Lucene search
K

HP Ignite-UX TFTP File Access Information Disclosure

🗓️ 26 Aug 2005 00:00:00Reported by TenableType 
nessus
 nessus
🔗 www.tenable.com👁 192 Views

The remote host has a TFTP server serving potentially sensitive HP Ignite-UX files that may lead to information disclosure

Code
#
# This NASL script was written by Martin O'Neal of Corsaire (http://www.corsaire.com)
# 
# The script will test whether the remote host has one of a number of sensitive  
# files present on the tftp server
#
# DISCLAIMER
# The information contained within this script is supplied "as-is" with 
# no warranties or guarantees of fitness of use or otherwise. Corsaire 
# accepts no responsibility for any damage caused by the use or misuse of 
# this information.
# 

# Changes by Tenable:
# - Revised plugin title, output formatting, family change (8/22/09)

include("compat.inc");

if(description)
{
	script_id(19508);
	script_version ("$Revision: 1.9 $");
	script_cvs_date("$Date: 2012/09/24 21:48:39 $");

	script_name(english:"HP Ignite-UX TFTP File Access Information Disclosure");

  script_set_attribute(
    attribute:"synopsis",
    value:"The remote TFTP daemon is serving potentially sensitive content."
  );
  script_set_attribute(
    attribute:"description",
    value:
"The remote host has a TFTP server installed that is serving one or
more HP Ignite-UX files.  These files may contain sensitive
information.  A remote attacker could use this information to mount
further attacks."
  );
  script_set_attribute(
    attribute:"solution",
    value:
"Disable the TFTP service if it is not being used.  Otherwise,
restrict access to trusted sources only."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N");
 script_set_attribute(attribute:"plugin_publication_date", value: "2005/08/26");
  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_end_attributes();

	script_summary(english:"Determines if the remote host has sensitive files exposed via TFTP (HP Ignite-UX)");
	script_category(ACT_ATTACK);
	script_copyright(english:"This NASL script is Copyright (C) 2005-2012 Corsaire Limited.");
	script_family(english:"Misc.");
	script_dependencies("tftpd_backdoor.nasl");
	script_require_keys("Services/udp/tftp");
	script_exclude_keys('tftp/backdoor');	# Not wise but quicker
 	exit(0);
}



############## declarations ################

port = get_kb_item('Services/udp/tftp');
if ( ! port ) exit(0);
if ( get_kb_item("tftp/" + port + "/backdoor") ) exit(0);

############## script ################

include("tftp.inc");

# initialise variables

file_list=make_list('/var/opt/ignite/config.local','/var/opt/ignite/local/config','/var/opt/ignite/local/host.info','/var/opt/ignite/local/hw.info','/var/opt/ignite/local/install.log','/var/opt/ignite/local/manifest/manifest','/var/opt/ignite/recovery/makrec.append','/var/opt/ignite/server/ignite.defs','/var/opt/ignite/server/preferences');

# step through files
foreach file_name (file_list)
{
	# request file
	get = tftp_get(port:port,path:file_name);
	if(get)
	{
		tftp_ms_backdoor(data: get, port: port, file: file_name);
		security_warning(port:port,proto:"udp");
		exit(0);
	}
}

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

24 Sep 2012 21:48Current
5.6Medium risk
Vulners AI Score5.6
192