Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
openvasCopyright (C) 2010 Greenbone AGOPENVAS:1361412562310800730
HistoryMar 05, 2010 - 12:00 a.m.

Bournal < 1.4.1 Privilege Escalation Vulnerability

2010-03-0500:00:00
Copyright (C) 2010 Greenbone AG
plugins.openvas.org
13

6.5 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.2%

JSON

Bournal is prone to a privilege escalation vulnerability.

# SPDX-FileCopyrightText: 2010 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.800730");
  script_version("2023-07-21T05:05:22+0000");
  script_tag(name:"last_modification", value:"2023-07-21 05:05:22 +0000 (Fri, 21 Jul 2023)");
  script_tag(name:"creation_date", value:"2010-03-05 10:09:57 +0100 (Fri, 05 Mar 2010)");
  script_tag(name:"cvss_base", value:"3.3");
  script_tag(name:"cvss_base_vector", value:"AV:L/AC:M/Au:N/C:N/I:P/A:P");
  script_cve_id("CVE-2010-0118");
  script_name("Bournal < 1.4.1 Privilege Escalation Vulnerability");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2010 Greenbone AG");
  script_family("Privilege escalation");
  script_dependencies("gb_bournal_detect.nasl");
  script_mandatory_keys("Bournal/Ver");

  script_xref(name:"URL", value:"http://secunia.com/advisories/38554");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/38353");
  script_xref(name:"URL", value:"http://secunia.com/secunia_research/2010-6/");

  script_tag(name:"summary", value:"Bournal is prone to a privilege escalation vulnerability.");

  script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present on the target host.");

  script_tag(name:"insight", value:"The flaw exists while using temporary files in an insecure
  manner, which may allow attackers to overwrite arbitrary files via symlink attacks when running
  the update check via the '--hack_the_gibson' parameter.");

  script_tag(name:"impact", value:"Successful exploitation will allow attackers to perform certain
  actions with escalated privileges.");

  script_tag(name:"affected", value:"Bournal prior to version 1.4.1.");

  script_tag(name:"solution", value:"Update to version 1.4.1 or later.");

  script_tag(name:"solution_type", value:"VendorFix");
  script_tag(name:"qod_type", value:"executable_version");

  exit(0);
}

include("version_func.inc");

if(!vers = get_kb_item("Bournal/Ver"))
  exit(0);

if(version_is_less(version:vers, test_version:"1.4.1")) {
  report = report_fixed_ver(installed_version:vers, fixed_version:"1.4.1");
  security_message(port:0, data:report);
  exit(0);
}

exit(99);

Related

prion 1
openvas 5
securityvulns 1
cve 1
cvelist 1
fedora 3
nessus 3
prion
prion
Information disclosure
2010-02-25 00:30:00
openvas
openvas
Bournal Privilege Escalation Vulnerability
2010-03-05 00:00:00
Fedora Update for bournal FEDORA-2010-3301
2010-03-12 00:00:00
Fedora Update for bournal FEDORA-2010-3221
2010-03-12 00:00:00
securityvulns
securityvulns
Secunia Research: Bournal Insecure Temporary Files Security Issue
2010-02-25 00:00:00
cve
cve
CVE-2010-0118
2010-02-25 00:30:00
cvelist
cvelist
CVE-2010-0118
2010-02-25 00:00:00
fedora
fedora
[SECURITY] Fedora 12 Update: bournal-1.4.1-1.fc12
2010-03-09 03:24:19
[SECURITY] Fedora 13 Update: bournal-1.4.1-1.fc13
2010-03-09 03:32:59
[SECURITY] Fedora 11 Update: bournal-1.4.1-1.fc11
2010-03-09 03:23:37
nessus
nessus
Fedora 12 : bournal-1.4.1-1.fc12 (2010-3221)
2010-07-01 00:00:00
Fedora 13 : bournal-1.4.1-1.fc13 (2010-3168)
2010-07-01 00:00:00
Fedora 11 : bournal-1.4.1-1.fc11 (2010-3301)
2010-07-01 00:00:00

6.5 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.2%

JSON
Related for OPENVAS:1361412562310800730
prion1openvas5securityvulns1cve1cvelist1fedora3nessus3