ID OPENVAS:1361412562310103696 Type openvas Reporter This script is Copyright (C) 2013 Greenbone Networks GmbH Modified 2019-09-06T00:00:00
Description
The remote BusyBox Telnet Console is not protected by a password.
###############################################################################
# OpenVAS Vulnerability Test
#
# Unprotected BusyBox Telnet Console
#
# Authors:
# Michael Meyer <michael.meyer@greenbone.net>
#
# Copyright:
# Copyright (c) 2013 Greenbone Networks GmbH
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.103696");
script_version("2019-09-06T14:17:49+0000");
script_tag(name:"cvss_base", value:"10.0");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_name("Unprotected BusyBox Telnet Console");
script_tag(name:"last_modification", value:"2019-09-06 14:17:49 +0000 (Fri, 06 Sep 2019)");
script_tag(name:"creation_date", value:"2013-04-11 12:36:40 +0100 (Thu, 11 Apr 2013)");
script_category(ACT_ATTACK);
script_family("Default Accounts");
script_copyright("This script is Copyright (C) 2013 Greenbone Networks GmbH");
script_dependencies("telnetserver_detect_type_nd_version.nasl", "gb_default_credentials_options.nasl");
script_require_ports("Services/telnet", 23);
script_mandatory_keys("telnet/busybox/console/detected");
script_exclude_keys("default_credentials/disable_default_account_checks");
script_tag(name:"solution", value:"Set a password.");
script_tag(name:"summary", value:"The remote BusyBox Telnet Console is not protected by a password.");
script_tag(name:"solution_type", value:"Mitigation");
script_tag(name:"qod_type", value:"remote_vul");
exit(0);
}
if(get_kb_item("default_credentials/disable_default_account_checks"))
exit(0);
include("telnet_func.inc");
include("misc_func.inc");
include("dump.inc");
port = telnet_get_port( default:23 );
banner = telnet_get_banner( port:port );
if( ! banner || ( "BusyBox" >!< banner && "list of built-in commands" >!< banner ) )
exit( 0 );
soc = open_sock_tcp( port );
if( ! soc )
exit( 0 );
buf = telnet_negotiate( socket:soc );
if( "BusyBox" >!< buf && "list of built-in commands" >!< buf )
exit( 0 );
send( socket:soc, data:'id\n' );
recv = recv( socket:soc, length:512 );
send( socket:soc, data:'exit\n' );
close( soc );
if( recv =~ "uid=[0-9]+.*gid=[0-9]+.*" ) {
security_message( port:port );
exit( 0 );
}
exit( 99 );
{"id": "OPENVAS:1361412562310103696", "bulletinFamily": "scanner", "title": "Unprotected BusyBox Telnet Console", "description": "The remote BusyBox Telnet Console is not protected by a password.", "published": "2013-04-11T00:00:00", "modified": "2019-09-06T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310103696", "reporter": "This script is Copyright (C) 2013 Greenbone Networks GmbH", "references": [], "cvelist": [], "type": "openvas", "lastseen": "2019-09-09T15:27:06", "history": [{"bulletin": {"bulletinFamily": "scanner", "cvelist": [], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "The remote BusyBox Telnet Console is not protected by a password.", "edition": 4, "enchantments": {"dependencies": {"modified": "2019-06-07T12:49:00", "references": []}, "score": {"modified": "2019-06-07T12:49:00", "value": 0.2, "vector": "NONE"}}, "hash": "274e37db89ba4c5ebf1f6b6ca108eebd2249214344dc5e0cd44f9896979e9098", "hashmap": [{"hash": "bb6b8903d2452a7e9b9eb211778043f8", "key": "published"}, {"hash": "dc97eda220e5e7205c10be5151793716", "key": "references"}, {"hash": "c3defb1399f5375bd09a36b0588b273b", "key": "modified"}, {"hash": "d119874443beca63dd693ed5afea8339", "key": "pluginID"}, {"hash": "34698862a5eafd718b3308e2fa9492c8", "key": "title"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvelist"}, {"hash": "47c1f692ea47a21f716dad07043ade01", "key": "type"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "01796fc8fbab6c859f91ff7938643593", "key": "sourceData"}, {"hash": "c8c11c18def3783b9fd2759746494ece", "key": "reporter"}, {"hash": "27e503b98ceed8c2fe6944f0a9cd3edc", "key": "href"}, {"hash": "ca31a3c1143691e5811432b0af7d78af", "key": "naslFamily"}, {"hash": "20b22bf1cc1e424e891908f2843c1807", "key": "description"}], "history": [], "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310103696", "id": "OPENVAS:1361412562310103696", "lastseen": "2019-06-07T12:49:00", "modified": "2019-06-06T00:00:00", "naslFamily": "Default Accounts", "objectVersion": "1.3", "pluginID": "1361412562310103696", "published": "2013-04-11T00:00:00", "references": ["http://www.busybox.net/"], "reporter": "This script is Copyright (C) 2013 Greenbone Networks GmbH", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Unprotected BusyBox Telnet Console\n#\n# Authors:\n# Michael Meyer <michael.meyer@greenbone.net>\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.103696\");\n script_version(\"2019-06-06T07:39:31+0000\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Unprotected BusyBox Telnet Console\");\n script_tag(name:\"last_modification\", value:\"2019-06-06 07:39:31 +0000 (Thu, 06 Jun 2019)\");\n script_tag(name:\"creation_date\", value:\"2013-04-11 12:36:40 +0100 (Thu, 11 Apr 2013)\");\n script_category(ACT_ATTACK);\n script_family(\"Default Accounts\");\n script_copyright(\"This script is Copyright (C) 2013 Greenbone Networks GmbH\");\n script_dependencies(\"telnetserver_detect_type_nd_version.nasl\");\n script_require_ports(\"Services/telnet\", 23);\n script_mandatory_keys(\"telnet/busybox/console/detected\");\n\n script_xref(name:\"URL\", value:\"http://www.busybox.net/\");\n\n script_tag(name:\"solution\", value:\"Set a password.\");\n\n script_tag(name:\"summary\", value:\"The remote BusyBox Telnet Console is not protected by a password.\");\n\n script_tag(name:\"solution_type\", value:\"Mitigation\");\n script_tag(name:\"qod_type\", value:\"remote_vul\");\n\n exit(0);\n}\n\ninclude(\"telnet_func.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"dump.inc\");\n\nport = telnet_get_port( default:23 );\nbanner = telnet_get_banner( port:port );\nif( ! banner || ( \"BusyBox\" >!< banner && \"list of built-in commands\" >!< banner ) )\n exit( 0 );\n\nsoc = open_sock_tcp( port );\nif( ! soc )\n exit( 0 );\n\nbuf = telnet_negotiate( socket:soc );\n\nif( \"BusyBox\" >!< buf && \"list of built-in commands\" >!< buf )\n exit( 0 );\n\nsend( socket:soc, data:'id\\n' );\nrecv = recv( socket:soc, length:512 );\n\nsend( socket:soc, data:'exit\\n' );\nclose( soc );\n\nif( recv =~ \"uid=[0-9]+.*gid=[0-9]+.*\" ) {\n security_message( port:port );\n exit( 0 );\n}\n\nexit( 99 );", "title": "Unprotected BusyBox Telnet Console", "type": "openvas", "viewCount": 17}, "differentElements": ["references", "modified", "sourceData"], "edition": 4, "lastseen": "2019-06-07T12:49:00"}, {"bulletin": {"bulletinFamily": "scanner", "cvelist": [], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "The remote BusyBox Telnet Console is not protected by a password.", "edition": 2, "enchantments": {"dependencies": {"modified": "2018-08-24T21:34:37", "references": []}, "score": {"value": 7.5, "vector": "NONE"}}, "hash": "26693139044b7d7616ff148e2fd433c9f71bb2a51566cfd9374bb74503164343", "hashmap": [{"hash": "bb6b8903d2452a7e9b9eb211778043f8", "key": "published"}, {"hash": "dc97eda220e5e7205c10be5151793716", "key": "references"}, {"hash": "71bc5ce2c6c2082eec188cd6e47cddff", "key": "modified"}, {"hash": "0db377921f4ce762c62526131097968f", "key": "naslFamily"}, {"hash": "d119874443beca63dd693ed5afea8339", "key": "pluginID"}, {"hash": "34698862a5eafd718b3308e2fa9492c8", "key": "title"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvelist"}, {"hash": "47c1f692ea47a21f716dad07043ade01", "key": "type"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "c8c11c18def3783b9fd2759746494ece", "key": "reporter"}, {"hash": "27e503b98ceed8c2fe6944f0a9cd3edc", "key": "href"}, {"hash": "20b22bf1cc1e424e891908f2843c1807", "key": "description"}, {"hash": "206408a8e7cbf7fcaebfd6a3c69ca193", "key": "sourceData"}], "history": [], "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310103696", "id": "OPENVAS:1361412562310103696", "lastseen": "2018-08-24T21:34:37", "modified": "2018-08-22T00:00:00", "naslFamily": "General", "objectVersion": "1.3", "pluginID": "1361412562310103696", "published": "2013-04-11T00:00:00", "references": ["http://www.busybox.net/"], "reporter": "This script is Copyright (C) 2013 Greenbone Networks GmbH", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_BusyBox_unprotected_telnet.nasl 11082 2018-08-22 15:05:47Z mmartin $\n#\n# Unprotected BusyBox Telnet Console\n#\n# Authors:\n# Michael Meyer <michael.meyer@greenbone.net>\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.103696\");\n script_version(\"$Revision: 11082 $\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Unprotected BusyBox Telnet Console\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-08-22 17:05:47 +0200 (Wed, 22 Aug 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-04-11 12:36:40 +0100 (Thu, 11 Apr 2013)\");\n script_category(ACT_ATTACK);\n script_family(\"General\");\n script_copyright(\"This script is Copyright (C) 2013 Greenbone Networks GmbH\");\n script_dependencies(\"find_service.nasl\");\n script_require_ports(\"Services/telnet\", 23);\n\n script_xref(name:\"URL\", value:\"http://www.busybox.net/\");\n\n script_tag(name:\"solution\", value:\"Set a password.\");\n script_tag(name:\"summary\", value:\"The remote BusyBox Telnet Console is not protected by a password.\");\n\n script_tag(name:\"solution_type\", value:\"Mitigation\");\n script_tag(name:\"qod_type\", value:\"remote_vul\");\n\n exit(0);\n}\n\ninclude(\"telnet_func.inc\");\n\nport = get_telnet_port( default:23 );\n\nsoc = open_sock_tcp( port );\nif( ! soc ) exit( 0 );\n\nbuf = telnet_negotiate( socket:soc );\n\nif( \"BusyBox\" >!< buf && \"list of built-in commands\" >!< buf ) exit( 0 );\n\nsend( socket:soc, data:'id\\n' );\nrecv = recv( socket:soc, length:512 );\n\nsend( socket:soc, data:'exit\\n' );\nclose( soc );\n\nif( recv =~ \"uid=[0-9]+.*gid=[0-9]+.*\" ) {\n security_message( port:port );\n exit( 0 );\n}\n\nexit( 99 );\n", "title": "Unprotected BusyBox Telnet Console", "type": "openvas", "viewCount": 2}, "differentElements": ["modified", "naslFamily", "sourceData"], "edition": 2, "lastseen": "2018-08-24T21:34:37"}, {"bulletin": {"bulletinFamily": "scanner", "cvelist": [], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "The remote BusyBox Telnet Console is not protected by a password.", "edition": 3, "enchantments": {"dependencies": {"modified": "2019-02-13T16:56:02", "references": []}, "score": {"value": 7.5, "vector": "NONE"}}, "hash": "e736f496e1345d7f2bdc97e3c59d470e675bd8ccc512be79cf37d9dde1205393", "hashmap": [{"hash": "bb6b8903d2452a7e9b9eb211778043f8", "key": "published"}, {"hash": "dc97eda220e5e7205c10be5151793716", "key": "references"}, {"hash": "d119874443beca63dd693ed5afea8339", "key": "pluginID"}, {"hash": "34698862a5eafd718b3308e2fa9492c8", "key": "title"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvelist"}, {"hash": "47c1f692ea47a21f716dad07043ade01", "key": "type"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "c8c11c18def3783b9fd2759746494ece", "key": "reporter"}, {"hash": "27e503b98ceed8c2fe6944f0a9cd3edc", "key": "href"}, {"hash": "dc7bd333fcf4f62e78c15dc6692ca728", "key": "modified"}, {"hash": "ca31a3c1143691e5811432b0af7d78af", "key": "naslFamily"}, {"hash": "39a481b7a4e98bc6715c080259e0d5a9", "key": "sourceData"}, {"hash": "20b22bf1cc1e424e891908f2843c1807", "key": "description"}], "history": [], "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310103696", "id": "OPENVAS:1361412562310103696", "lastseen": "2019-02-13T16:56:02", "modified": "2019-02-13T00:00:00", "naslFamily": "Default Accounts", "objectVersion": "1.3", "pluginID": "1361412562310103696", "published": "2013-04-11T00:00:00", "references": ["http://www.busybox.net/"], "reporter": "This script is Copyright (C) 2013 Greenbone Networks GmbH", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_BusyBox_unprotected_telnet.nasl 13627 2019-02-13 10:38:43Z cfischer $\n#\n# Unprotected BusyBox Telnet Console\n#\n# Authors:\n# Michael Meyer <michael.meyer@greenbone.net>\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.103696\");\n script_version(\"$Revision: 13627 $\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Unprotected BusyBox Telnet Console\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-02-13 11:38:43 +0100 (Wed, 13 Feb 2019) $\");\n script_tag(name:\"creation_date\", value:\"2013-04-11 12:36:40 +0100 (Thu, 11 Apr 2013)\");\n script_category(ACT_ATTACK);\n script_family(\"Default Accounts\");\n script_copyright(\"This script is Copyright (C) 2013 Greenbone Networks GmbH\");\n script_dependencies(\"telnetserver_detect_type_nd_version.nasl\");\n script_require_ports(\"Services/telnet\", 23);\n script_mandatory_keys(\"telnet/busybox/console/detected\");\n\n script_xref(name:\"URL\", value:\"http://www.busybox.net/\");\n\n script_tag(name:\"solution\", value:\"Set a password.\");\n\n script_tag(name:\"summary\", value:\"The remote BusyBox Telnet Console is not protected by a password.\");\n\n script_tag(name:\"solution_type\", value:\"Mitigation\");\n script_tag(name:\"qod_type\", value:\"remote_vul\");\n\n exit(0);\n}\n\ninclude(\"telnet_func.inc\");\n\nport = get_telnet_port( default:23 );\nbanner = get_telnet_banner( port:port );\nif( ! banner || ( \"BusyBox\" >!< banner && \"list of built-in commands\" >!< banner ) )\n exit( 0 );\n\nsoc = open_sock_tcp( port );\nif( ! soc )\n exit( 0 );\n\nbuf = telnet_negotiate( socket:soc );\n\nif( \"BusyBox\" >!< buf && \"list of built-in commands\" >!< buf )\n exit( 0 );\n\nsend( socket:soc, data:'id\\n' );\nrecv = recv( socket:soc, length:512 );\n\nsend( socket:soc, data:'exit\\n' );\nclose( soc );\n\nif( recv =~ \"uid=[0-9]+.*gid=[0-9]+.*\" ) {\n security_message( port:port );\n exit( 0 );\n}\n\nexit( 99 );", "title": "Unprotected BusyBox Telnet Console", "type": "openvas", "viewCount": 2}, "differentElements": ["modified", "sourceData"], "edition": 3, "lastseen": "2019-02-13T16:56:02"}, {"bulletin": {"bulletinFamily": "scanner", "cvelist": [], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "The remote BusyBox Telnet Console is not protected by a password.", "edition": 1, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "hash": "3aafb36733cb3b35a71ec5c80abd13822b92d968e6b3148896e5ccff3d5ee6cb", "hashmap": [{"hash": "bb6b8903d2452a7e9b9eb211778043f8", "key": "published"}, {"hash": "00d3786b734374affe7989ebb5c25baf", "key": "modified"}, {"hash": "dc97eda220e5e7205c10be5151793716", "key": "references"}, {"hash": "0db377921f4ce762c62526131097968f", "key": "naslFamily"}, {"hash": "d119874443beca63dd693ed5afea8339", "key": "pluginID"}, {"hash": "34698862a5eafd718b3308e2fa9492c8", "key": "title"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvelist"}, {"hash": "67169dc088b73e64792e8207cb0bf2e5", "key": "sourceData"}, {"hash": "47c1f692ea47a21f716dad07043ade01", "key": "type"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "c8c11c18def3783b9fd2759746494ece", "key": "reporter"}, {"hash": "27e503b98ceed8c2fe6944f0a9cd3edc", "key": "href"}, {"hash": "20b22bf1cc1e424e891908f2843c1807", "key": "description"}], "history": [], "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310103696", "id": "OPENVAS:1361412562310103696", "lastseen": "2017-07-02T21:11:11", "modified": "2017-02-26T00:00:00", "naslFamily": "General", "objectVersion": "1.3", "pluginID": "1361412562310103696", "published": "2013-04-11T00:00:00", "references": ["http://www.busybox.net/"], "reporter": "This script is Copyright (C) 2013 Greenbone Networks GmbH", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_BusyBox_unprotected_telnet.nasl 5427 2017-02-26 20:21:22Z cfi $\n#\n# Unprotected BusyBox Telnet Console\n#\n# Authors:\n# Michael Meyer <michael.meyer@greenbone.net>\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.103696\");\n script_version(\"$Revision: 5427 $\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Unprotected BusyBox Telnet Console\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-02-26 21:21:22 +0100 (Sun, 26 Feb 2017) $\");\n script_tag(name:\"creation_date\", value:\"2013-04-11 12:36:40 +0100 (Thu, 11 Apr 2013)\");\n script_category(ACT_ATTACK);\n script_family(\"General\");\n script_copyright(\"This script is Copyright (C) 2013 Greenbone Networks GmbH\");\n script_dependencies(\"find_service.nasl\");\n script_require_ports(\"Services/telnet\", 23);\n\n script_xref(name:\"URL\", value:\"http://www.busybox.net/\");\n\n tag_summary = \"The remote BusyBox Telnet Console is not protected by a password.\";\n\n tag_solution = \"Set a password.\";\n\n script_tag(name:\"solution\", value:tag_solution);\n script_tag(name:\"summary\", value:tag_summary);\n\n script_tag(name:\"solution_type\", value:\"Mitigation\");\n script_tag(name:\"qod_type\", value:\"remote_vul\");\n\n exit(0);\n}\n\ninclude(\"telnet_func.inc\");\n\nport = get_telnet_port( default:23 );\n\nsoc = open_sock_tcp( port );\nif( ! soc ) exit( 0 );\n\nbuf = telnet_negotiate( socket:soc );\n\nif( \"BusyBox\" >!< buf && \"list of built-in commands\" >!< buf ) exit( 0 );\n\nsend( socket:soc, data:'id\\n' );\nrecv = recv( socket:soc, length:512 );\n\nsend( socket:soc, data:'exit\\n' );\nclose( soc );\n\nif( recv =~ \"uid=[0-9]+.*gid=[0-9]+.*\" ) {\n security_message( port:port );\n exit( 0 );\n}\n\nexit( 99 );\n", "title": "Unprotected BusyBox Telnet Console", "type": "openvas", "viewCount": 0}, "differentElements": ["modified", "sourceData"], "edition": 1, "lastseen": "2017-07-02T21:11:11"}], "edition": 5, "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cvelist", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvss", "hash": "8cd4821cb504d25572038ed182587d85"}, {"key": "description", "hash": "20b22bf1cc1e424e891908f2843c1807"}, {"key": "href", "hash": "27e503b98ceed8c2fe6944f0a9cd3edc"}, {"key": "modified", "hash": "eaa838c7b243c1eaa8e3fa15ecc068c8"}, {"key": "naslFamily", "hash": "ca31a3c1143691e5811432b0af7d78af"}, {"key": "pluginID", "hash": "d119874443beca63dd693ed5afea8339"}, {"key": "published", "hash": "bb6b8903d2452a7e9b9eb211778043f8"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "c8c11c18def3783b9fd2759746494ece"}, {"key": "sourceData", "hash": "23f296e5acbefe625d10b234dfa2cdfb"}, {"key": "title", "hash": "34698862a5eafd718b3308e2fa9492c8"}, {"key": "type", "hash": "47c1f692ea47a21f716dad07043ade01"}], "hash": "9b5493dab5206cef58eb5310cabcc9fde05af3bc246babeca9341fd44630c3d2", "viewCount": 19, "enchantments": {"dependencies": {"references": [], "modified": "2019-09-09T15:27:06"}, "score": {"value": 0.3, "vector": "NONE", "modified": "2019-09-09T15:27:06"}, "vulnersScore": 0.3}, "objectVersion": "1.3", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Unprotected BusyBox Telnet Console\n#\n# Authors:\n# Michael Meyer <michael.meyer@greenbone.net>\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.103696\");\n script_version(\"2019-09-06T14:17:49+0000\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Unprotected BusyBox Telnet Console\");\n script_tag(name:\"last_modification\", value:\"2019-09-06 14:17:49 +0000 (Fri, 06 Sep 2019)\");\n script_tag(name:\"creation_date\", value:\"2013-04-11 12:36:40 +0100 (Thu, 11 Apr 2013)\");\n script_category(ACT_ATTACK);\n script_family(\"Default Accounts\");\n script_copyright(\"This script is Copyright (C) 2013 Greenbone Networks GmbH\");\n script_dependencies(\"telnetserver_detect_type_nd_version.nasl\", \"gb_default_credentials_options.nasl\");\n script_require_ports(\"Services/telnet\", 23);\n script_mandatory_keys(\"telnet/busybox/console/detected\");\n script_exclude_keys(\"default_credentials/disable_default_account_checks\");\n\n script_tag(name:\"solution\", value:\"Set a password.\");\n\n script_tag(name:\"summary\", value:\"The remote BusyBox Telnet Console is not protected by a password.\");\n\n script_tag(name:\"solution_type\", value:\"Mitigation\");\n script_tag(name:\"qod_type\", value:\"remote_vul\");\n\n exit(0);\n}\n\nif(get_kb_item(\"default_credentials/disable_default_account_checks\"))\n exit(0);\n\ninclude(\"telnet_func.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"dump.inc\");\n\nport = telnet_get_port( default:23 );\nbanner = telnet_get_banner( port:port );\nif( ! banner || ( \"BusyBox\" >!< banner && \"list of built-in commands\" >!< banner ) )\n exit( 0 );\n\nsoc = open_sock_tcp( port );\nif( ! soc )\n exit( 0 );\n\nbuf = telnet_negotiate( socket:soc );\n\nif( \"BusyBox\" >!< buf && \"list of built-in commands\" >!< buf )\n exit( 0 );\n\nsend( socket:soc, data:'id\\n' );\nrecv = recv( socket:soc, length:512 );\n\nsend( socket:soc, data:'exit\\n' );\nclose( soc );\n\nif( recv =~ \"uid=[0-9]+.*gid=[0-9]+.*\" ) {\n security_message( port:port );\n exit( 0 );\n}\n\nexit( 99 );\n", "naslFamily": "Default Accounts", "pluginID": "1361412562310103696", "scheme": null}
