Lucene search
Copyright (C) 2011 Greenbone AGOPENVAS:136141256231069966HistoryAug 03, 2011 - 12:00 a.m.
Debian: Security Advisory (DSA-2259-1)
2011-08-0300:00:00
Copyright (C) 2011 Greenbone AG
plugins.openvas.org
7
The remote host is missing an update for the Debian
# SPDX-FileCopyrightText: 2011 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.69966");
script_cve_id("CVE-2011-1409");
script_tag(name:"creation_date", value:"2011-08-03 02:36:20 +0000 (Wed, 03 Aug 2011)");
script_version("2024-02-01T14:37:10+0000");
script_tag(name:"last_modification", value:"2024-02-01 14:37:10 +0000 (Thu, 01 Feb 2024)");
script_tag(name:"cvss_base", value:"5.0");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:N/I:P/A:N");
script_name("Debian: Security Advisory (DSA-2259-1)");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2011 Greenbone AG");
script_family("Debian Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/debian_linux", "ssh/login/packages", re:"ssh/login/release=DEB6");
script_xref(name:"Advisory-ID", value:"DSA-2259-1");
script_xref(name:"URL", value:"https://www.debian.org/security/2011/DSA-2259-1");
script_xref(name:"URL", value:"https://security-tracker.debian.org/tracker/DSA-2259");
script_tag(name:"summary", value:"The remote host is missing an update for the Debian 'fex' package(s) announced via the DSA-2259-1 advisory.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");
script_tag(name:"insight", value:"It was discovered that F*EX, a web service for transferring very large files, is not properly validating authentication IDs. While the service properly validates existing authentication IDs, an attacker who is not specifying any authentication ID at all can bypass the authentication procedure.
The oldstable distribution (lenny) does not include fex.
For the stable distribution (squeeze), this problem has been fixed in version 20100208+debian1-1+squeeze1.
For the testing distribution (wheezy), this problem will be fixed soon.
For the unstable distribution (sid), this problem has been fixed in version 20110610-1.
We recommend that you upgrade your fex packages.");
script_tag(name:"affected", value:"'fex' package(s) on Debian 6.");
script_tag(name:"solution", value:"Please install the updated package(s).");
script_tag(name:"solution_type", value:"VendorFix");
script_tag(name:"qod_type", value:"package");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-deb.inc");
release = dpkg_get_ssh_release();
if(!release)
exit(0);
res = "";
report = "";
if(release == "DEB6") {
if(!isnull(res = isdpkgvuln(pkg:"fex", ver:"20100208+debian1-1+squeeze1", rls:"DEB6"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"fex-utils", ver:"20100208+debian1-1+squeeze1", rls:"DEB6"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
exit(0);
Related
osv
osv
fex - authentication bypass
2011-06-12 00:00:00
nessus
nessus
Debian DSA-2259-1 : fex - authentication bypass
2011-06-13 00:00:00
ubuntucve
ubuntucve
CVE-2011-1409
2011-06-24 00:00:00
cve
cve
CVE-2011-1409
2011-06-24 20:55:00
prion
prion
Authentication flaw
2011-06-24 20:55:00
securityvulns
securityvulns
[SECURITY] [DSA 2259-1] fex security update
2011-06-15 00:00:00
debian
debian
[SECURITY] [DSA 2259-1] fex security update
2011-06-12 18:57:09
openvas
openvas
Debian Security Advisory DSA 2259-1 (fex)
2011-08-03 00:00:00
cvelist
cvelist
CVE-2011-1409
2011-06-24 20:00:00
debiancve
debiancve
CVE-2011-1409
2011-06-24 20:55:00
6.6 Medium
AI Score
Confidence
Low
0.007 Low
EPSS
Percentile
79.4%
Related for OPENVAS:136141256231069966