ID OPENVAS:136141256231014388 Type openvas Reporter This script is Copyright (C) 2004 David Maciejak Modified 2018-04-06T00:00:00
Description
The remote host is running a version of the IgnitionServer IRC
service which may be vulnerable to a flaw that let remote attacker
to gain elevated privileges on the system.
A remote attacker, who is an operator, can supply an unofficial command
to the server to obtain elevated privileges and become a global IRC operator.
# OpenVAS Vulnerability Test
# $Id: ircd_ignition_ircop_vuln.nasl 9348 2018-04-06 07:01:19Z cfischer $
# Description: IgnitionServer Irc operator privilege escalation vulnerability
#
# Authors:
# David Maciejak <david dot maciejak at kyxar dot fr>
# based on work from (C) Tenable Network Security
#
# Copyright:
# Copyright (C) 2004 David Maciejak
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2,
# as published by the Free Software Foundation
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
#
tag_summary = "The remote host is running a version of the IgnitionServer IRC
service which may be vulnerable to a flaw that let remote attacker
to gain elevated privileges on the system.
A remote attacker, who is an operator, can supply an unofficial command
to the server to obtain elevated privileges and become a global IRC operator.";
tag_solution = "Upgrade to IgnitionServer 0.2.1-BRC1 or newer";
# Ref: vendor
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.14388");
script_version("$Revision: 9348 $");
script_tag(name:"last_modification", value:"$Date: 2018-04-06 09:01:19 +0200 (Fri, 06 Apr 2018) $");
script_tag(name:"creation_date", value:"2005-11-03 14:08:04 +0100 (Thu, 03 Nov 2005)");
script_cve_id("CVE-2004-2553");
script_bugtraq_id(9783);
script_xref(name:"OSVDB", value:"4121");
script_tag(name:"cvss_base", value:"6.0");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:S/C:P/I:P/A:P");
name = "IgnitionServer Irc operator privilege escalation vulnerability";
script_name(name);
script_category(ACT_GATHER_INFO);
script_tag(name:"qod_type", value:"remote_banner");
script_copyright("This script is Copyright (C) 2004 David Maciejak");
script_family("General");
script_dependencies("find_service.nasl", "find_service2.nasl", "ircd.nasl");
script_require_ports("Services/irc", 6667);
script_tag(name : "solution" , value : tag_solution);
script_tag(name : "summary" , value : tag_summary);
exit(0);
}
#the code
port = get_kb_item("Services/irc");
if (!port) port = 6667;
if(! get_port_state(port)) exit(0);
key = string("irc/banner/", port);
banner = get_kb_item(key);
if(!banner)exit(0);
if(egrep(pattern:".*ignitionServer 0\.([01]\.|2\.0).*", string:banner))
{
security_message(port);
exit(0);
}
{"pluginID": "136141256231014388", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: ircd_ignition_ircop_vuln.nasl 9348 2018-04-06 07:01:19Z cfischer $\n# Description: IgnitionServer Irc operator privilege escalation vulnerability\n#\n# Authors:\n# David Maciejak <david dot maciejak at kyxar dot fr>\n# based on work from (C) Tenable Network Security\n#\n# Copyright:\n# Copyright (C) 2004 David Maciejak\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ntag_summary = \"The remote host is running a version of the IgnitionServer IRC \nservice which may be vulnerable to a flaw that let remote attacker\nto gain elevated privileges on the system.\n\nA remote attacker, who is an operator, can supply an unofficial command \nto the server to obtain elevated privileges and become a global IRC operator.\";\n\ntag_solution = \"Upgrade to IgnitionServer 0.2.1-BRC1 or newer\";\n\n# Ref: vendor\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.14388\");\n script_version(\"$Revision: 9348 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:01:19 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2005-11-03 14:08:04 +0100 (Thu, 03 Nov 2005)\");\n script_cve_id(\"CVE-2004-2553\");\n script_bugtraq_id(9783);\n script_xref(name:\"OSVDB\", value:\"4121\");\n script_tag(name:\"cvss_base\", value:\"6.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:P/I:P/A:P\");\n \n name = \"IgnitionServer Irc operator privilege escalation vulnerability\";\n script_name(name);\n \n\n\n \n script_category(ACT_GATHER_INFO);\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n \n script_copyright(\"This script is Copyright (C) 2004 David Maciejak\");\n \n script_family(\"General\");\n\n script_dependencies(\"find_service.nasl\", \"find_service2.nasl\", \"ircd.nasl\");\n script_require_ports(\"Services/irc\", 6667);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n exit(0);\n}\n\n#the code\n\nport = get_kb_item(\"Services/irc\");\nif (!port) port = 6667;\nif(! get_port_state(port)) exit(0);\n\nkey = string(\"irc/banner/\", port);\nbanner = get_kb_item(key);\nif(!banner)exit(0);\n\nif(egrep(pattern:\".*ignitionServer 0\\.([01]\\.|2\\.0).*\", string:banner)) \n{\n security_message(port);\n exit(0);\n}\n\n", "history": [], "description": "The remote host is running a version of the IgnitionServer IRC \nservice which may be vulnerable to a flaw that let remote attacker\nto gain elevated privileges on the system.\n\nA remote attacker, who is an operator, can supply an unofficial command \nto the server to obtain elevated privileges and become a global IRC operator.", "reporter": "This script is Copyright (C) 2004 David Maciejak", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231014388", "type": "openvas", "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cvelist", "hash": "f6d31b657b5b489868e29982a8d1be28"}, {"key": "cvss", "hash": "61a37396f8fc8545e5dc3fd73288ce16"}, {"key": "description", "hash": "4a668343fc518544e6bb9d5dd5266058"}, {"key": "href", "hash": "d4609840dfad128a311a17277ca87691"}, {"key": "modified", "hash": "4fb7fd6149697e74d091717ea3f1ca84"}, {"key": "naslFamily", "hash": "0db377921f4ce762c62526131097968f"}, {"key": "pluginID", "hash": "1260fb8c70b16aef9a708bff5a26da46"}, {"key": "published", "hash": "df034d9b90ece22f6e868d36506db720"}, {"key": "references", "hash": "68a4050ae264458517e36861f6dd073f"}, {"key": "reporter", "hash": "82770c20722a53a0bfaab6142997586f"}, {"key": "sourceData", "hash": "6caecd79c46d72f678af74391373b467"}, {"key": "title", "hash": "87a6f97fba00a168ef79a60dacfda980"}, {"key": "type", "hash": "47c1f692ea47a21f716dad07043ade01"}], "viewCount": 0, "references": ["4121"], "lastseen": "2018-04-06T11:15:50", "published": "2005-11-03T00:00:00", "naslFamily": "General", "objectVersion": "1.3", "cvelist": ["CVE-2004-2553"], "id": "OPENVAS:136141256231014388", "hash": "c66ec5b667400655b6feab7f416219f59f5f8e7481f80deb3524a0446c70edca", "modified": "2018-04-06T00:00:00", "title": "IgnitionServer Irc operator privilege escalation vulnerability", "edition": 1, "cvss": {"score": 6.0, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "bulletinFamily": "scanner", "enchantments": {"vulnersScore": 7.5}}
{"result": {"cve": [{"id": "CVE-2004-2553", "type": "cve", "title": "CVE-2004-2553", "description": "The Ignition Project ignitionServer 0.1.2 through 0.1.2-R2 allows remote authenticated users with local IRC operator privileges to obtain global IRC operator privileges by using the unofficial umode command with the +ORD argument.", "published": "2004-12-31T00:00:00", "cvss": {"score": 6.0, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-2553", "cvelist": ["CVE-2004-2553"], "lastseen": "2017-07-11T11:14:43"}], "nessus": [{"id": "IRCD_IGNITION_IRCOP_VULN.NASL", "type": "nessus", "title": "ignitionServer umode Command Global Operator Privilege Escalation", "description": "The remote host is running a version of the IgnitionServer IRC service which might be vulnerable to a flaw that lets a remote attacker gain elevated privileges on the system. A local IRC operator can supply an unofficial command to the server to obtain elevated privileges and become a global IRC operator.", "published": "2004-08-27T00:00:00", "cvss": {"score": 6.0, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=14388", "cvelist": ["CVE-2004-2553"], "lastseen": "2016-09-26T17:26:38"}], "osvdb": [{"id": "OSVDB:4121", "type": "osvdb", "title": "ignitionServer Operator Privilege Escalation", "description": "## Vulnerability Description\nignitionServer contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when a local operator uses an undocumented command to escalate privileges to global operator. \n## Solution Description\nUpgrade to version 0.2.1-BRC1 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Short Description\nignitionServer contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when a local operator uses an undocumented command to escalate privileges to global operator. \n## References:\nVendor URL: http://www.ignition-project.com/ignition/server/\n[Vendor Specific Advisory URL](http://sourceforge.net/tracker/index.php?func=detail&aid=891555&group_id=96071&atid=613526)\n[Vendor Specific Advisory URL](http://cvs.sourceforge.net/viewcvs.py/ignition/ignitionserver/docs/security/20040302-operator-privilege-escalation.txt?view=markup)\nSecurity Tracker: 1009301\n[Secunia Advisory ID:11017](https://secuniaresearch.flexerasoftware.com/advisories/11017/)\nKeyword: BUG 891555\nISS X-Force ID: 15363\n[CVE-2004-2553](https://vulners.com/cve/CVE-2004-2553)\nBugtraq ID: 9783\n", "published": "2004-02-05T07:46:07", "cvss": {"score": 6.0, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://vulners.com/osvdb/OSVDB:4121", "cvelist": ["CVE-2004-2553"], "lastseen": "2017-04-28T13:19:58"}], "openvas": [{"id": "OPENVAS:14388", "type": "openvas", "title": "IgnitionServer Irc operator privilege escalation vulnerability", "description": "The remote host is running a version of the IgnitionServer IRC \nservice which may be vulnerable to a flaw that let remote attacker\nto gain elevated privileges on the system.\n\nA remote attacker, who is an operator, can supply an unofficial command \nto the server to obtain elevated privileges and become a global IRC operator.", "published": "2005-11-03T00:00:00", "cvss": {"score": 6.0, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=14388", "cvelist": ["CVE-2004-2553"], "lastseen": "2017-12-08T11:44:06"}]}}
