Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
openvasCopyright (C) 2012 Greenbone AGOPENVAS:1361412562310902799
HistoryMar 01, 2012 - 12:00 a.m.

Database Open Access Information Disclosure Vulnerability

2012-03-0100:00:00
Copyright (C) 2012 Greenbone AG
plugins.openvas.org
2626

7.3 High

AI Score

Confidence

Low

JSON

Various Database server might be prone to an information
disclosure vulnerability if accessible to remote systems.

# SPDX-FileCopyrightText: 2012 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.902799");
  script_version("2024-06-20T05:05:33+0000");
  script_tag(name:"last_modification", value:"2024-06-20 05:05:33 +0000 (Thu, 20 Jun 2024)");
  script_tag(name:"creation_date", value:"2012-03-01 17:10:53 +0530 (Thu, 01 Mar 2012)");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:N/I:N/A:N");
  script_tag(name:"cvss_base", value:"0.0");
  script_name("Database Open Access Information Disclosure Vulnerability");
  script_copyright("Copyright (C) 2012 Greenbone AG");
  script_category(ACT_GATHER_INFO);
  script_family("Databases");
  script_dependencies("oracle_tnslsnr_version.nasl", "gb_ibm_db2_das_detect.nasl", "postgresql_detect.nasl",
                      "gb_microsoft_sql_server_tcp_ip_listener_detect.nasl", "gb_ibm_soliddb_detect.nasl", "mysql_version.nasl",
                      "secpod_open_tcp_ports.nasl", "gb_open_udp_ports.nasl");
  script_mandatory_keys("OpenDatabase/found");

  script_xref(name:"URL", value:"https://www.pcisecuritystandards.org/security_standards/index.php?id=pci_dss_v1-2.pdf");

  script_tag(name:"summary", value:"Various Database server might be prone to an information
  disclosure vulnerability if accessible to remote systems.");

  script_tag(name:"vuldetect", value:"Checks the result of various database server detections and
  evaluates their results.");

  script_tag(name:"insight", value:"The remote database server is not restricting direct access from
  remote systems.");

  script_tag(name:"impact", value:"Successful exploitation could allow an attacker to obtain
  sensitive information from the database.");

  script_tag(name:"affected", value:"- Oracle MySQL

  - MariaDB

  - IBM DB2

  - PostgreSQL

  - IBM solidDB

  - Oracle Database

  - Microsoft SQL Server");

  script_tag(name:"solution", value:"Restrict database access to remote systems. Please see the
  manual of the affected database server for more information.");

  script_tag(name:"solution_type", value:"Workaround");
  script_tag(name:"qod_type", value:"remote_banner");

  exit(0);
}

include("port_service_func.inc");
include("list_array_func.inc");

function is_oracle_db( port ) {

  local_var port, ver;

  ver = get_kb_item( "oracle_tnslsnr/" + port + "/version" );
  if( ver )
    return TRUE;
  else
    return FALSE;
}

function is_ibm_db2( port ) {

  local_var port, ibmVer;

  ibmVer = get_kb_item( "ibm/db2/das/" + port + "/version" );
  if( ibmVer )
    return TRUE;
  else
    return FALSE;
}

function is_postgre_sql( port ) {

  local_var port, psqlver;

  psqlver = get_kb_item( "PostgreSQL/Remote/" + port + "/Ver" );
  if( psqlver )
    return TRUE;
  else
    return FALSE;
}

function is_solid_db( port ) {

  local_var port, solidVer;

  solidVer = get_kb_item( "soliddb/" + port + "/version" );
  if( solidVer )
    return TRUE;
  else
    return FALSE;
}

function is_mssql( port ) {

  local_var port, mssql_rls;

  mssql_rls = get_kb_item( "microsoft/sqlserver/" + port + "/releasename" );
  if( mssql_rls )
    return TRUE;
  else
    return FALSE;
}

function is_mysql( port ) {

  local_var port, myVer;

  myVer = get_kb_item( "oracle/mysql/" + port + "/open_accessible" );
  if( myVer )
    return TRUE;
  else
    return FALSE;
}

function is_mariadb( port ) {

  local_var port, mariaVer;

  mariaVer = get_kb_item( "mariadb/" + port + "/open_accessible" );
  if( mariaVer )
    return TRUE;
  else
    return FALSE;
}

# nb: This function is already checking for get_port_state()
# and is returning an empty list if no port was found
ports = tcp_get_all_ports();
# Adding the default ports if unscanned_closed = no
ports = make_list_unique( ports, 5432, 1433, 1315, 3306, 1521 );

foreach port( ports ) {

  oracle_db = is_oracle_db( port:port );
  if( oracle_db ) {
    log_message( data:"Oracle database can be accessed by remote attackers", port:port );
    continue;
  }

  mysql = is_mysql( port:port );
  if( mysql ) {
    log_message( data:"Oracle MySQL can be accessed by remote attackers", port:port );
    continue;
  }

  mariadb = is_mariadb( port:port );
  if( mariadb ) {
    log_message( data:"MariaDB can be accessed by remote attackers", port:port );
    continue;
  }

  postgre_sql = is_postgre_sql( port:port );
  if( postgre_sql ) {
    log_message( data:"PostgreSQL database can be accessed by remote attackers", port:port );
    continue;
  }

  solid_db = is_solid_db( port:port );
  if( solid_db ) {
    log_message( data:"SolidDB can be accessed by remote attackers", port:port);
    continue;
  }

  mssql = is_mssql();
  if( mssql ) {
    log_message( data:"Microsoft SQL Server can be accessed by remote attackers", port:port );
    continue;
  }
}

# nb: This function is already checking for get_udp_port_state()
# and is returning an empty list if no port was found
udp_ports = udp_get_all_ports();
# Adding the default port if unscanned_closed_udp = no
udp_ports = make_list_unique( udp_ports, 523 );

foreach udp_port( udp_ports ) {
  ibm_db2 = is_ibm_db2( port:udp_port );
  if( ibm_db2 ) {
    log_message( data:"IBM DB2 can be accessed by remote attackers", port:udp_port, proto:"udp" );
    continue;
  }
}

exit( 0 );

7.3 High

AI Score

Confidence

Low

JSON