ID OPENVAS:57971 Type openvas Reporter Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com Modified 2017-07-07T00:00:00
Description
The remote host is missing updates announced in
advisory GLSA 200701-11.
# OpenVAS Vulnerability Test
# $
# Description: Auto generated from Gentoo's XML based advisory
#
# Authors:
# Thomas Reinke <reinke@securityspace.com>
#
# Copyright:
# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com
# Text descriptions are largely excerpted from the referenced
# advisories, and are Copyright (c) the respective author(s)
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2,
# as published by the Free Software Foundation
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
#
include("revisions-lib.inc");
tag_insight = "Kronolith contains a flaw that could allow the execution of arbitrary
files.";
tag_solution = "All horde-kronolith users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose '>=www-apps/horde-kronolith-2.1.4'
http://www.securityspace.com/smysecure/catid.html?in=GLSA%20200701-11
http://bugs.gentoo.org/show_bug.cgi?id=156627";
tag_summary = "The remote host is missing updates announced in
advisory GLSA 200701-11.";
if(description)
{
script_id(57971);
script_version("$Revision: 6596 $");
script_tag(name:"last_modification", value:"$Date: 2017-07-07 11:21:37 +0200 (Fri, 07 Jul 2017) $");
script_tag(name:"creation_date", value:"2008-09-24 21:14:03 +0200 (Wed, 24 Sep 2008)");
script_cve_id("CVE-2006-6175");
script_tag(name:"cvss_base", value:"7.5");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_name("Gentoo Security Advisory GLSA 200701-11 (horde-kronolith)");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com");
script_family("Gentoo Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/gentoo", "ssh/login/pkg");
script_tag(name : "insight" , value : tag_insight);
script_tag(name : "solution" , value : tag_solution);
script_tag(name : "summary" , value : tag_summary);
script_tag(name:"qod_type", value:"package");
script_tag(name:"solution_type", value:"VendorFix");
exit(0);
}
#
# The script code starts here
#
include("pkg-lib-gentoo.inc");
res = "";
report = "";
if ((res = ispkgvuln(pkg:"www-apps/horde-kronolith", unaffected: make_list("ge 2.1.4"), vulnerable: make_list("lt 2.1.4"))) != NULL) {
report += res;
}
if (report != "") {
security_message(data:report);
} else if (__pkg_match) {
exit(99); # Not vulnerable.
}
{"id": "OPENVAS:57971", "type": "openvas", "bulletinFamily": "scanner", "title": "Gentoo Security Advisory GLSA 200701-11 (horde-kronolith)", "description": "The remote host is missing updates announced in\nadvisory GLSA 200701-11.", "published": "2008-09-24T00:00:00", "modified": "2017-07-07T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=57971", "reporter": "Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com", "references": [], "cvelist": ["CVE-2006-6175"], "lastseen": "2017-07-24T12:50:04", "viewCount": 0, "enchantments": {"score": {"value": 7.1, "vector": "NONE", "modified": "2017-07-24T12:50:04", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2006-6175"]}, {"type": "gentoo", "idList": ["GLSA-200701-11"]}, {"type": "nessus", "idList": ["GENTOO_GLSA-200701-11.NASL"]}, {"type": "osvdb", "idList": ["OSVDB:31583"]}], "modified": "2017-07-24T12:50:04", "rev": 2}, "vulnersScore": 7.1}, "pluginID": "57971", "sourceData": "# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Kronolith contains a flaw that could allow the execution of arbitrary\nfiles.\";\ntag_solution = \"All horde-kronolith users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=www-apps/horde-kronolith-2.1.4'\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20200701-11\nhttp://bugs.gentoo.org/show_bug.cgi?id=156627\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 200701-11.\";\n\n \n\nif(description)\n{\n script_id(57971);\n script_version(\"$Revision: 6596 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:21:37 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-24 21:14:03 +0200 (Wed, 24 Sep 2008)\");\n script_cve_id(\"CVE-2006-6175\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Gentoo Security Advisory GLSA 200701-11 (horde-kronolith)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"www-apps/horde-kronolith\", unaffected: make_list(\"ge 2.1.4\"), vulnerable: make_list(\"lt 2.1.4\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "naslFamily": "Gentoo Local Security Checks"}
{"cve": [{"lastseen": "2021-02-02T05:27:25", "description": "Directory traversal vulnerability in lib/FBView.php in Horde Kronolith H3 before 2.0.7 and 2.1.x before 2.1.4 allows remote attackers to include arbitrary files and execute PHP code via a .. (dot dot) sequence in the view parameter.", "edition": 4, "cvss3": {}, "published": "2006-11-30T16:28:00", "title": "CVE-2006-6175", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": true, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2006-6175"], "modified": "2016-10-18T03:42:00", "cpe": ["cpe:/a:horde:kronolith:2.0.3", "cpe:/a:horde:kronolith:2.0.1", "cpe:/a:horde:kronolith:2.0.4", "cpe:/a:horde:kronolith:2.1", "cpe:/a:horde:kronolith:2.1.3", "cpe:/a:horde:kronolith:2.1.1", "cpe:/a:horde:kronolith:2.0.6", "cpe:/a:horde:kronolith:2.1.2", "cpe:/a:horde:kronolith:2.0.5", "cpe:/a:horde:kronolith:2.0.2"], "id": "CVE-2006-6175", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-6175", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:horde:kronolith:2.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:horde:kronolith:2.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:horde:kronolith:2.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:horde:kronolith:2.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:horde:kronolith:2.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:horde:kronolith:2.1:*:*:*:*:*:*:*", "cpe:2.3:a:horde:kronolith:2.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:horde:kronolith:2.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:horde:kronolith:2.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:horde:kronolith:2.0.2:*:*:*:*:*:*:*"]}], "gentoo": [{"lastseen": "2016-09-06T19:46:25", "bulletinFamily": "unix", "cvelist": ["CVE-2006-6175"], "edition": 1, "description": "### Background\n\nKronolith is a web-based calendar which relies on the Horde Framework for integration with other applications. \n\n### Description\n\nKronolith contains a mistake in lib/FBView.php where a raw, unfiltered string is used instead of a sanitized string to view local files. \n\n### Impact\n\nAn authenticated attacker could craft an HTTP GET request that uses directory traversal techniques to execute any file on the web server as PHP code, which could allow information disclosure or arbitrary code execution with the rights of the user running the PHP application (usually the webserver user). \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll horde-kronolith users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-apps/horde-kronolith-2.1.4\"", "modified": "2007-01-16T00:00:00", "published": "2007-01-16T00:00:00", "id": "GLSA-200701-11", "href": "https://security.gentoo.org/glsa/200701-11", "type": "gentoo", "title": "Kronolith: Local file inclusion", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "osvdb": [{"lastseen": "2017-04-28T13:20:27", "bulletinFamily": "software", "cvelist": ["CVE-2006-6175"], "description": "# No description provided by the source\n\n## References:\nSecurity Tracker: 1017316\n[Secunia Advisory ID:23780](https://secuniaresearch.flexerasoftware.com/advisories/23780/)\n[Secunia Advisory ID:23145](https://secuniaresearch.flexerasoftware.com/advisories/23145/)\nOther Advisory URL: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=445\nOther Advisory URL: http://www.gentoo.org/security/en/glsa/glsa-200701-11.xml\nMail List Post: http://marc.theaimsgroup.com/?l=horde-announce&m=116483107007152&w=2\nMail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2006-11/0516.html\nMail List Post: http://marc.theaimsgroup.com/?l=horde-announce&m=116483121211579&w=2\nFrSIRT Advisory: ADV-2006-4775\n[CVE-2006-6175](https://vulners.com/cve/CVE-2006-6175)\nBugtraq ID: 21341\n", "edition": 1, "modified": "2006-11-29T00:00:00", "published": "2006-11-29T00:00:00", "href": "https://vulners.com/osvdb/OSVDB:31583", "id": "OSVDB:31583", "title": "Kronolith FBView.php view Traversal Source Inclusion", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "nessus": [{"lastseen": "2021-01-07T10:52:10", "description": "The remote host is affected by the vulnerability described in GLSA-200701-11\n(Kronolith: Local file inclusion)\n\n Kronolith contains a mistake in lib/FBView.php where a raw, unfiltered\n string is used instead of a sanitized string to view local files.\n \nImpact :\n\n An authenticated attacker could craft an HTTP GET request that uses\n directory traversal techniques to execute any file on the web server as\n PHP code, which could allow information disclosure or arbitrary code\n execution with the rights of the user running the PHP application\n (usually the webserver user).\n \nWorkaround :\n\n There is no known workaround at this time.", "edition": 24, "published": "2007-01-17T00:00:00", "title": "GLSA-200701-11 : Kronolith: Local file inclusion", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-6175"], "modified": "2007-01-17T00:00:00", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:horde-kronolith"], "id": "GENTOO_GLSA-200701-11.NASL", "href": "https://www.tenable.com/plugins/nessus/24209", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200701-11.\n#\n# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(24209);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2006-6175\");\n script_xref(name:\"GLSA\", value:\"200701-11\");\n\n script_name(english:\"GLSA-200701-11 : Kronolith: Local file inclusion\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200701-11\n(Kronolith: Local file inclusion)\n\n Kronolith contains a mistake in lib/FBView.php where a raw, unfiltered\n string is used instead of a sanitized string to view local files.\n \nImpact :\n\n An authenticated attacker could craft an HTTP GET request that uses\n directory traversal techniques to execute any file on the web server as\n PHP code, which could allow information disclosure or arbitrary code\n execution with the rights of the user running the PHP application\n (usually the webserver user).\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200701-11\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All horde-kronolith users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=www-apps/horde-kronolith-2.1.4'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:horde-kronolith\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/01/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/01/17\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/11/29\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"www-apps/horde-kronolith\", unaffected:make_list(\"ge 2.1.4\"), vulnerable:make_list(\"lt 2.1.4\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Kronolith\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}]}
