervisor XML-RPC Authenticated Remote Code Execution');
  script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:supervisor");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:8.0");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:9.0");

  script_set_attribute(attribute:"patch_publication_date", value:"2017/08/13");
  script_set_attribute(attribute:"plugin_publication_date", value:"2017/08/14");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Debian Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("debian_package.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;
if (deb_check(release:"8.0", prefix:"supervisor", reference:"3.0r1-1+deb8u1")) flag++;
if (deb_check(release:"9.0", prefix:"supervisor", reference:"3.3.1-1+deb9u1")) flag++;
if (deb_check(release:"9.0", prefix:"supervisor-doc", reference:"3.3.1-1+deb9u1")) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
  else security_hole(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
VendorProductVersionCPE
debiandebian_linuxsupervisorp-cpe:/a:debian:debian_linux:supervisor
debiandebian_linux8.0cpe:/o:debian:debian_linux:8.0
debiandebian_linux9.0cpe:/o:debian:debian_linux:9.0

Related

prion 1
seebug 1
osv 5
veracode 2
fedora 3
cve 1
openvas 6
packetstorm 1
debian 3
github 1
debiancve 1
nessus 6
mageia 1
freebsd 1
gentoo 1
nuclei 1
zdt 1
redhatcve 1
ubuntucve 1
metasploit 1
alpinelinux 1
attackerkb 1
redhat 1
exploitdb 1
threatpost 1
myhack58 1
prion
prion
Cross site request forgery (csrf)
2017-08-23 14:29:00
seebug
seebug
Supervisor Authenticated Remote Code Execution(CVE-2017-11610)
2017-07-27 00:00:00
osv
osv
supervisor - security update
2017-07-31 00:00:00
PYSEC-2017-41
2017-08-23 14:29:00
Incorrect Default Permissions in Supervisor
2022-05-13 01:42:26
veracode
veracode
Remote Code Execution (RCE)
2019-01-15 09:19:14
Remote Code Execution (RCE)
2017-07-24 22:39:07
fedora
fedora
[SECURITY] Fedora 24 Update: supervisor-3.1.4-1.fc24
2017-08-07 20:18:38
[SECURITY] Fedora 25 Update: supervisor-3.2.4-1.fc25
2017-08-07 21:23:15
[SECURITY] Fedora 26 Update: supervisor-3.3.3-1.fc26
2017-08-07 17:22:19
cve
cve
CVE-2017-11610
2017-08-23 14:29:00
openvas
openvas
Mageia: Security Advisory (MGASA-2017-0263)
2022-01-28 00:00:00
Debian: Security Advisory (DSA-3942-1)
2017-08-12 00:00:00
Debian: Security Advisory (DLA-1047-1)
2018-02-07 00:00:00
packetstorm
packetstorm
Supervisor XML-RPC Authenticated Remote Code Execution
2017-09-25 00:00:00
debian
debian
[SECURITY] [DSA 3942-1] supervisor security update
2017-08-13 19:45:15
[SECURITY] [DLA 1047-1] supervisor security update
2017-07-31 12:59:48
[SECURITY] [DSA 3942-1] supervisor security update
2017-08-13 19:45:15
github
github
Incorrect Default Permissions in Supervisor
2022-05-13 01:42:26
debiancve
debiancve
CVE-2017-11610
2017-08-23 14:29:00
nessus
nessus
Fedora 25 : supervisor (2017-85eb9f7a36)
2017-08-09 00:00:00
Fedora 26 : supervisor (2017-307eab89e1)
2017-08-08 00:00:00
Debian DLA-1047-1 : supervisor security update
2017-08-01 00:00:00
mageia
mageia
Updated supervisor packages fix security vulnerability
2017-08-13 16:17:41
freebsd
freebsd
Supervisord -- An authenticated client can run arbitrary shell commands via malicious XML-RPC requests
2017-07-24 00:00:00
gentoo
gentoo
Supervisor: command injection vulnerability
2017-09-17 00:00:00
nuclei
nuclei
XML-RPC Server - Remote Code Execution
2021-11-15 23:27:25
zdt
zdt
Supervisor XML-RPC Authenticated Remote Code Execution Exploit
2017-09-25 00:00:00
redhatcve
redhatcve
CVE-2017-11610
2017-07-28 07:19:44
ubuntucve
ubuntucve
CVE-2017-11610
2017-08-23 00:00:00
metasploit
metasploit
Supervisor XML-RPC Authenticated Remote Code Execution
2017-08-30 02:10:46
alpinelinux
alpinelinux
CVE-2017-11610
2017-08-23 14:29:00
attackerkb
attackerkb
CVE-2017-11610
2017-08-23 00:00:00
redhat
redhat
(RHSA-2017:3005) Important: Red Hat CloudForms security, bug fix, and enhancement update
2017-10-24 00:00:47
exploitdb
exploitdb
Supervisor 3.0a1 < 3.3.2 - XML-RPC (Authenticated) Remote Code Execution (Metasploit)
2017-09-25 00:00:00
threatpost
threatpost
Golang Cryptomining Worm Offers 15% Speed Boost
2021-08-06 20:41:40
myhack58
myhack58
Nexus Repository Manager 3 new vulnerability has been used in mining Trojan spread, users are advised to fix as soon as possible-vulnerability warning-the black bar safety net
2019-03-12 00:00:00
JSON
Related for DEBIAN_DSA-3942.NASL
prion1seebug1osv5veracode2fedora3cve1openvas6packetstorm1debian3github1debiancve1nessus6mageia1freebsd1gentoo1nuclei1zdt1redhatcve1ubuntucve1metasploit1alpinelinux1attackerkb1redhat1exploitdb1threatpost1myhack581