Lucene search
This script is Copyright (C) 2000-2018 Tenable Network Security, Inc.GNAPSTER_GET_FILE.NASLHistoryMay 12, 2000 - 12:00 a.m.
Gnapster Absolute Path Name Request Arbitrary File Access
2000-05-1200:00:00
This script is Copyright (C) 2000-2018 Tenable Network Security, Inc.
www.tenable.com
47
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.042 Low
EPSS
Percentile
92.3%
An insecure Napster clone (e.g. Gnapster or Knapster) is running on the remote computer, which allows an intruder to read arbitrary files on this system, regardless of the shared status of the files.
#
# (C) Tenable Network Security, Inc.
#
include("compat.inc");
if(description)
{
script_id(10408);
script_version ("1.26");
script_cve_id("CVE-2000-0412");
script_bugtraq_id(1186);
script_name(english:"Gnapster Absolute Path Name Request Arbitrary File Access");
script_summary(english:"Detect the presence of a Napster client clone");
script_set_attribute(attribute:"synopsis", value:
"The remote host has a P2P file sharing application installed." );
script_set_attribute(attribute:"description", value:
"An insecure Napster clone (e.g. Gnapster or Knapster) is running on
the remote computer, which allows an intruder to read arbitrary files
on this system, regardless of the shared status of the files." );
script_set_attribute(attribute:"see_also", value:"https://seclists.org/bugtraq/2000/May/132" );
script_set_attribute(attribute:"solution", value:
"If this is Gnapster, upgrade to version 1.3.9 or later, as this
reportedly fixes the issue." );
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"plugin_publication_date", value: "2000/05/12");
script_set_attribute(attribute:"vuln_publication_date", value: "2000/05/10");
script_cvs_date("Date: 2018/11/15 20:50:24");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2000-2018 Tenable Network Security, Inc.");
script_family(english:"Peer-To-Peer File Sharing");
script_require_keys("Services/napster");
script_require_ports("Services/napster", 6699);
script_dependencies("find_service1.nasl");
exit(0);
}
#
# The script code starts here
#
port = get_kb_item("Services/napster");
if (!port) port = 6699;
if (get_port_state(port))
{
soc = open_sock_tcp(port);
if (soc)
{
r = recv(socket:soc, length:1024);
send(socket:soc, data:"GET");
str = string("Nessus ", raw_string(0x22), "\\etc\\passwd", raw_string(0x22), " 9");
send(socket:soc, data:str);
r = recv(socket:soc, length:4096);
if("root:" >< r)
{
security_hole(port);
}
close(soc);
}
}
Related
nvd
nvd
CVE-2000-0412
1999-05-01 04:00:00
cvelist
cvelist
CVE-2000-0412
2000-06-15 04:00:00
cve
cve
CVE-2000-0412
2000-06-15 04:00:00
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.042 Low
EPSS
Percentile
92.3%
Related for GNAPSTER_GET_FILE.NASL