Lucene search
K

Rocket Software UniData < 7.3 unidata72 Remote Command Execution (credentialed check)

🗓️ 20 Jun 2012 00:00:00Reported by TenableType 
nessus
 nessus
🔗 www.tenable.com👁 17 Views

Rocket Software UniData version < 7.3 Remote Command Executio

Refs
Code
#
# (C) Tenable Network Security, Inc.
#

include('compat.inc');

if (description)
{
  script_id(59607);
  script_version("1.7");
  script_cvs_date("Date: 2018/08/08 12:52:15");

  script_bugtraq_id(53974);
  script_xref(name:"TRA", value:"TRA-2012-05");

  script_name(english:"Rocket Software UniData < 7.3 unidata72 Remote Command Execution (credentialed check)");
  script_summary(english:"Checks version of UniData");

  script_set_attribute(attribute:"synopsis", value:
"An RPC service on the remote Windows host allows commands to be run
without authentication.");

  script_set_attribute(attribute:"description", value:
"The version of UniData installed on the remote Windows host is
potentially affected by a code execution vulnerability.  The UniData
RPC service fails to enforce authentication on the unidata72
interface. 

An unauthenticated, remote attacker can exploit this vulnerability to
execute arbitrary code on the remote host with SYSTEM level
privileges.");
  script_set_attribute(attribute:"see_also", value:"https://www.tenable.com/security/research/tra-2012-05");
  script_set_attribute(attribute:"see_also", value:"https://www.usploit.com/index.php?advisories/view/UPS-2012-0012");
  script_set_attribute(attribute:"solution", value:"Upgrade to UniData 7.3 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:ND");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2012/06/09");
  script_set_attribute(attribute:"patch_publication_date", value:"2012/06/09");
  script_set_attribute(attribute:"plugin_publication_date", value:"2012/06/20");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"x-cpe:/a:rocketsoftware:unidata");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows");

  script_copyright(english:"This script is Copyright (C) 2012-2018 Tenable Network Security, Inc.");

  script_dependencies("rocketsoftware_unidata_detect.nasl");
  script_require_keys("SMB/RocketSoftware/UniData/installed");

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");

get_kb_item_or_exit('SMB/RocketSoftware/UniData/installed');
installs = get_kb_list('SMB/RocketSoftware/UniData/*/path');
if (isnull(installs)) exit(1, 'The SMB/RocketSoftware/UniData/*/path KB list is missing.');

vuln = 0;
report = '';
foreach item (keys(installs))
{
  ver = item - 'SMB/RocketSoftware/UniData/';
  ver = ver - '/path';
  ver = split(ver, sep:'.', keep:FALSE);

  version = ver[0] + '.' + ver[1] + '.' + ver[2];
  if (ver_compare(ver:version, fix:'7.3', strict:FALSE) == -1)
  {
    vuln++;
   
    path = installs[item];
    if (isnull(path)) path = 'n/a';

    report = 
      '\n  Path              : ' + path +
      '\n  Installed version : ' + version +
      '\n  Fixed version     : 7.3\n';
  }
}

if (vuln)
{
  if (report_verbosity > 0)
  {
    if (vuln > 1) s = 's of Rocket Software UniData were found ';
    else s = ' of Rocket Software UniData was found ';

    report = 
      '\n  The following vulnerable install' + s + 'on the' +
      '\n  remote host :' +
      '\n' + 
      report + '\n';
    security_hole(port:get_kb_item('SMB/transport'), extra:report);
  }
  else security_hole(port:get_kb_item('SMB/transport'));
  exit(0);
}
else exit(0, 'No vulnerable installs of Rocket Software were detected on the remote host.');

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

08 Aug 2018 12:52Current
6.5Medium risk
Vulners AI Score6.5
17