ID OPENVAS:136141256231016142 Type openvas Reporter This script is Copyright (C) 2005 George A. Theall Modified 2018-08-07T00:00:00
Description
The target is running at least one instance of IlohaMail that allows
anyone to retrieve its configuration files over the web. These files may contain sensitive information.
For example, conf/conf.inc may hold a username / password used for SMTP authentication.
##############################################################################
# OpenVAS Vulnerability Test
# $Id: ilohamail_conf_files_readable.nasl 10802 2018-08-07 08:55:29Z cfischer $
#
# IlohaMail Readable Configuration Files
#
# Authors:
# George A. Theall, <theall@tifaware.com>.
#
# Copyright:
# Copyright (C) 2005 George A. Theall
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2,
# as published by the Free Software Foundation
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
##############################################################################
CPE = "cpe:/a:ilohamail:ilohamail";
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.16142");
script_version("$Revision: 10802 $");
script_tag(name:"last_modification", value:"$Date: 2018-08-07 10:55:29 +0200 (Tue, 07 Aug 2018) $");
script_tag(name:"creation_date", value:"2005-11-03 14:08:04 +0100 (Thu, 03 Nov 2005)");
script_tag(name:"cvss_base", value:"5.0");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:N/A:N");
script_bugtraq_id(12252);
script_name("IlohaMail Readable Configuration Files");
script_category(ACT_GATHER_INFO);
script_copyright("This script is Copyright (C) 2005 George A. Theall");
script_family("Remote file access");
script_dependencies("ilohamail_detect.nasl");
script_mandatory_keys("ilohamail/detected");
script_tag(name:"solution", value:"Upgrade to IlohaMail version 0.8.14-rc2 or later or
reinstall following the 'Proper Installation' instructions in the INSTALL document.");
script_tag(name:"summary", value:"The target is running at least one instance of IlohaMail that allows
anyone to retrieve its configuration files over the web. These files may contain sensitive information.
For example, conf/conf.inc may hold a username / password used for SMTP authentication.");
script_tag(name:"solution_type", value:"VendorFix");
script_tag(name:"qod_type", value:"remote_vul");
exit(0);
}
include("http_func.inc");
include("http_keepalive.inc");
include("host_details.inc");
if( ! port = get_app_port( cpe:CPE ) ) exit( 0 );
if( ! dir = get_app_location( cpe:CPE, port:port ) ) exit( 0 );
if( dir == "/" ) dir = "";
# If this was a quick & dirty install, try to grab a config file.
if( dir =~ "/source$" ) {
dir = ereg_replace( string:dir, pattern:"/source$", replace:"/conf" );
# nb: conf.inc appears first in 0.7.3; mysqlrc.inc was used as far back as 0.7.0.
foreach config( make_list("conf.inc", "mysqlrc.inc" ) ) {
url = dir + "/" + config;
req = http_get( item:url, port:port );
res = http_keepalive_send_recv( port:port, data:req );
if( isnull( res ) ) continue;
# Does it look like PHP code with variable definitions?
if( egrep( string:res, pattern:"<\?php") && egrep( string:res, pattern:"\$[A-Za-z_]+ *= *.+;" ) ) {
report = report_vuln_url( port:port, url:url );
security_message( port:port );
exit( 0 );
}
}
}
exit( 99 );
{"id": "OPENVAS:136141256231016142", "bulletinFamily": "scanner", "title": "IlohaMail Readable Configuration Files", "description": "The target is running at least one instance of IlohaMail that allows\n anyone to retrieve its configuration files over the web. These files may contain sensitive information.\n For example, conf/conf.inc may hold a username / password used for SMTP authentication.", "published": "2005-11-03T00:00:00", "modified": "2018-08-07T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "http://plugins.openvas.org/nasl.php?oid=136141256231016142", "reporter": "This script is Copyright (C) 2005 George A. Theall", "references": [], "cvelist": [], "type": "openvas", "lastseen": "2018-08-08T20:37:50", "history": [{"bulletin": {"bulletinFamily": "scanner", "cvelist": [], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "The target is running at least one instance of IlohaMail that allows\nanyone to retrieve its configuration files over the web. These files\nmay contain sensitive information. For example, conf/conf.inc may\nhold a username / password used for SMTP authentication.", "edition": 1, "enchantments": {"score": {"value": 5.0, "vector": "NONE"}}, "hash": "4296afa67a766570323159bd4c6f2341cf8f1dfb9899e0f29dc5d16c520d77f0", "hashmap": [{"hash": "b5d1b7a52bc153de0829465be24311ce", "key": "reporter"}, {"hash": "d54e7f7b3e02b9e63b8cef3a4a021725", "key": "sourceData"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "f3e2dd645dfb3f06feea5ca47005237e", "key": "href"}, {"hash": "4fb7fd6149697e74d091717ea3f1ca84", "key": "modified"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvelist"}, {"hash": "df034d9b90ece22f6e868d36506db720", "key": "published"}, {"hash": "47c1f692ea47a21f716dad07043ade01", "key": "type"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "896024d6a85517f1099fb56d90078085", "key": "naslFamily"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "9c0cfaa8a5a24f95774c7bd2de24cc9a", "key": "title"}, {"hash": "ccbd1f00f9e6a2a09079152826b53507", "key": "pluginID"}, {"hash": "01d917a9b1098d56b69199e62aec2503", "key": "description"}], "history": [], "href": "http://plugins.openvas.org/nasl.php?oid=136141256231016142", "id": "OPENVAS:136141256231016142", "lastseen": "2018-04-06T11:15:52", "modified": "2018-04-06T00:00:00", "naslFamily": "Remote file access", "objectVersion": "1.3", "pluginID": "136141256231016142", "published": "2005-11-03T00:00:00", "references": [], "reporter": "This script is Copyright (C) 2005 George A. Theall", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: ilohamail_conf_files_readable.nasl 9348 2018-04-06 07:01:19Z cfischer $\n# Description: IlohaMail Readable Configuration Files\n#\n# Authors:\n# George A. Theall, <theall@tifaware.com>.\n#\n# Copyright:\n# Copyright (C) 2005 George A. Theall\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ntag_summary = \"The target is running at least one instance of IlohaMail that allows\nanyone to retrieve its configuration files over the web. These files\nmay contain sensitive information. For example, conf/conf.inc may\nhold a username / password used for SMTP authentication.\";\n\ntag_solution = \"Upgrade to IlohaMail version 0.8.14-rc2 or later or\nreinstall following the 'Proper Installation' instructions in the\nINSTALL document.\";\n\nif (description) {\n script_oid(\"1.3.6.1.4.1.25623.1.0.16142\");\n script_version(\"$Revision: 9348 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:01:19 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2005-11-03 14:08:04 +0100 (Thu, 03 Nov 2005)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_bugtraq_id(12252);\n\n name = \"IlohaMail Readable Configuration Files\";\n script_name(name);\n \n \n summary = \"Checks for Readable Configuration Files in IlohaMail\";\n \n script_category(ACT_GATHER_INFO);\n script_tag(name:\"qod_type\", value:\"remote_vul\");\n script_copyright(\"This script is Copyright (C) 2005 George A. Theall\");\n\n family = \"Remote file access\";\n script_family(family);\n\n script_dependencies(\"global_settings.nasl\", \"ilohamail_detect.nasl\");\n script_require_ports(\"Services/www\", 80);\n\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"http_func.inc\");\ninclude(\"http_keepalive.inc\");\n\nport = get_http_port(default:80);\nif (!get_port_state(port)) exit(0);\ndebug_print(\"searching for readable configuration files in IlohaMail on port \", port, \".\");\n\n# Check each installed instance, stopping if we find a vulnerable version.\ninstalls = get_kb_list(string(\"www/\", port, \"/ilohamail\"));\nif (isnull(installs)) exit(0);\nforeach install (installs) {\n matches = eregmatch(string:install, pattern:\"^(.+) under (/.*)$\");\n if (!isnull(matches)) {\n ver = matches[1];\n dir = matches[2];\n debug_print(\"checking version \", ver, \" under \", dir, \".\");\n\n # If this was a quick & dirty install, try to grab a config file.\n if (dir =~ \"/source$\") {\n dir = ereg_replace(string:dir, pattern:\"/source$\", replace:\"/conf\");\n # nb: conf.inc appears first in 0.7.3; mysqlrc.inc was used\n # as far back as 0.7.0.\n foreach config (make_list(\"conf.inc\", \"mysqlrc.inc\")) {\n url = string(dir, \"/\", config);\n debug_print(\"retrieving \", url, \"...\");\n req = http_get(item:url, port:port);\n res = http_keepalive_send_recv(port:port, data:req);\n if (res == NULL) exit(0); # can't connect\n debug_print(\"res =>>\", res, \"<<.\");\n\n # Does it look like PHP code with variable definitions?\n if (egrep(string:res, pattern:\"<\\?php\") && egrep(string:res, pattern:\"\\$[A-Za-z_]+ *= *.+;\")) {\n# if (egrep(string:res, pattern:\"<\\?php\")) {\n# display(\"It's php code!\\n\");\n# if (egrep(string:res, pattern:\"\\$[A-Za-z_]+ *= *.+;\")) {\n# display(\"It's got variable assignments!\\n\");\n security_message(port:port);\n exit(0);\n#}\n }\n }\n }\n }\n}\n", "title": "IlohaMail Readable Configuration Files", "type": "openvas", "viewCount": 0}, "differentElements": ["description", "modified", "sourceData"], "edition": 1, "lastseen": "2018-04-06T11:15:52"}], "edition": 2, "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cvelist", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvss", "hash": "8cd4821cb504d25572038ed182587d85"}, {"key": "description", "hash": "aa9aaedfe26fd853c3fe37cdd4d2c179"}, {"key": "href", "hash": "f3e2dd645dfb3f06feea5ca47005237e"}, {"key": "modified", "hash": "f310bf9180512c8bb6be0b0fd0fd4f6f"}, {"key": "naslFamily", "hash": "896024d6a85517f1099fb56d90078085"}, {"key": "pluginID", "hash": "ccbd1f00f9e6a2a09079152826b53507"}, {"key": "published", "hash": "df034d9b90ece22f6e868d36506db720"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "b5d1b7a52bc153de0829465be24311ce"}, {"key": "sourceData", "hash": "b4f24d649ed697e49d7c6e9648e41a02"}, {"key": "title", "hash": "9c0cfaa8a5a24f95774c7bd2de24cc9a"}, {"key": "type", "hash": "47c1f692ea47a21f716dad07043ade01"}], "hash": "76c5c5427e19469d6b940636f4fcad68b5de6bbca4cc9727e06db6ae9efaaa64", "viewCount": 0, "enchantments": {"score": {"value": 5.0, "vector": "NONE"}, "vulnersScore": 5.0}, "objectVersion": "1.3", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ilohamail_conf_files_readable.nasl 10802 2018-08-07 08:55:29Z cfischer $\n#\n# IlohaMail Readable Configuration Files\n#\n# Authors:\n# George A. Theall, <theall@tifaware.com>.\n#\n# Copyright:\n# Copyright (C) 2005 George A. Theall\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n##############################################################################\n\nCPE = \"cpe:/a:ilohamail:ilohamail\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.16142\");\n script_version(\"$Revision: 10802 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-08-07 10:55:29 +0200 (Tue, 07 Aug 2018) $\");\n script_tag(name:\"creation_date\", value:\"2005-11-03 14:08:04 +0100 (Thu, 03 Nov 2005)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_bugtraq_id(12252);\n script_name(\"IlohaMail Readable Configuration Files\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"This script is Copyright (C) 2005 George A. Theall\");\n script_family(\"Remote file access\");\n script_dependencies(\"ilohamail_detect.nasl\");\n script_mandatory_keys(\"ilohamail/detected\");\n\n script_tag(name:\"solution\", value:\"Upgrade to IlohaMail version 0.8.14-rc2 or later or\n reinstall following the 'Proper Installation' instructions in the INSTALL document.\");\n\n script_tag(name:\"summary\", value:\"The target is running at least one instance of IlohaMail that allows\n anyone to retrieve its configuration files over the web. These files may contain sensitive information.\n For example, conf/conf.inc may hold a username / password used for SMTP authentication.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"remote_vul\");\n\n exit(0);\n}\n\ninclude(\"http_func.inc\");\ninclude(\"http_keepalive.inc\");\ninclude(\"host_details.inc\");\n\nif( ! port = get_app_port( cpe:CPE ) ) exit( 0 );\nif( ! dir = get_app_location( cpe:CPE, port:port ) ) exit( 0 );\nif( dir == \"/\" ) dir = \"\";\n\n# If this was a quick & dirty install, try to grab a config file.\nif( dir =~ \"/source$\" ) {\n\n dir = ereg_replace( string:dir, pattern:\"/source$\", replace:\"/conf\" );\n # nb: conf.inc appears first in 0.7.3; mysqlrc.inc was used as far back as 0.7.0.\n foreach config( make_list(\"conf.inc\", \"mysqlrc.inc\" ) ) {\n url = dir + \"/\" + config;\n req = http_get( item:url, port:port );\n res = http_keepalive_send_recv( port:port, data:req );\n if( isnull( res ) ) continue;\n\n # Does it look like PHP code with variable definitions?\n if( egrep( string:res, pattern:\"<\\?php\") && egrep( string:res, pattern:\"\\$[A-Za-z_]+ *= *.+;\" ) ) {\n report = report_vuln_url( port:port, url:url );\n security_message( port:port );\n exit( 0 );\n }\n }\n}\n\nexit( 99 );", "naslFamily": "Remote file access", "pluginID": "136141256231016142"}
