Lucene search

K

IgnitionServer IIRC Operator Privilege Escalation Vulnerability

🗓️ 03 Nov 2005 00:00:00Reported by Copyright (C) 2004 David MaciejakType 
openvas
 openvas
🔗 plugins.openvas.org👁 19 Views

IgnitionServer IIRC Operator Privilege Escalation Vulnerability, allows remote attackers to gain elevated privileges on the system

Show more

5 of 5AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Related
Refs
Code
ReporterTitlePublishedViews
Family
OpenVAS
IgnitionServer Irc operator privilege escalation vulnerability
3 Nov 200500:00
openvas
Cvelist
CVE-2004-2553
21 Nov 200511:00
cvelist
Tenable Nessus
ignitionServer umode Command Global Operator Privilege Escalation
27 Aug 200400:00
nessus
NVD
CVE-2004-2553
31 Dec 200405:00
nvd
CVE
CVE-2004-2553
21 Nov 200511:00
cve
SourceLink
securityfocuswww.securityfocus.com/bid/9783
# SPDX-FileCopyrightText: 2004 David Maciejak
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.14388");
  script_version("2023-08-03T05:05:16+0000");
  script_tag(name:"last_modification", value:"2023-08-03 05:05:16 +0000 (Thu, 03 Aug 2023)");
  script_tag(name:"creation_date", value:"2005-11-03 14:08:04 +0100 (Thu, 03 Nov 2005)");
  script_cve_id("CVE-2004-2553");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/9783");
  script_xref(name:"OSVDB", value:"4121");
  script_tag(name:"cvss_base", value:"6.0");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:S/C:P/I:P/A:P");
  script_name("IgnitionServer IIRC Operator Privilege Escalation Vulnerability");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2004 David Maciejak");
  script_family("Privilege escalation");
  script_dependencies("ircd.nasl");
  script_require_ports("Services/irc", 6667);
  script_mandatory_keys("ircd/banner");

  script_tag(name:"solution", value:"Update to version 0.2.1-BRC1 or later.");

  script_tag(name:"summary", value:"IgnitionServer IRC service may be vulnerable to a flaw that let
  an remote attacker to gain elevated privileges on the system.");

  script_tag(name:"impact", value:"A remote attacker, who is an operator, can supply an unofficial
  command to the server to obtain elevated privileges and become a global IRC operator.");

  script_tag(name:"qod_type", value:"remote_banner");
  script_tag(name:"solution_type", value:"VendorFix");

  exit(0);
}

include("misc_func.inc");
include("port_service_func.inc");

port = service_get_port(default:6667, proto:"irc");

banner = get_kb_item("irc/banner/" + port);
if(!banner || "ignitionServer" >!< banner)
  exit(0);

if(egrep(pattern:".*ignitionServer 0\.([01]\.|2\.0).*", string:banner)) {
  security_message(port:port);
  exit(0);
}

exit(99);

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
03 Nov 2005 00:00Current
6.9Medium risk
Vulners AI Score6.9
CVSS26
EPSS0.01169
19
.json
Report