Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2003-2018 Tenable Network Security, Inc.TANNED_FORMAT_STRING.NASL
HistoryMar 28, 2003 - 12:00 a.m.

Tanne netzio.c logger Function Remote Format String

2003-03-2800:00:00
This script is Copyright (C) 2003-2018 Tenable Network Security, Inc.
www.tenable.com
9

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.077 Low

EPSS

Percentile

94.2%

JSON

The remote tanned server contains a format string vulnerability. An attacker may use this flaw to gain a shell on this host.

#
# (C) Tenable Network Security, Inc.
#

# Ref:
# From: "dong-h0un yoU" <[email protected]>
# To: [email protected]
# Date: Tue, 07 Jan 2003 16:59:11 +0800
# Subject: [VulnWatch] [INetCop Security Advisory] Remote format string vulnerability in
#    Tanne.

include("compat.inc");

if (description)
{
 script_id(11495);
 script_version("1.21");
 script_cvs_date("Date: 2018/11/15 20:50:22");

 script_cve_id("CVE-2003-1236");
 script_bugtraq_id(6553);

 script_name(english:"Tanne netzio.c logger Function Remote Format String");
 script_summary(english:"Sends a format string to the remote host");

 script_set_attribute(attribute:"synopsis", value:"The remote service is affected by a format string vulnerability.");
 script_set_attribute(attribute:"description", value:
"The remote tanned server contains a format string vulnerability. An
attacker may use this flaw to gain a shell on this host.");
 script_set_attribute(attribute:"see_also", value:"https://seclists.org/vulnwatch/2003/q1/12");
 script_set_attribute(attribute:"solution", value:"Upgrade to tanned 0.7.1 or disable this service.");
 script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
 script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
 script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
 script_set_attribute(attribute:"exploit_available", value:"true");

 script_set_attribute(attribute:"plugin_publication_date", value:"2003/03/28");

 script_set_attribute(attribute:"potential_vulnerability", value:"true");
 script_set_attribute(attribute:"plugin_type", value:"remote");
 script_end_attributes();

 script_category(ACT_DESTRUCTIVE_ATTACK);
 script_copyright(english:"This script is Copyright (C) 2003-2018 Tenable Network Security, Inc.");
 script_family(english:"Gain a shell remotely");

 script_require_keys("Settings/ParanoidReport");
 script_require_ports(14002, "Services/tanned");

 exit(0);
}

include("audit.inc");
include("global_settings.inc");

if (report_paranoia < 2) audit(AUDIT_PARANOID);


port = get_kb_item("Services/tanned");
if(!port)port = 14002;
if(!get_port_state(port))exit(0);

soc = open_sock_tcp(port);
if(!soc)exit(0);

send(socket:soc, data:string("%d%d%d%d\r\n"));
r = recv_line(socket:soc, length:4096);
if("|F|" >< r)
{
  close(soc);
  soc = open_sock_tcp(port);
  if(!soc)exit(0);

  send(socket:soc, data:string("%n%n%n%n\r\n"));
  r = recv_line(socket:soc, length:4096);
  if(!r)security_hole(port);
}

Related

cve 1
nvd 1
cvelist 1
cve
cve
CVE-2003-1236
2005-11-16 07:37:00
nvd
nvd
CVE-2003-1236
2003-12-31 05:00:00
cvelist
cvelist
CVE-2003-1236
2005-11-16 07:37:00

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.077 Low

EPSS

Percentile

94.2%

JSON
Related for TANNED_FORMAT_STRING.NASL
cve1nvd1cvelist1