Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2007-2018 and is owned by Tenable, Inc. or an Affiliate thereof.RUSERS_OUTPUT.NASL
HistoryAug 03, 2002 - 12:00 a.m.

RPC rusers Remote Information Disclosure

2002-08-0300:00:00
This script is Copyright (C) 2007-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
471

0.077 Low

EPSS

Percentile

94.2%

JSON

The rusersd RPC service is running. It provides an attacker interesting information such as how often the system is being used, the names of the users, and more.

#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
 script_id(11058);
 script_version("1.19");
 script_cvs_date("Date: 2018/08/13 14:32:37");

 script_cve_id("CVE-1999-0626");

 script_name(english:"RPC rusers Remote Information Disclosure");
 script_summary(english:"Checks the presence of a RPC service");

 script_set_attribute(attribute:"synopsis", value:"It is possible to enumerate logged in users.");
 script_set_attribute(attribute:"description", value:
"The rusersd RPC service is running.  It provides an attacker
interesting information such as how often the system is being used, the
names of the users, and more.");
 script_set_attribute(attribute:"solution", value:"Disable this service if not needed.");
 script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N");

 script_set_attribute(attribute:"vuln_publication_date", value:"1990/01/01");
 script_set_attribute(attribute:"plugin_publication_date", value:"2002/08/03");

 script_set_attribute(attribute:"plugin_type", value:"remote");
 script_end_attributes();

 script_category(ACT_GATHER_INFO);
 script_copyright(english:"This script is Copyright (C) 2007-2018 and is owned by Tenable, Inc. or an Affiliate thereof.");
 script_family(english:"RPC");

 script_dependencie("rpc_portmap.nasl");
 script_require_keys("rpc/portmap");
 exit(0);
}

#
# The script code starts here
#

include("audit.inc");
include("sunrpc_func.inc");
include("data_protection.inc");

RPC_PROG = 100002;
RUSERSPROC_NAME = 0x02;

port = get_rpc_port2(program:RPC_PROG, protocol:IPPROTO_UDP);

if (! port) exit(0);
if (!get_udp_port_state(port)) audit(AUDIT_PORT_CLOSED, port, "UDP");

soc = open_sock_udp (port);
if (!soc) audit(AUDIT_SOCK_FAIL, port, "UDP");

 udp = TRUE;

 data = NULL;

 packet = rpc_packet (prog:RPC_PROG, vers:2, proc:RUSERSPROC_NAME, data:data, udp:udp);

 data = rpc_sendrecv (socket:soc, packet:packet, udp:udp);
 if (isnull(data) || (strlen(data) < 4))
   exit(0);

 register_stream(s:data);

 users = xdr_getdword();
 report = NULL;

 for (i=0; i<users; i++)
 {
  term = xdr_getstring();
  user = xdr_getstring();
  disp = xdr_getstring();

  xdr_getdword();
  xdr_getdword();

  user = data_protection::sanitize_user_enum(users:user);
  report += string (user, " (", term, ") from ", disp, "\n");
 }

 if (report)
 {
  report = string (
		"Using rusers, we could determine that the following users are logged in :\n\n",
		report
		);
  security_warning(port:port, proto:"udp", extra:report);
 }
 else
  security_warning(port:port, proto:"udp", extra:report);

Related

cvelist 1
cve 1
openvas 1
cvelist
cvelist
CVE-1999-0626
1999-09-29 04:00:00
cve
cve
CVE-1999-0626
1999-09-29 04:00:00
openvas
openvas
Nfs-utils 'rusersd' User Enumeration Vulnerability
2011-08-31 00:00:00

0.077 Low

EPSS

Percentile

94.2%

JSON
Related for RUSERS_OUTPUT.NASL
cvelist1cve1openvas1