The remote host is affected by the vulnerability described in GLSA-200705-17 (Apache mod_security: Rule bypass)
Stefan Esser discovered that mod_security processes NULL characters as terminators in POST requests using the application/x-www-form-urlencoded encoding type, while other parsers used in web applications do not.
Impact :
A remote attacker could send a specially crafted POST request, possibly bypassing the module ruleset and leading to the execution of arbitrary code in the scope of the web server with the rights of the user running the web server.
Workaround :
There is no known workaround at this time.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Gentoo Linux Security Advisory GLSA 200705-17.
#
# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.
# and licensed under the Creative Commons - Attribution / Share Alike
# license. See http://creativecommons.org/licenses/by-sa/3.0/
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(25288);
script_version("1.17");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/06");
script_cve_id("CVE-2007-1359");
script_xref(name:"GLSA", value:"200705-17");
script_name(english:"GLSA-200705-17 : Apache mod_security: Rule bypass");
script_summary(english:"Checks for updated package(s) in /var/db/pkg");
script_set_attribute(
attribute:"synopsis",
value:
"The remote Gentoo host is missing one or more security-related
patches."
);
script_set_attribute(
attribute:"description",
value:
"The remote host is affected by the vulnerability described in GLSA-200705-17
(Apache mod_security: Rule bypass)
Stefan Esser discovered that mod_security processes NULL characters as
terminators in POST requests using the
application/x-www-form-urlencoded encoding type, while other parsers
used in web applications do not.
Impact :
A remote attacker could send a specially crafted POST request, possibly
bypassing the module ruleset and leading to the execution of arbitrary
code in the scope of the web server with the rights of the user running
the web server.
Workaround :
There is no known workaround at this time."
);
script_set_attribute(
attribute:"see_also",
value:"https://security.gentoo.org/glsa/200705-17"
);
script_set_attribute(
attribute:"solution",
value:
"All mod_security users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose '>=www-apache/mod_security-2.1.1'"
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:mod_security");
script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux");
script_set_attribute(attribute:"patch_publication_date", value:"2007/05/17");
script_set_attribute(attribute:"plugin_publication_date", value:"2007/05/21");
script_set_attribute(attribute:"vuln_publication_date", value:"2007/03/06");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.");
script_family(english:"Gentoo Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("qpkg.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo");
if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
flag = 0;
if (qpkg_check(package:"www-apache/mod_security", unaffected:make_list("ge 2.1.1"), vulnerable:make_list("lt 2.1.1"))) flag++;
if (flag)
{
if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());
else security_warning(0);
exit(0);
}
else
{
tested = qpkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Apache mod_security");
}
Vendor | Product | Version | CPE |
---|---|---|---|
gentoo | linux | cpe:/o:gentoo:linux | |
gentoo | linux | mod_security | p-cpe:/a:gentoo:linux:mod_security |