{"id": "FEDORA_2008-3220.NASL", "bulletinFamily": "scanner", "title": "Fedora 8 : fedora-ds-admin-1.1.4-1.fc8 (2008-3220)", "description": "This release addresses two security vulerabilities in the package: - shell command injection in CGI replication monitor (CVE-2008-0892) - unrestricted access to CGI scripts (CVE-2008-0893) Fix Description:\nRemove ScriptAlias for bin/admin/admin/bin - do not use that directory for CGI URIs - use only protected URIs for CGIs requiring authentication Remove most CGI parameters from repl-monitor-cgi.pl - user must supply replmon.conf in the admin server config directory instead of passing in this pathname - repl-monitor-cgi.pl does not use system to call repl-monitor.pl, it 'includes' that script (using perl import).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2008-04-25T00:00:00", "modified": "2016-12-08T00:00:00", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=32037", "reporter": "Tenable", "references": ["https://bugzilla.redhat.com/show_bug.cgi?id=437301", "https://bugzilla.redhat.com/show_bug.cgi?id=437320", "http://www.nessus.org/u?48c04c5f"], "cvelist": ["CVE-2008-0892", "CVE-2008-0893"], "type": "nessus", "lastseen": "2019-02-21T01:10:53", "history": [{"bulletin": {"bulletinFamily": "scanner", "cpe": [], "cvelist": ["CVE-2008-0892", "CVE-2008-0893"], "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "This release addresses two security vulerabilities in the package: - shell command injection in CGI replication monitor (CVE-2008-0892) - unrestricted access to CGI scripts (CVE-2008-0893) Fix Description:\nRemove ScriptAlias for bin/admin/admin/bin - do not use that directory for CGI URIs - use only protected URIs for CGIs requiring authentication Remove most CGI parameters from repl-monitor-cgi.pl - user must supply replmon.conf in the admin server config directory instead of passing in this pathname - repl-monitor-cgi.pl does not use system to call repl-monitor.pl, it 'includes' that script (using perl import).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 2, "enchantments": {}, "hash": "34f32bfb39d64820b47b4657beca23c40a54299200db9d2db8593ca06e21585e", "hashmap": [{"hash": "2f0b60f2df94d74d5c102ecb12d1c3e7", "key": "references"}, {"hash": "a01f5d5486e7ba23cf360ce8155d1ca1", "key": "published"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "f73a7def4acb756ae33e8fc8d23622eb", "key": "modified"}, {"hash": "4035bb63b3038a0778fdb3768527e948", "key": "description"}, {"hash": "f3a3d61b07332233ac57e4f232725e18", "key": "pluginID"}, {"hash": "06d124e1d14d0213ca180a4b8ec0dfe0", "key": "cvelist"}, {"hash": "0c13e3ba9348dd2d72ee4063b0ffbd16", "key": "sourceData"}, {"hash": "00a236303b1db5c592310bf19f5b2293", "key": "title"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "c4c3bbef20008b9e3105ec23c7fa2b55", "key": "href"}, {"hash": "be931514784f88df80712740ad2723e7", "key": "naslFamily"}, {"hash": "4ea840ff73b6affb0ff1787d26923e0e", "key": "cvss"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=32037", "id": "FEDORA_2008-3220.NASL", "lastseen": "2016-12-09T05:34:55", "modified": "2016-12-08T00:00:00", "naslFamily": "Fedora Local Security Checks", "objectVersion": "1.2", "pluginID": "32037", "published": "2008-04-25T00:00:00", "references": ["https://bugzilla.redhat.com/show_bug.cgi?id=437301", "https://bugzilla.redhat.com/show_bug.cgi?id=437320", "http://www.nessus.org/u?48c04c5f"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2008-3220.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(32037);\n script_version (\"$Revision: 1.14 $\");\n script_cvs_date(\"$Date: 2016/12/08 20:11:36 $\");\n\n script_cve_id(\"CVE-2008-0892\", \"CVE-2008-0893\");\n script_xref(name:\"FEDORA\", value:\"2008-3220\");\n\n script_name(english:\"Fedora 8 : fedora-ds-admin-1.1.4-1.fc8 (2008-3220)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This release addresses two security vulerabilities in the package: -\nshell command injection in CGI replication monitor (CVE-2008-0892) -\nunrestricted access to CGI scripts (CVE-2008-0893) Fix Description:\nRemove ScriptAlias for bin/admin/admin/bin - do not use that directory\nfor CGI URIs - use only protected URIs for CGIs requiring\nauthentication Remove most CGI parameters from repl-monitor-cgi.pl -\nuser must supply replmon.conf in the admin server config directory\ninstead of passing in this pathname - repl-monitor-cgi.pl does not use\nsystem to call repl-monitor.pl, it 'includes' that script (using perl\nimport).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=437301\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=437320\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-April/009411.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?48c04c5f\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected fedora-ds-admin package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'D2ExploitPack');\n script_cwe_id(20, 264);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:fedora-ds-admin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:8\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/04/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/04/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2016 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 8.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC8\", reference:\"fedora-ds-admin-1.1.4-1.fc8\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"fedora-ds-admin\");\n}\n", "title": "Fedora 8 : fedora-ds-admin-1.1.4-1.fc8 (2008-3220)", "type": "nessus", "viewCount": 1}, "differentElements": ["cpe"], "edition": 2, "lastseen": "2016-12-09T05:34:55"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/o:fedoraproject:fedora:8", "p-cpe:/a:fedoraproject:fedora:fedora-ds-admin"], "cvelist": ["CVE-2008-0892", "CVE-2008-0893"], "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "This release addresses two security vulerabilities in the package: - shell command injection in CGI replication monitor (CVE-2008-0892) - unrestricted access to CGI scripts (CVE-2008-0893) Fix Description:\nRemove ScriptAlias for bin/admin/admin/bin - do not use that directory for CGI URIs - use only protected URIs for CGIs requiring authentication Remove most CGI parameters from repl-monitor-cgi.pl - user must supply replmon.conf in the admin server config directory instead of passing in this pathname - repl-monitor-cgi.pl does not use system to call repl-monitor.pl, it 'includes' that script (using perl import).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 5, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "hash": "97676b5dd5598399b385435685061815d612401a0134de302e5f8e97a3beea2a", "hashmap": [{"hash": "2f0b60f2df94d74d5c102ecb12d1c3e7", "key": "references"}, {"hash": "a01f5d5486e7ba23cf360ce8155d1ca1", "key": "published"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "f73a7def4acb756ae33e8fc8d23622eb", "key": "modified"}, {"hash": "4035bb63b3038a0778fdb3768527e948", "key": "description"}, {"hash": "267e930787c7a1bac5fbc3572627e517", "key": "cpe"}, {"hash": "f3a3d61b07332233ac57e4f232725e18", "key": "pluginID"}, {"hash": "06d124e1d14d0213ca180a4b8ec0dfe0", "key": "cvelist"}, {"hash": "0c13e3ba9348dd2d72ee4063b0ffbd16", "key": "sourceData"}, {"hash": "00a236303b1db5c592310bf19f5b2293", "key": "title"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "c4c3bbef20008b9e3105ec23c7fa2b55", "key": "href"}, {"hash": "be931514784f88df80712740ad2723e7", "key": "naslFamily"}, {"hash": "4ea840ff73b6affb0ff1787d26923e0e", "key": "cvss"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=32037", "id": "FEDORA_2008-3220.NASL", "lastseen": "2018-09-01T23:44:34", "modified": "2016-12-08T00:00:00", "naslFamily": "Fedora Local Security Checks", "objectVersion": "1.3", "pluginID": "32037", "published": "2008-04-25T00:00:00", "references": ["https://bugzilla.redhat.com/show_bug.cgi?id=437301", "https://bugzilla.redhat.com/show_bug.cgi?id=437320", "http://www.nessus.org/u?48c04c5f"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2008-3220.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(32037);\n script_version (\"$Revision: 1.14 $\");\n script_cvs_date(\"$Date: 2016/12/08 20:11:36 $\");\n\n script_cve_id(\"CVE-2008-0892\", \"CVE-2008-0893\");\n script_xref(name:\"FEDORA\", value:\"2008-3220\");\n\n script_name(english:\"Fedora 8 : fedora-ds-admin-1.1.4-1.fc8 (2008-3220)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This release addresses two security vulerabilities in the package: -\nshell command injection in CGI replication monitor (CVE-2008-0892) -\nunrestricted access to CGI scripts (CVE-2008-0893) Fix Description:\nRemove ScriptAlias for bin/admin/admin/bin - do not use that directory\nfor CGI URIs - use only protected URIs for CGIs requiring\nauthentication Remove most CGI parameters from repl-monitor-cgi.pl -\nuser must supply replmon.conf in the admin server config directory\ninstead of passing in this pathname - repl-monitor-cgi.pl does not use\nsystem to call repl-monitor.pl, it 'includes' that script (using perl\nimport).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=437301\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=437320\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-April/009411.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?48c04c5f\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected fedora-ds-admin package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'D2ExploitPack');\n script_cwe_id(20, 264);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:fedora-ds-admin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:8\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/04/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/04/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2016 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 8.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC8\", reference:\"fedora-ds-admin-1.1.4-1.fc8\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"fedora-ds-admin\");\n}\n", "title": "Fedora 8 : fedora-ds-admin-1.1.4-1.fc8 (2008-3220)", "type": "nessus", "viewCount": 1}, "differentElements": ["description"], "edition": 5, "lastseen": "2018-09-01T23:44:34"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/o:fedoraproject:fedora:8", "p-cpe:/a:fedoraproject:fedora:fedora-ds-admin"], "cvelist": ["CVE-2008-0892", "CVE-2008-0893"], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "This release addresses two security vulerabilities in the package: - shell command injection in CGI replication monitor (CVE-2008-0892) - unrestricted access to CGI scripts (CVE-2008-0893) Fix Description:\nRemove ScriptAlias for bin/admin/admin/bin - do not use that directory for CGI URIs - use only protected URIs for CGIs requiring authentication Remove most CGI parameters from repl-monitor-cgi.pl - user must supply replmon.conf in the admin server config directory instead of passing in this pathname - repl-monitor-cgi.pl does not use system to call repl-monitor.pl, it 'includes' that script (using perl import).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 4, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "hash": "1afb6abaea4503a79f181e6787054c653c5e40a9dd6a4dd7b8952552288f3e15", "hashmap": [{"hash": "2f0b60f2df94d74d5c102ecb12d1c3e7", "key": "references"}, {"hash": "a01f5d5486e7ba23cf360ce8155d1ca1", "key": "published"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "f73a7def4acb756ae33e8fc8d23622eb", "key": "modified"}, {"hash": "4035bb63b3038a0778fdb3768527e948", "key": "description"}, {"hash": "267e930787c7a1bac5fbc3572627e517", "key": "cpe"}, {"hash": "f3a3d61b07332233ac57e4f232725e18", "key": "pluginID"}, {"hash": "06d124e1d14d0213ca180a4b8ec0dfe0", "key": "cvelist"}, {"hash": "0c13e3ba9348dd2d72ee4063b0ffbd16", "key": "sourceData"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "00a236303b1db5c592310bf19f5b2293", "key": "title"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "c4c3bbef20008b9e3105ec23c7fa2b55", "key": "href"}, {"hash": "be931514784f88df80712740ad2723e7", "key": "naslFamily"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=32037", "id": "FEDORA_2008-3220.NASL", "lastseen": "2018-08-30T19:38:11", "modified": "2016-12-08T00:00:00", "naslFamily": "Fedora Local Security Checks", "objectVersion": "1.3", "pluginID": "32037", "published": "2008-04-25T00:00:00", "references": ["https://bugzilla.redhat.com/show_bug.cgi?id=437301", "https://bugzilla.redhat.com/show_bug.cgi?id=437320", "http://www.nessus.org/u?48c04c5f"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2008-3220.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(32037);\n script_version (\"$Revision: 1.14 $\");\n script_cvs_date(\"$Date: 2016/12/08 20:11:36 $\");\n\n script_cve_id(\"CVE-2008-0892\", \"CVE-2008-0893\");\n script_xref(name:\"FEDORA\", value:\"2008-3220\");\n\n script_name(english:\"Fedora 8 : fedora-ds-admin-1.1.4-1.fc8 (2008-3220)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This release addresses two security vulerabilities in the package: -\nshell command injection in CGI replication monitor (CVE-2008-0892) -\nunrestricted access to CGI scripts (CVE-2008-0893) Fix Description:\nRemove ScriptAlias for bin/admin/admin/bin - do not use that directory\nfor CGI URIs - use only protected URIs for CGIs requiring\nauthentication Remove most CGI parameters from repl-monitor-cgi.pl -\nuser must supply replmon.conf in the admin server config directory\ninstead of passing in this pathname - repl-monitor-cgi.pl does not use\nsystem to call repl-monitor.pl, it 'includes' that script (using perl\nimport).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=437301\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=437320\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-April/009411.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?48c04c5f\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected fedora-ds-admin package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'D2ExploitPack');\n script_cwe_id(20, 264);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:fedora-ds-admin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:8\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/04/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/04/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2016 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 8.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC8\", reference:\"fedora-ds-admin-1.1.4-1.fc8\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"fedora-ds-admin\");\n}\n", "title": "Fedora 8 : fedora-ds-admin-1.1.4-1.fc8 (2008-3220)", "type": "nessus", "viewCount": 1}, "differentElements": ["cvss"], "edition": 4, "lastseen": "2018-08-30T19:38:11"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/o:fedoraproject:fedora:8", "p-cpe:/a:fedoraproject:fedora:fedora-ds-admin"], "cvelist": ["CVE-2008-0892", "CVE-2008-0893"], "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "This release addresses two security vulerabilities in the package: -\nshell command injection in CGI replication monitor (CVE-2008-0892) -\nunrestricted access to CGI scripts (CVE-2008-0893) Fix Description:\nRemove ScriptAlias for bin/admin/admin/bin - do not use that directory\nfor CGI URIs - use only protected URIs for CGIs requiring\nauthentication Remove most CGI parameters from repl-monitor-cgi.pl -\nuser must supply replmon.conf in the admin server config directory\ninstead of passing in this pathname - repl-monitor-cgi.pl does not use\nsystem to call repl-monitor.pl, it 'includes' that script (using perl\nimport).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 6, "enchantments": {"dependencies": {"modified": "2019-01-16T20:08:16", "references": [{"idList": ["RHSA-2008:0201"], "type": "redhat"}, {"idList": ["RH_DIRSERV_REMOTE_CMD_EXEC.NASL", "FEDORA_2008-3214.NASL"], "type": "nessus"}, {"idList": ["D2SEC_DSADMIN"], "type": "d2"}, {"idList": ["OPENVAS:835174", "OPENVAS:860690", "OPENVAS:1361412562310835174", "OPENVAS:860520"], "type": "openvas"}, {"idList": ["CVE-2008-0892", "CVE-2008-0893"], "type": "cve"}]}, "score": {"value": 7.5, "vector": "NONE"}}, "hash": "f8fae8c1e5129f14e772a9ba2e1225c2e9ad40bae96f856fe2e8b0a33b1068f3", "hashmap": [{"hash": "2f0b60f2df94d74d5c102ecb12d1c3e7", "key": "references"}, {"hash": "a01f5d5486e7ba23cf360ce8155d1ca1", "key": "published"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "f73a7def4acb756ae33e8fc8d23622eb", "key": "modified"}, {"hash": "267e930787c7a1bac5fbc3572627e517", "key": "cpe"}, {"hash": "f3a3d61b07332233ac57e4f232725e18", "key": "pluginID"}, {"hash": "06d124e1d14d0213ca180a4b8ec0dfe0", "key": "cvelist"}, {"hash": "0c13e3ba9348dd2d72ee4063b0ffbd16", "key": "sourceData"}, {"hash": "00a236303b1db5c592310bf19f5b2293", "key": "title"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "c4c3bbef20008b9e3105ec23c7fa2b55", "key": "href"}, {"hash": "be931514784f88df80712740ad2723e7", "key": "naslFamily"}, {"hash": "4ea840ff73b6affb0ff1787d26923e0e", "key": "cvss"}, {"hash": "d57350f72dae002d0aebefbf806e59c9", "key": "description"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=32037", "id": "FEDORA_2008-3220.NASL", "lastseen": "2019-01-16T20:08:16", "modified": "2016-12-08T00:00:00", "naslFamily": "Fedora Local Security Checks", "objectVersion": "1.3", "pluginID": "32037", "published": "2008-04-25T00:00:00", "references": ["https://bugzilla.redhat.com/show_bug.cgi?id=437301", "https://bugzilla.redhat.com/show_bug.cgi?id=437320", "http://www.nessus.org/u?48c04c5f"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2008-3220.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(32037);\n script_version (\"$Revision: 1.14 $\");\n script_cvs_date(\"$Date: 2016/12/08 20:11:36 $\");\n\n script_cve_id(\"CVE-2008-0892\", \"CVE-2008-0893\");\n script_xref(name:\"FEDORA\", value:\"2008-3220\");\n\n script_name(english:\"Fedora 8 : fedora-ds-admin-1.1.4-1.fc8 (2008-3220)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This release addresses two security vulerabilities in the package: -\nshell command injection in CGI replication monitor (CVE-2008-0892) -\nunrestricted access to CGI scripts (CVE-2008-0893) Fix Description:\nRemove ScriptAlias for bin/admin/admin/bin - do not use that directory\nfor CGI URIs - use only protected URIs for CGIs requiring\nauthentication Remove most CGI parameters from repl-monitor-cgi.pl -\nuser must supply replmon.conf in the admin server config directory\ninstead of passing in this pathname - repl-monitor-cgi.pl does not use\nsystem to call repl-monitor.pl, it 'includes' that script (using perl\nimport).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=437301\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=437320\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-April/009411.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?48c04c5f\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected fedora-ds-admin package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'D2ExploitPack');\n script_cwe_id(20, 264);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:fedora-ds-admin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:8\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/04/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/04/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2016 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 8.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC8\", reference:\"fedora-ds-admin-1.1.4-1.fc8\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"fedora-ds-admin\");\n}\n", "title": "Fedora 8 : fedora-ds-admin-1.1.4-1.fc8 (2008-3220)", "type": "nessus", "viewCount": 1}, "differentElements": ["description"], "edition": 6, "lastseen": "2019-01-16T20:08:16"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/o:fedoraproject:fedora:8", "p-cpe:/a:fedoraproject:fedora:fedora-ds-admin"], "cvelist": ["CVE-2008-0892", "CVE-2008-0893"], "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "This release addresses two security vulerabilities in the package: - shell command injection in CGI replication monitor (CVE-2008-0892) - unrestricted access to CGI scripts (CVE-2008-0893) Fix Description:\nRemove ScriptAlias for bin/admin/admin/bin - do not use that directory for CGI URIs - use only protected URIs for CGIs requiring authentication Remove most CGI parameters from repl-monitor-cgi.pl - user must supply replmon.conf in the admin server config directory instead of passing in this pathname - repl-monitor-cgi.pl does not use system to call repl-monitor.pl, it 'includes' that script (using perl import).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 3, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "hash": "97676b5dd5598399b385435685061815d612401a0134de302e5f8e97a3beea2a", "hashmap": [{"hash": "2f0b60f2df94d74d5c102ecb12d1c3e7", "key": "references"}, {"hash": "a01f5d5486e7ba23cf360ce8155d1ca1", "key": "published"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "f73a7def4acb756ae33e8fc8d23622eb", "key": "modified"}, {"hash": "4035bb63b3038a0778fdb3768527e948", "key": "description"}, {"hash": "267e930787c7a1bac5fbc3572627e517", "key": "cpe"}, {"hash": "f3a3d61b07332233ac57e4f232725e18", "key": "pluginID"}, {"hash": "06d124e1d14d0213ca180a4b8ec0dfe0", "key": "cvelist"}, {"hash": "0c13e3ba9348dd2d72ee4063b0ffbd16", "key": "sourceData"}, {"hash": "00a236303b1db5c592310bf19f5b2293", "key": "title"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "c4c3bbef20008b9e3105ec23c7fa2b55", "key": "href"}, {"hash": "be931514784f88df80712740ad2723e7", "key": "naslFamily"}, {"hash": "4ea840ff73b6affb0ff1787d26923e0e", "key": "cvss"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=32037", "id": "FEDORA_2008-3220.NASL", "lastseen": "2017-10-29T13:37:32", "modified": "2016-12-08T00:00:00", "naslFamily": "Fedora Local Security Checks", "objectVersion": "1.3", "pluginID": "32037", "published": "2008-04-25T00:00:00", "references": ["https://bugzilla.redhat.com/show_bug.cgi?id=437301", "https://bugzilla.redhat.com/show_bug.cgi?id=437320", "http://www.nessus.org/u?48c04c5f"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2008-3220.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(32037);\n script_version (\"$Revision: 1.14 $\");\n script_cvs_date(\"$Date: 2016/12/08 20:11:36 $\");\n\n script_cve_id(\"CVE-2008-0892\", \"CVE-2008-0893\");\n script_xref(name:\"FEDORA\", value:\"2008-3220\");\n\n script_name(english:\"Fedora 8 : fedora-ds-admin-1.1.4-1.fc8 (2008-3220)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This release addresses two security vulerabilities in the package: -\nshell command injection in CGI replication monitor (CVE-2008-0892) -\nunrestricted access to CGI scripts (CVE-2008-0893) Fix Description:\nRemove ScriptAlias for bin/admin/admin/bin - do not use that directory\nfor CGI URIs - use only protected URIs for CGIs requiring\nauthentication Remove most CGI parameters from repl-monitor-cgi.pl -\nuser must supply replmon.conf in the admin server config directory\ninstead of passing in this pathname - repl-monitor-cgi.pl does not use\nsystem to call repl-monitor.pl, it 'includes' that script (using perl\nimport).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=437301\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=437320\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-April/009411.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?48c04c5f\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected fedora-ds-admin package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'D2ExploitPack');\n script_cwe_id(20, 264);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:fedora-ds-admin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:8\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/04/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/04/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2016 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 8.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC8\", reference:\"fedora-ds-admin-1.1.4-1.fc8\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"fedora-ds-admin\");\n}\n", "title": "Fedora 8 : fedora-ds-admin-1.1.4-1.fc8 (2008-3220)", "type": "nessus", "viewCount": 1}, "differentElements": ["cvss"], "edition": 3, "lastseen": "2017-10-29T13:37:32"}, {"bulletin": {"bulletinFamily": "exploit", "cvelist": ["CVE-2008-0892", "CVE-2008-0893"], "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "This release addresses two security vulerabilities in the package: - shell command injection in CGI replication monitor (CVE-2008-0892) - unrestricted access to CGI scripts (CVE-2008-0893) Fix Description:\nRemove ScriptAlias for bin/admin/admin/bin - do not use that directory for CGI URIs - use only protected URIs for CGIs requiring authentication Remove most CGI parameters from repl-monitor-cgi.pl - user must supply replmon.conf in the admin server config directory instead of passing in this pathname - repl-monitor-cgi.pl does not use system to call repl-monitor.pl, it 'includes' that script (using perl import).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 1, "hash": "9de951da4be5ecb4c283b68e60b71f5c94c66bdd0aaeb848a087a3e7448a3169", "hashmap": [{"hash": "708697c63f7eb369319c6523380bdf7a", "key": "bulletinFamily"}, {"hash": "2f0b60f2df94d74d5c102ecb12d1c3e7", "key": "references"}, {"hash": "a01f5d5486e7ba23cf360ce8155d1ca1", "key": "published"}, {"hash": "56765472680401499c79732468ba4340", "key": "objectVersion"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "4035bb63b3038a0778fdb3768527e948", "key": "description"}, {"hash": "8e27e37efafc468de5e2af65dc4e04a3", "key": "sourceData"}, {"hash": "f3a3d61b07332233ac57e4f232725e18", "key": "pluginID"}, {"hash": "06d124e1d14d0213ca180a4b8ec0dfe0", "key": "cvelist"}, {"hash": "00a236303b1db5c592310bf19f5b2293", "key": "title"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "c4c3bbef20008b9e3105ec23c7fa2b55", "key": "href"}, {"hash": "be931514784f88df80712740ad2723e7", "key": "naslFamily"}, {"hash": "4ea840ff73b6affb0ff1787d26923e0e", "key": "cvss"}, {"hash": "55c15b2ee014f410bc35a2ea45f82539", "key": "modified"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=32037", "id": "FEDORA_2008-3220.NASL", "lastseen": "2016-09-26T17:24:24", "modified": "2015-10-21T00:00:00", "naslFamily": "Fedora Local Security Checks", "objectVersion": "1.2", "pluginID": "32037", "published": "2008-04-25T00:00:00", "references": ["https://bugzilla.redhat.com/show_bug.cgi?id=437301", "https://bugzilla.redhat.com/show_bug.cgi?id=437320", "http://www.nessus.org/u?48c04c5f"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2008-3220.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(32037);\n script_version (\"$Revision: 1.13 $\");\n script_cvs_date(\"$Date: 2015/10/21 22:13:39 $\");\n\n script_cve_id(\"CVE-2008-0892\", \"CVE-2008-0893\");\n script_xref(name:\"FEDORA\", value:\"2008-3220\");\n\n script_name(english:\"Fedora 8 : fedora-ds-admin-1.1.4-1.fc8 (2008-3220)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This release addresses two security vulerabilities in the package: -\nshell command injection in CGI replication monitor (CVE-2008-0892) -\nunrestricted access to CGI scripts (CVE-2008-0893) Fix Description:\nRemove ScriptAlias for bin/admin/admin/bin - do not use that directory\nfor CGI URIs - use only protected URIs for CGIs requiring\nauthentication Remove most CGI parameters from repl-monitor-cgi.pl -\nuser must supply replmon.conf in the admin server config directory\ninstead of passing in this pathname - repl-monitor-cgi.pl does not use\nsystem to call repl-monitor.pl, it 'includes' that script (using perl\nimport).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=437301\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=437320\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-April/009411.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?48c04c5f\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected fedora-ds-admin package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'D2ExploitPack');\n script_cwe_id(264);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:fedora-ds-admin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:8\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/04/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/04/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2015 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 8.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC8\", reference:\"fedora-ds-admin-1.1.4-1.fc8\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"fedora-ds-admin\");\n}\n", "title": "Fedora 8 : fedora-ds-admin-1.1.4-1.fc8 (2008-3220)", "type": "nessus", "viewCount": 0}, "differentElements": ["modified", "sourceData"], "edition": 1, "lastseen": "2016-09-26T17:24:24"}], "edition": 7, "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cpe", "hash": "267e930787c7a1bac5fbc3572627e517"}, {"key": "cvelist", "hash": "06d124e1d14d0213ca180a4b8ec0dfe0"}, {"key": "cvss", "hash": "4ea840ff73b6affb0ff1787d26923e0e"}, {"key": "description", "hash": "4035bb63b3038a0778fdb3768527e948"}, {"key": "href", "hash": "c4c3bbef20008b9e3105ec23c7fa2b55"}, {"key": "modified", "hash": "f73a7def4acb756ae33e8fc8d23622eb"}, {"key": "naslFamily", "hash": "be931514784f88df80712740ad2723e7"}, {"key": "pluginID", "hash": "f3a3d61b07332233ac57e4f232725e18"}, {"key": "published", "hash": "a01f5d5486e7ba23cf360ce8155d1ca1"}, {"key": "references", "hash": "2f0b60f2df94d74d5c102ecb12d1c3e7"}, {"key": "reporter", "hash": "9cf00d658b687f030ebe173a0528c567"}, {"key": "sourceData", "hash": "0c13e3ba9348dd2d72ee4063b0ffbd16"}, {"key": "title", "hash": "00a236303b1db5c592310bf19f5b2293"}, {"key": "type", "hash": "5e0bd03bec244039678f2b955a2595aa"}], "hash": "97676b5dd5598399b385435685061815d612401a0134de302e5f8e97a3beea2a", "viewCount": 1, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2008-0893", "CVE-2008-0892"]}, {"type": "openvas", "idList": ["OPENVAS:860520", "OPENVAS:860690", "OPENVAS:835174", "OPENVAS:1361412562310835174"]}, {"type": "nessus", "idList": ["FEDORA_2008-3214.NASL", "RH_DIRSERV_REMOTE_CMD_EXEC.NASL"]}, {"type": "redhat", "idList": ["RHSA-2008:0201"]}, {"type": "d2", "idList": ["D2SEC_DSADMIN"]}], "modified": "2019-02-21T01:10:53"}, "score": {"value": 7.5, "vector": "NONE"}, "vulnersScore": 7.5}, "objectVersion": "1.3", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2008-3220.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(32037);\n script_version (\"$Revision: 1.14 $\");\n script_cvs_date(\"$Date: 2016/12/08 20:11:36 $\");\n\n script_cve_id(\"CVE-2008-0892\", \"CVE-2008-0893\");\n script_xref(name:\"FEDORA\", value:\"2008-3220\");\n\n script_name(english:\"Fedora 8 : fedora-ds-admin-1.1.4-1.fc8 (2008-3220)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This release addresses two security vulerabilities in the package: -\nshell command injection in CGI replication monitor (CVE-2008-0892) -\nunrestricted access to CGI scripts (CVE-2008-0893) Fix Description:\nRemove ScriptAlias for bin/admin/admin/bin - do not use that directory\nfor CGI URIs - use only protected URIs for CGIs requiring\nauthentication Remove most CGI parameters from repl-monitor-cgi.pl -\nuser must supply replmon.conf in the admin server config directory\ninstead of passing in this pathname - repl-monitor-cgi.pl does not use\nsystem to call repl-monitor.pl, it 'includes' that script (using perl\nimport).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=437301\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=437320\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-April/009411.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?48c04c5f\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected fedora-ds-admin package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'D2ExploitPack');\n script_cwe_id(20, 264);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:fedora-ds-admin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:8\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/04/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/04/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2016 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 8.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC8\", reference:\"fedora-ds-admin-1.1.4-1.fc8\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"fedora-ds-admin\");\n}\n", "naslFamily": "Fedora Local Security Checks", "pluginID": "32037", "cpe": ["cpe:/o:fedoraproject:fedora:8", "p-cpe:/a:fedoraproject:fedora:fedora-ds-admin"], "scheme": null}

{"cve": [{"lastseen": "2017-08-08T11:24:31", "bulletinFamily": "NVD", "description": "Red Hat Administration Server, as used by Red Hat Directory Server 8.0 EL4 and EL5, does not properly restrict access to CGI scripts, which allows remote attackers to perform administrative actions.", "modified": "2017-08-07T21:29:45", "published": "2008-04-16T14:05:00", "id": "CVE-2008-0893", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-0893", "title": "CVE-2008-0893", "type": "cve", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-11-01T05:11:55", "bulletinFamily": "NVD", "description": "The replication monitor CGI script (repl-monitor-cgi.pl) in Red Hat Administration Server, as used by Red Hat Directory Server 8.0 EL4 and EL5, allows remote attackers to execute arbitrary commands.", "modified": "2018-10-30T12:26:21", "published": "2008-04-16T14:05:00", "id": "CVE-2008-0892", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-0892", "title": "CVE-2008-0892", "type": "cve", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "openvas": [{"lastseen": "2017-07-25T10:56:18", "bulletinFamily": "scanner", "description": "Check for the Version of fedora-ds-admin", "modified": "2017-07-10T00:00:00", "published": "2009-02-17T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=860520", "id": "OPENVAS:860520", "title": "Fedora Update for fedora-ds-admin FEDORA-2008-3214", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for fedora-ds-admin FEDORA-2008-3214\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"fedora-ds-admin on Fedora 7\";\ntag_insight = \"Fedora Administration Server is an HTTP agent that provides management features\n for Fedora Directory Server. It provides some management web apps that can\n be used through a web browser. It provides the authentication, access control,\n and CGI utilities used by the console.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00380.html\");\n script_id(860520);\n script_version(\"$Revision: 6623 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:10:20 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-17 16:43:56 +0100 (Tue, 17 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2008-3214\");\n script_cve_id(\"CVE-2008-0892\", \"CVE-2008-0893\");\n script_name( \"Fedora Update for fedora-ds-admin FEDORA-2008-3214\");\n\n script_summary(\"Check for the Version of fedora-ds-admin\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC7\")\n{\n\n if ((res = isrpmvuln(pkg:\"fedora-ds-admin\", rpm:\"fedora-ds-admin~1.1.4~1.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:56:29", "bulletinFamily": "scanner", "description": "Check for the Version of fedora-ds-admin", "modified": "2017-07-10T00:00:00", "published": "2009-02-17T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=860690", "id": "OPENVAS:860690", "title": "Fedora Update for fedora-ds-admin FEDORA-2008-3220", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for fedora-ds-admin FEDORA-2008-3220\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"fedora-ds-admin on Fedora 8\";\ntag_insight = \"Fedora Administration Server is an HTTP agent that provides management features\n for Fedora Directory Server. It provides some management web apps that can\n be used through a web browser. It provides the authentication, access control,\n and CGI utilities used by the console.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00386.html\");\n script_id(860690);\n script_version(\"$Revision: 6623 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:10:20 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-17 16:43:56 +0100 (Tue, 17 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2008-3220\");\n script_cve_id(\"CVE-2008-0892\", \"CVE-2008-0893\");\n script_name( \"Fedora Update for fedora-ds-admin FEDORA-2008-3220\");\n\n script_summary(\"Check for the Version of fedora-ds-admin\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC8\")\n{\n\n if ((res = isrpmvuln(pkg:\"fedora-ds-admin\", rpm:\"fedora-ds-admin~1.1.4~1.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-09T11:41:45", "bulletinFamily": "scanner", "description": "Check for the Version of Netscape Directory Server (NDS)", "modified": "2018-04-06T00:00:00", "published": "2009-05-05T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310835174", "id": "OPENVAS:1361412562310835174", "type": "openvas", "title": "HP-UX Update for Netscape Directory Server (NDS) HPSBUX02324", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# HP-UX Update for Netscape Directory Server (NDS) HPSBUX02324\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_impact = \"Local gain extended privileges.\";\ntag_affected = \"Netscape Directory Server (NDS) on\n HP-UX B.11.11, B.11.23, and B.11.31 running Netscape Directory Server (NDS) \n vB.06.21.40 or earlier and vB.07.10.40 or earlier.\";\ntag_insight = \"A potential security vulnerability has been identified with HP-UX running \n Netscape Directory Server (NDS). The vulnerability could be used locally to \n gain extended privileges.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c01433676-1\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.835174\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-05-05 12:14:23 +0200 (Tue, 05 May 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_xref(name: \"HPSBUX\", value: \"02324\");\n script_cve_id(\"CVE-2008-0892\");\n script_name( \"HP-UX Update for Netscape Directory Server (NDS) HPSBUX02324\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of Netscape Directory Server (NDS)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"HP-UX Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/hp_hp-ux\", \"ssh/login/release\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-hpux.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"HPUX11.31\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"NetscapeDirSvr7.NDS-ADM\", revision:\"B.07.10.40\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"NetscapeDirSvr7.NDS-BASE\", revision:\"B.07.10.40\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"NetscapeDirSvr7.NDS-BSCLNT\", revision:\"B.07.10.40\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"NetscapeDirSvr7.NDS-BSJRE\", revision:\"B.07.10.40\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"NetscapeDirSvr7.NDS-NC\", revision:\"B.07.10.40\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"NetscapeDirSvr7.NDS-NSPERL\", revision:\"B.07.10.40\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"NetscapeDirSvr7.NDS-PERLDAP\", revision:\"B.07.10.40\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"NetscapeDirSvr7.NDS-RUN\", revision:\"B.07.10.40\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"NetscapeDirSvr7.NDS-SLAPD\", revision:\"B.07.10.40\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"NetscapeDirSvr7.NDS-SLCLNT\", revision:\"B.07.10.40\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"NetscapeDirSvr7.NDS-SVCORE\", revision:\"B.07.10.40\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"NetscapeDirSvr6.NDS-ADM\", revision:\"B.06.21.60\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"NetscapeDirSvr6.NDS-BASE\", revision:\"B.06.21.60\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"NetscapeDirSvr6.NDS-BSCLNT\", revision:\"B.06.21.60\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"NetscapeDirSvr6.NDS-BSJRE\", revision:\"B.06.21.60\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"NetscapeDirSvr6.NDS-NC\", revision:\"B.06.21.60\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"NetscapeDirSvr6.NDS-NSPERL\", revision:\"B.06.21.60\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"NetscapeDirSvr6.NDS-PERLDAP\", revision:\"B.06.21.60\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"NetscapeDirSvr6.NDS-RUN\", revision:\"B.06.21.60\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"NetscapeDirSvr6.NDS-SLAPD\", revision:\"B.06.21.60\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"NetscapeDirSvr6.NDS-SLCLNT\", revision:\"B.06.21.60\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"NetscapeDirSvr6.NDS-SVCORE\", revision:\"B.06.21.60\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"HPUX11.23\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"NetscapeDirSvr7.NDS-ADM\", revision:\"B.07.10.40\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"NetscapeDirSvr7.NDS-BASE\", revision:\"B.07.10.40\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"NetscapeDirSvr7.NDS-BSCLNT\", revision:\"B.07.10.40\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"NetscapeDirSvr7.NDS-BSJRE\", revision:\"B.07.10.40\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"NetscapeDirSvr7.NDS-NC\", revision:\"B.07.10.40\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"NetscapeDirSvr7.NDS-NSPERL\", revision:\"B.07.10.40\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"NetscapeDirSvr7.NDS-PERLDAP\", revision:\"B.07.10.40\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"NetscapeDirSvr7.NDS-RUN\", revision:\"B.07.10.40\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"NetscapeDirSvr7.NDS-SLAPD\", revision:\"B.07.10.40\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"NetscapeDirSvr7.NDS-SLCLNT\", revision:\"B.07.10.40\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"NetscapeDirSvr7.NDS-SVCORE\", revision:\"B.07.10.40\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"NetscapeDirSvr6.NDS-ADM\", revision:\"B.06.21.60\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"NetscapeDirSvr6.NDS-BASE\", revision:\"B.06.21.60\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"NetscapeDirSvr6.NDS-BSCLNT\", revision:\"B.06.21.60\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"NetscapeDirSvr6.NDS-BSJRE\", revision:\"B.06.21.60\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"NetscapeDirSvr6.NDS-NC\", revision:\"B.06.21.60\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"NetscapeDirSvr6.NDS-NSPERL\", revision:\"B.06.21.60\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"NetscapeDirSvr6.NDS-PERLDAP\", revision:\"B.06.21.60\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"NetscapeDirSvr6.NDS-RUN\", revision:\"B.06.21.60\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"NetscapeDirSvr6.NDS-SLAPD\", revision:\"B.06.21.60\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"NetscapeDirSvr6.NDS-SLCLNT\", revision:\"B.06.21.60\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"NetscapeDirSvr6.NDS-SVCORE\", revision:\"B.06.21.60\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"HPUX11.11\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"NetscapeDirSvr7.NDS-ADM\", revision:\"B.07.10.40\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"NetscapeDirSvr7.NDS-BASE\", revision:\"B.07.10.40\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"NetscapeDirSvr7.NDS-BSCLNT\", revision:\"B.07.10.40\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"NetscapeDirSvr7.NDS-BSJRE\", revision:\"B.07.10.40\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"NetscapeDirSvr7.NDS-NC\", revision:\"B.07.10.40\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"NetscapeDirSvr7.NDS-NSPERL\", revision:\"B.07.10.40\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"NetscapeDirSvr7.NDS-PERLDAP\", revision:\"B.07.10.40\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"NetscapeDirSvr7.NDS-RUN\", revision:\"B.07.10.40\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"NetscapeDirSvr7.NDS-SLAPD\", revision:\"B.07.10.40\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"NetscapeDirSvr7.NDS-SLCLNT\", revision:\"B.07.10.40\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"NetscapeDirSvr7.NDS-SVCORE\", revision:\"B.07.10.40\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"NetscapeDirSvr6.NDS-ADM\", revision:\"B.06.21.60\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"NetscapeDirSvr6.NDS-BASE\", revision:\"B.06.21.60\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"NetscapeDirSvr6.NDS-BSCLNT\", revision:\"B.06.21.60\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"NetscapeDirSvr6.NDS-BSJRE\", revision:\"B.06.21.60\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"NetscapeDirSvr6.NDS-NC\", revision:\"B.06.21.60\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"NetscapeDirSvr6.NDS-NSPERL\", revision:\"B.06.21.60\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"NetscapeDirSvr6.NDS-PERLDAP\", revision:\"B.06.21.60\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"NetscapeDirSvr6.NDS-RUN\", revision:\"B.06.21.60\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"NetscapeDirSvr6.NDS-SLAPD\", revision:\"B.06.21.60\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"NetscapeDirSvr6.NDS-SLCLNT\", revision:\"B.06.21.60\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"NetscapeDirSvr6.NDS-SVCORE\", revision:\"B.06.21.60\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:57:13", "bulletinFamily": "scanner", "description": "Check for the Version of Netscape Directory Server (NDS)", "modified": "2017-07-06T00:00:00", "published": "2009-05-05T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=835174", "id": "OPENVAS:835174", "title": "HP-UX Update for Netscape Directory Server (NDS) HPSBUX02324", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# HP-UX Update for Netscape Directory Server (NDS) HPSBUX02324\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_impact = \"Local gain extended privileges.\";\ntag_affected = \"Netscape Directory Server (NDS) on\n HP-UX B.11.11, B.11.23, and B.11.31 running Netscape Directory Server (NDS) \n vB.06.21.40 or earlier and vB.07.10.40 or earlier.\";\ntag_insight = \"A potential security vulnerability has been identified with HP-UX running \n Netscape Directory Server (NDS). The vulnerability could be used locally to \n gain extended privileges.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c01433676-1\");\n script_id(835174);\n script_version(\"$Revision: 6584 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 16:13:23 +0200 (Thu, 06 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-05-05 12:14:23 +0200 (Tue, 05 May 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_xref(name: \"HPSBUX\", value: \"02324\");\n script_cve_id(\"CVE-2008-0892\");\n script_name( \"HP-UX Update for Netscape Directory Server (NDS) HPSBUX02324\");\n\n script_summary(\"Check for the Version of Netscape Directory Server (NDS)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"HP-UX Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/hp_hp-ux\", \"ssh/login/release\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-hpux.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"HPUX11.31\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"NetscapeDirSvr7.NDS-ADM\", revision:\"B.07.10.40\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"NetscapeDirSvr7.NDS-BASE\", revision:\"B.07.10.40\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"NetscapeDirSvr7.NDS-BSCLNT\", revision:\"B.07.10.40\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"NetscapeDirSvr7.NDS-BSJRE\", revision:\"B.07.10.40\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"NetscapeDirSvr7.NDS-NC\", revision:\"B.07.10.40\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"NetscapeDirSvr7.NDS-NSPERL\", revision:\"B.07.10.40\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"NetscapeDirSvr7.NDS-PERLDAP\", revision:\"B.07.10.40\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"NetscapeDirSvr7.NDS-RUN\", revision:\"B.07.10.40\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"NetscapeDirSvr7.NDS-SLAPD\", revision:\"B.07.10.40\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"NetscapeDirSvr7.NDS-SLCLNT\", revision:\"B.07.10.40\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"NetscapeDirSvr7.NDS-SVCORE\", revision:\"B.07.10.40\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"NetscapeDirSvr6.NDS-ADM\", revision:\"B.06.21.60\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"NetscapeDirSvr6.NDS-BASE\", revision:\"B.06.21.60\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"NetscapeDirSvr6.NDS-BSCLNT\", revision:\"B.06.21.60\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"NetscapeDirSvr6.NDS-BSJRE\", revision:\"B.06.21.60\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"NetscapeDirSvr6.NDS-NC\", revision:\"B.06.21.60\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"NetscapeDirSvr6.NDS-NSPERL\", revision:\"B.06.21.60\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"NetscapeDirSvr6.NDS-PERLDAP\", revision:\"B.06.21.60\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"NetscapeDirSvr6.NDS-RUN\", revision:\"B.06.21.60\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"NetscapeDirSvr6.NDS-SLAPD\", revision:\"B.06.21.60\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"NetscapeDirSvr6.NDS-SLCLNT\", revision:\"B.06.21.60\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"NetscapeDirSvr6.NDS-SVCORE\", revision:\"B.06.21.60\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"HPUX11.23\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"NetscapeDirSvr7.NDS-ADM\", revision:\"B.07.10.40\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"NetscapeDirSvr7.NDS-BASE\", revision:\"B.07.10.40\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"NetscapeDirSvr7.NDS-BSCLNT\", revision:\"B.07.10.40\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"NetscapeDirSvr7.NDS-BSJRE\", revision:\"B.07.10.40\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"NetscapeDirSvr7.NDS-NC\", revision:\"B.07.10.40\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"NetscapeDirSvr7.NDS-NSPERL\", revision:\"B.07.10.40\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"NetscapeDirSvr7.NDS-PERLDAP\", revision:\"B.07.10.40\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"NetscapeDirSvr7.NDS-RUN\", revision:\"B.07.10.40\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"NetscapeDirSvr7.NDS-SLAPD\", revision:\"B.07.10.40\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"NetscapeDirSvr7.NDS-SLCLNT\", revision:\"B.07.10.40\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"NetscapeDirSvr7.NDS-SVCORE\", revision:\"B.07.10.40\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"NetscapeDirSvr6.NDS-ADM\", revision:\"B.06.21.60\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"NetscapeDirSvr6.NDS-BASE\", revision:\"B.06.21.60\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"NetscapeDirSvr6.NDS-BSCLNT\", revision:\"B.06.21.60\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"NetscapeDirSvr6.NDS-BSJRE\", revision:\"B.06.21.60\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"NetscapeDirSvr6.NDS-NC\", revision:\"B.06.21.60\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"NetscapeDirSvr6.NDS-NSPERL\", revision:\"B.06.21.60\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"NetscapeDirSvr6.NDS-PERLDAP\", revision:\"B.06.21.60\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"NetscapeDirSvr6.NDS-RUN\", revision:\"B.06.21.60\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"NetscapeDirSvr6.NDS-SLAPD\", revision:\"B.06.21.60\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"NetscapeDirSvr6.NDS-SLCLNT\", revision:\"B.06.21.60\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"NetscapeDirSvr6.NDS-SVCORE\", revision:\"B.06.21.60\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"HPUX11.11\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"NetscapeDirSvr7.NDS-ADM\", revision:\"B.07.10.40\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"NetscapeDirSvr7.NDS-BASE\", revision:\"B.07.10.40\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"NetscapeDirSvr7.NDS-BSCLNT\", revision:\"B.07.10.40\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"NetscapeDirSvr7.NDS-BSJRE\", revision:\"B.07.10.40\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"NetscapeDirSvr7.NDS-NC\", revision:\"B.07.10.40\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"NetscapeDirSvr7.NDS-NSPERL\", revision:\"B.07.10.40\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"NetscapeDirSvr7.NDS-PERLDAP\", revision:\"B.07.10.40\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"NetscapeDirSvr7.NDS-RUN\", revision:\"B.07.10.40\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"NetscapeDirSvr7.NDS-SLAPD\", revision:\"B.07.10.40\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"NetscapeDirSvr7.NDS-SLCLNT\", revision:\"B.07.10.40\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"NetscapeDirSvr7.NDS-SVCORE\", revision:\"B.07.10.40\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"NetscapeDirSvr6.NDS-ADM\", revision:\"B.06.21.60\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"NetscapeDirSvr6.NDS-BASE\", revision:\"B.06.21.60\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"NetscapeDirSvr6.NDS-BSCLNT\", revision:\"B.06.21.60\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"NetscapeDirSvr6.NDS-BSJRE\", revision:\"B.06.21.60\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"NetscapeDirSvr6.NDS-NC\", revision:\"B.06.21.60\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"NetscapeDirSvr6.NDS-NSPERL\", revision:\"B.06.21.60\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"NetscapeDirSvr6.NDS-PERLDAP\", revision:\"B.06.21.60\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"NetscapeDirSvr6.NDS-RUN\", revision:\"B.06.21.60\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"NetscapeDirSvr6.NDS-SLAPD\", revision:\"B.06.21.60\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"NetscapeDirSvr6.NDS-SLCLNT\", revision:\"B.06.21.60\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"NetscapeDirSvr6.NDS-SVCORE\", revision:\"B.06.21.60\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2019-02-21T01:10:53", "bulletinFamily": "scanner", "description": "This release addresses two security vulerabilities in the package: - shell command injection in CGI replication monitor (CVE-2008-0892) - unrestricted access to CGI scripts (CVE-2008-0893) Fix Description:\nRemove ScriptAlias for bin/admin/admin/bin - do not use that directory for CGI URIs - use only protected URIs for CGIs requiring authentication Remove most CGI parameters from repl-monitor-cgi.pl - user must supply replmon.conf in the admin server config directory instead of passing in this pathname - repl-monitor-cgi.pl does not use system to call repl-monitor.pl, it 'includes' that script (using perl import).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "modified": "2016-12-08T00:00:00", "id": "FEDORA_2008-3214.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=32036", "published": "2008-04-25T00:00:00", "title": "Fedora 7 : fedora-ds-admin-1.1.4-1.fc7 (2008-3214)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2008-3214.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(32036);\n script_version (\"$Revision: 1.14 $\");\n script_cvs_date(\"$Date: 2016/12/08 20:11:36 $\");\n\n script_cve_id(\"CVE-2008-0892\", \"CVE-2008-0893\");\n script_xref(name:\"FEDORA\", value:\"2008-3214\");\n\n script_name(english:\"Fedora 7 : fedora-ds-admin-1.1.4-1.fc7 (2008-3214)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This release addresses two security vulerabilities in the package: -\nshell command injection in CGI replication monitor (CVE-2008-0892) -\nunrestricted access to CGI scripts (CVE-2008-0893) Fix Description:\nRemove ScriptAlias for bin/admin/admin/bin - do not use that directory\nfor CGI URIs - use only protected URIs for CGIs requiring\nauthentication Remove most CGI parameters from repl-monitor-cgi.pl -\nuser must supply replmon.conf in the admin server config directory\ninstead of passing in this pathname - repl-monitor-cgi.pl does not use\nsystem to call repl-monitor.pl, it 'includes' that script (using perl\nimport).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=437301\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=437320\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-April/009405.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?11d70b74\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected fedora-ds-admin package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'D2ExploitPack');\n script_cwe_id(20, 264);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:fedora-ds-admin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:7\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/04/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/04/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2016 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 7.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC7\", reference:\"fedora-ds-admin-1.1.4-1.fc7\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"fedora-ds-admin\");\n}\n", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:10:53", "bulletinFamily": "scanner", "description": "The remote host is running RedHat or Fedora Directory Server Admin Service. \n\nThe version of this software installed on the remote host is vulnerable to remote command execution flaw through the argument 'admurl' of the script '/bin/admin/admin/bin/download'. A malicious user could exploit this flaw to execute arbitrary commands on the remote host.", "modified": "2018-07-27T00:00:00", "id": "RH_DIRSERV_REMOTE_CMD_EXEC.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=32032", "published": "2008-04-23T00:00:00", "title": "Red Hat Administration Server (redhat-ds-admin) Multiple Remote Vulnerabilities", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif(description)\n{\n script_id(32032);\n script_version(\"1.14\");\n\n script_cve_id(\"CVE-2008-0892\",\"CVE-2008-0893\");\n script_bugtraq_id(28802);\n script_xref(name:\"RHSA\", value:\"2008:0199\");\n script_xref(name:\"RHSA\", value:\"2008:0201\");\n \n script_name(english:\"Red Hat Administration Server (redhat-ds-admin) Multiple Remote Vulnerabilities\");\n \n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server contains a CGI script that is prone to arbitrary\ncommand execution.\" );\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is running RedHat or Fedora Directory Server Admin\nService. \n\nThe version of this software installed on the remote host is\nvulnerable to remote command execution flaw through the argument\n'admurl' of the script '/bin/admin/admin/bin/download'. A malicious\nuser could exploit this flaw to execute arbitrary commands on the\nremote host.\" );\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to ds-admin 1.1.4 or later.\" );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No exploit is required\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'D2ExploitPack');\n script_cwe_id(20, 264);\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2008/04/23\");\n script_cvs_date(\"Date: 2018/07/27 18:38:14\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_end_attributes();\n \n script_summary(english:\"Checks for RedHat/Fedora Directory Server repl-monitor-cgi.pl remote command execution flaw\");\n \n script_category(ACT_ATTACK);\n \n script_copyright(english:\"This script is Copyright (C) 2008-2018 Tenable Network Security, Inc.\");\n script_family(english:\"CGI abuses\");\n\n script_dependencie(\"http_version.nasl\");\n script_exclude_keys(\"Settings/disable_cgi_scanning\");\n script_require_ports(\"Services/www\", 9830);\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\n\nbanner = get_http_banner(port:9830);\nif (\"Server: Apache\" >!< banner) exit(0);\n\nhttp_check_remote_code (\n default_port:9830,\n\t\t\tunique_dir:\"/dist\",\n\t\t\tcheck_request:'/repl-monitor-cgi.pl?admurl=toto&plop=\";id;\"',\n\t\t\textra_check:\"<p>Error: Missing configuration file.\",\n\t\t\tcheck_result:\"uid=[0-9]+.*gid=[0-9]+.*\",\n\t\t\tcommand:\"id\"\n\t\t\t);\n", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "redhat": [{"lastseen": "2018-12-11T17:42:22", "bulletinFamily": "unix", "description": "Red Hat Administration Server is an HTTP agent that provides management\r\nfeatures for Red Hat Directory Server, an LDAPv3 compliant server.\r\n\r\nA shell command injection flaw was discovered in the Red Hat Administration\r\nServer replication monitor CGI script used by Red Hat Directory Server 8.0.\r\nAn attacker with access to the replication monitor web page could execute\r\narbitrary shell commands with the privileges of the Administration Server.\r\nPlease Note: by default, the Red Hat Administration Server is run as the\r\nunprivileged user, \"nobody\". (CVE-2008-0892)\r\n\r\nIt was discovered that the Red Hat Administration Server did to properly\r\nrestrict access to CGI scripts. An unauthenticated remote user with access\r\nto the TCP port used by the Administration Server could access information\r\nor perform certain tasks that should have been restricted to Directory\r\nServer administrative users. Please note: by default the Red Hat\r\nAdministration Server uses port 9830, although this can be changed by the\r\nRed Hat Directory Server administrator. (CVE-2008-0893)\r\n\r\nIn combination, these two flaws allowed an unauthenticated remote attacker\r\nable to access the Red Hat Administration Server TCP port to run arbitrary\r\ncode as the user \"nobody\".\r\n\r\nAll users of Red Hat Directory Server should upgrade to this updated\r\npackage, which addresses these vulnerabilities.\r\n", "modified": "2017-09-08T12:08:08", "published": "2008-04-15T04:00:00", "id": "RHSA-2008:0201", "href": "https://access.redhat.com/errata/RHSA-2008:0201", "type": "redhat", "title": "(RHSA-2008:0201) Critical: redhat-ds-admin security update", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "d2": [{"lastseen": "2016-09-25T14:10:51", "bulletinFamily": "exploit", "description": "**Name**| d2sec_dsadmin \n---|--- \n**CVE**| CVE-2008-0892 \n**Exploit Pack**| [D2ExploitPack](<http://http://www.d2sec.com/products.htm>) \n**Description**| RedHat Administration Server Exploit \n**Notes**| \n", "modified": "2008-04-16T14:05:00", "published": "2008-04-16T14:05:00", "id": "D2SEC_DSADMIN", "href": "http://exploitlist.immunityinc.com/home/exploitpack/D2ExploitPack/d2sec_dsadmin", "title": "DSquare Exploit Pack: D2SEC_DSADMIN", "type": "d2", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}