Lucene search
Ubuntu Security Notice (C) 2011-2019 Canonical, Inc. / NASL script (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.UBUNTU_USN-1249-1.NASLHistoryOct 28, 2011 - 12:00 a.m.
Ubuntu 8.04 LTS / 10.04 LTS / 10.10 / 11.04 / 11.10 : backuppc vulnerabilites (USN-1249-1)
2011-10-2800:00:00
Ubuntu Security Notice (C) 2011-2019 Canonical, Inc. / NASL script (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
8
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.005 Low
EPSS
Percentile
76.1%
It was discovered that BackupPC did not properly sanitize its input when processing backup browser error messages, resulting in a cross-site scripting (XSS) vulnerability. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data, within the same domain. This issue did not affect Ubuntu 11.10. (CVE-2011-3361)
Jamie Strandboge discovered that BackupPC did not properly sanitize its input when processing log file viewer error messages, resulting in cross-site scripting (XSS) vulnerabilities.
Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Ubuntu Security Notice USN-1249-1. The text
# itself is copyright (C) Canonical, Inc. See
# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered
# trademark of Canonical, Inc.
#
include("compat.inc");
if (description)
{
script_id(56664);
script_version("1.8");
script_cvs_date("Date: 2019/09/19 12:54:27");
script_cve_id("CVE-2011-3361");
script_xref(name:"USN", value:"1249-1");
script_name(english:"Ubuntu 8.04 LTS / 10.04 LTS / 10.10 / 11.04 / 11.10 : backuppc vulnerabilites (USN-1249-1)");
script_summary(english:"Checks dpkg output for updated package.");
script_set_attribute(
attribute:"synopsis",
value:"The remote Ubuntu host is missing a security-related patch."
);
script_set_attribute(
attribute:"description",
value:
"It was discovered that BackupPC did not properly sanitize its input
when processing backup browser error messages, resulting in a
cross-site scripting (XSS) vulnerability. With cross-site scripting
vulnerabilities, if a user were tricked into viewing server output
during a crafted server request, a remote attacker could exploit this
to modify the contents, or steal confidential data, within the same
domain. This issue did not affect Ubuntu 11.10. (CVE-2011-3361)
Jamie Strandboge discovered that BackupPC did not properly sanitize
its input when processing log file viewer error messages, resulting in
cross-site scripting (XSS) vulnerabilities.
Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
);
script_set_attribute(
attribute:"see_also",
value:"https://usn.ubuntu.com/1249-1/"
);
script_set_attribute(
attribute:"solution",
value:"Update the affected backuppc package."
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:backuppc");
script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:10.04:-:lts");
script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:10.10");
script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:11.04");
script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:11.10");
script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:8.04:-:lts");
script_set_attribute(attribute:"vuln_publication_date", value:"2012/02/17");
script_set_attribute(attribute:"patch_publication_date", value:"2011/10/27");
script_set_attribute(attribute:"plugin_publication_date", value:"2011/10/28");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"Ubuntu Security Notice (C) 2011-2019 Canonical, Inc. / NASL script (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"Ubuntu Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
exit(0);
}
include("audit.inc");
include("ubuntu.inc");
include("misc_func.inc");
if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/Ubuntu/release");
if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
release = chomp(release);
if (! preg(pattern:"^(8\.04|10\.04|10\.10|11\.04|11\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 8.04 / 10.04 / 10.10 / 11.04 / 11.10", "Ubuntu " + release);
if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);
flag = 0;
if (ubuntu_check(osver:"8.04", pkgname:"backuppc", pkgver:"3.0.0-4ubuntu1.3")) flag++;
if (ubuntu_check(osver:"10.04", pkgname:"backuppc", pkgver:"3.1.0-9ubuntu1.2")) flag++;
if (ubuntu_check(osver:"10.10", pkgname:"backuppc", pkgver:"3.1.0-9ubuntu2.2")) flag++;
if (ubuntu_check(osver:"11.04", pkgname:"backuppc", pkgver:"3.2.0-3ubuntu4.2")) flag++;
if (ubuntu_check(osver:"11.10", pkgname:"backuppc", pkgver:"3.2.1-1ubuntu1.1")) flag++;
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : ubuntu_report_get()
);
exit(0);
}
else
{
tested = ubuntu_pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "backuppc");
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| canonical | ubuntu_linux | backuppc | p-cpe:/a:canonical:ubuntu_linux:backuppc |
| canonical | ubuntu_linux | 10.04 | cpe:/o:canonical:ubuntu_linux:10.04:-:lts |
| canonical | ubuntu_linux | 10.10 | cpe:/o:canonical:ubuntu_linux:10.10 |
| canonical | ubuntu_linux | 11.04 | cpe:/o:canonical:ubuntu_linux:11.04 |
| canonical | ubuntu_linux | 11.10 | cpe:/o:canonical:ubuntu_linux:11.10 |
| canonical | ubuntu_linux | 8.04 | cpe:/o:canonical:ubuntu_linux:8.04:-:lts |
Related
openvas
openvas
Fedora Update for BackupPC FEDORA-2012-0826
2012-02-03 00:00:00
Fedora Update for BackupPC FEDORA-2012-0826
2012-02-03 00:00:00
Fedora Update for BackupPC FEDORA-2012-0825
2012-04-02 00:00:00
debiancve
debiancve
CVE-2011-3361
2012-02-18 00:55:02
CVE-2011-4923
2012-02-18 00:55:02
prion
prion
Cross site scripting
2012-02-18 00:55:00
Cross site scripting
2012-02-18 00:55:00
fedora
fedora
[SECURITY] Fedora 16 Update: BackupPC-3.2.1-7.fc16
2012-02-01 19:29:35
[SECURITY] Fedora 15 Update: BackupPC-3.2.1-7.fc15
2012-02-01 19:22:06
ubuntucve
ubuntucve
CVE-2011-3361
2011-10-03 00:00:00
CVE-2011-4923
2012-02-18 00:00:00
cve
cve
CVE-2011-3361
2012-02-18 00:55:02
CVE-2011-4923
2012-02-18 00:55:02
nessus
nessus
Fedora 16 : BackupPC-3.2.1-7.fc16 (2012-0825)
2012-02-02 00:00:00
Fedora 15 : BackupPC-3.2.1-7.fc15 (2012-0826)
2012-02-02 00:00:00
ubuntu
ubuntu
BackupPC vulnerabilities
2011-10-27 00:00:00
cvelist
cvelist
CVE-2011-3361
2012-02-18 00:00:00
CVE-2011-4923
2012-02-18 00:00:00
nvd
nvd
CVE-2011-3361
2012-02-18 00:55:02
CVE-2011-4923
2012-02-18 00:55:02
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.005 Low
EPSS
Percentile
76.1%
Related for UBUNTU_USN-1249-1.NASL