Search...

Debian Security Advisory DSA 1267-1 (webcalendar)

2008-01-17T00:00:00

ID OPENVAS:58319
Type openvas
Reporter Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com
Modified 2017-07-07T00:00:00

Description

The remote host is missing an update to webcalendar announced via advisory DSA 1267-1.

It was discovered that WebCalendar, a PHP-based calendar application, insufficiently protects an internal variable, which allows remote file inclusion.

                                        
                                            # OpenVAS Vulnerability Test
# $Id: deb_1267_1.nasl 6616 2017-07-07 12:10:49Z cfischer $
# Description: Auto-generated from advisory DSA 1267-1
#
# Authors:
# Thomas Reinke &lt;reinke@securityspace.com&gt;
#
# Copyright:
# Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com
# Text descriptions are largerly excerpted from the referenced
# advisory, and are Copyright (c) the respective author(s)
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2,
# as published by the Free Software Foundation
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
#

include("revisions-lib.inc");
tag_solution = "For the stable distribution (sarge) this problem has been fixed in
version 0.9.45-4sarge6.

The upcoming stable distribution (etch) no longer contains webcalendar
packages.

For the unstable distribution (sid) this problem will be fixed soon.

We recommend that you upgrade your webcalendar package.

 https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201267-1";
tag_summary = "The remote host is missing an update to webcalendar
announced via advisory DSA 1267-1.

It was discovered that WebCalendar, a PHP-based calendar application,
insufficiently protects an internal variable, which allows remote file
inclusion.";


if(description)
{
 script_id(58319);
 script_version("$Revision: 6616 $");
 script_tag(name:"last_modification", value:"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $");
 script_tag(name:"creation_date", value:"2008-01-17 23:17:11 +0100 (Thu, 17 Jan 2008)");
 script_cve_id("CVE-2007-1343");
 script_tag(name:"cvss_base", value:"7.5");
 script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:P/A:P");
 script_name("Debian Security Advisory DSA 1267-1 (webcalendar)");



 script_category(ACT_GATHER_INFO);

 script_copyright("Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com");
 script_family("Debian Local Security Checks");
 script_dependencies("gather-package-list.nasl");
 script_mandatory_keys("ssh/login/debian_linux", "ssh/login/packages");
 script_tag(name : "solution" , value : tag_solution);
 script_tag(name : "summary" , value : tag_summary);
 script_tag(name:"qod_type", value:"package");
 script_tag(name:"solution_type", value:"VendorFix");
 exit(0);
}

#
# The script code starts here
#

include("pkg-lib-deb.inc");

res = "";
report = "";
if ((res = isdpkgvuln(pkg:"webcalendar", ver:"0.9.45-4sarge6", rls:"DEB3.1")) != NULL) {
    report += res;
}

if (report != "") {
    security_message(data:report);
} else if (__pkg_match) {
    exit(99); # Not vulnerable.
}

JSON Vulners Source

Initial Source

{"id": "OPENVAS:58319", "type": "openvas", "bulletinFamily": "scanner", "title": "Debian Security Advisory DSA 1267-1 (webcalendar)", "description": "The remote host is missing an update to webcalendar\nannounced via advisory DSA 1267-1.\n\nIt was discovered that WebCalendar, a PHP-based calendar application,\ninsufficiently protects an internal variable, which allows remote file\ninclusion.", "published": "2008-01-17T00:00:00", "modified": "2017-07-07T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=58319", "reporter": "Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com", "references": [], "cvelist": ["CVE-2007-1343"], "lastseen": "2017-07-24T12:49:46", "viewCount": 0, "enchantments": {"score": {"value": 5.6, "vector": "NONE", "modified": "2017-07-24T12:49:46", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2007-1343"]}, {"type": "nessus", "idList": ["WEBCALENDAR_NOSET_OVERWRITE.NASL", "DEBIAN_DSA-1267.NASL", "FREEBSD_PKG_72999D57D6F611DB961B005056847B26.NASL"]}, {"type": "debian", "idList": ["DEBIAN:DSA-1267-1:FBDAA"]}, {"type": "openvas", "idList": ["OPENVAS:58866"]}, {"type": "freebsd", "idList": ["72999D57-D6F6-11DB-961B-005056847B26"]}, {"type": "osvdb", "idList": ["OSVDB:33867"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:7370"]}], "modified": "2017-07-24T12:49:46", "rev": 2}, "vulnersScore": 5.6}, "pluginID": "58319", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1267_1.nasl 6616 2017-07-07 12:10:49Z cfischer $\n# Description: Auto-generated from advisory DSA 1267-1\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largerly excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_solution = \"For the stable distribution (sarge) this problem has been fixed in\nversion 0.9.45-4sarge6.\n\nThe upcoming stable distribution (etch) no longer contains webcalendar\npackages.\n\nFor the unstable distribution (sid) this problem will be fixed soon.\n\nWe recommend that you upgrade your webcalendar package.\n\n https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201267-1\";\ntag_summary = \"The remote host is missing an update to webcalendar\nannounced via advisory DSA 1267-1.\n\nIt was discovered that WebCalendar, a PHP-based calendar application,\ninsufficiently protects an internal variable, which allows remote file\ninclusion.\";\n\n\nif(description)\n{\n script_id(58319);\n script_version(\"$Revision: 6616 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-01-17 23:17:11 +0100 (Thu, 17 Jan 2008)\");\n script_cve_id(\"CVE-2007-1343\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Debian Security Advisory DSA 1267-1 (webcalendar)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"webcalendar\", ver:\"0.9.45-4sarge6\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "naslFamily": "Debian Local Security Checks"}

{"cve": [{"lastseen": "2020-10-03T11:45:50", "description": "includes/functions.php in Craig Knudsen WebCalendar before 1.0.5 does not protect the noSet variable from external modification, which allows remote attackers to set arbitrary global variables via a URL with modified values in the noSet parameter, which leads to resultant vulnerabilities that probably include remote file inclusion and other issues.", "edition": 3, "cvss3": {}, "published": "2007-03-08T22:19:00", "title": "CVE-2007-1343", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": true, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-1343"], "modified": "2017-07-29T01:30:00", "cpe": ["cpe:/a:webcalendar:webcalendar:1.0.1", "cpe:/a:webcalendar:webcalendar:1.0.4", "cpe:/a:webcalendar:webcalendar:1.0.0", "cpe:/a:webcalendar:webcalendar:1.0.2", "cpe:/a:webcalendar:webcalendar:1.0.3"], "id": "CVE-2007-1343", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-1343", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:webcalendar:webcalendar:1.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:webcalendar:webcalendar:1.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:webcalendar:webcalendar:1.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:webcalendar:webcalendar:1.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:webcalendar:webcalendar:1.0.1:*:*:*:*:*:*:*"]}], "osvdb": [{"lastseen": "2017-04-28T13:20:30", "bulletinFamily": "software", "cvelist": ["CVE-2007-1343"], "description": "## Solution Description\nUpgrade to version 1.0.5 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## References:\nVendor Specific News/Changelog Entry: http://sourceforge.net/project/shownotes.php?group_id=3870&release_id=491130\nVendor Specific News/Changelog Entry: http://webcalendar.cvs.sourceforge.net/webcalendar/webcalendar/includes/functions.php?r1=1.211.2.7&r2=1.211.2.8\nVendor Specific News/Changelog Entry: http://webcalendar.cvs.sourceforge.net/webcalendar/webcalendar/includes/functions.php?view=log\nVendor Specific News/Changelog Entry: http://sourceforge.net/project/shownotes.php?release_id=491130\n[Secunia Advisory ID:24403](https://secuniaresearch.flexerasoftware.com/advisories/24403/)\n[Secunia Advisory ID:24519](https://secuniaresearch.flexerasoftware.com/advisories/24519/)\nOther Advisory URL: http://lists.debian.org/debian-security-announce/debian-security-announce-2007/msg00022.html\nISS X-Force ID: 32832\nFrSIRT Advisory: ADV-2007-0851\n[CVE-2007-1343](https://vulners.com/cve/CVE-2007-1343)\nBugtraq ID: 22834\n", "edition": 1, "modified": "2007-03-04T07:48:54", "published": "2007-03-04T07:48:54", "href": "https://vulners.com/osvdb/OSVDB:33867", "id": "OSVDB:33867", "title": "WebCalendar includes/functions.php noSet Variable Overwrite", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "openvas": [{"lastseen": "2017-07-02T21:10:14", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-1343"], "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "modified": "2016-10-04T00:00:00", "published": "2008-09-04T00:00:00", "id": "OPENVAS:58866", "href": "http://plugins.openvas.org/nasl.php?oid=58866", "type": "openvas", "title": "FreeBSD Ports: WebCalendar", "sourceData": "#\n#VID 72999d57-d6f6-11db-961b-005056847b26\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from vuxml or freebsd advisories\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following package is affected: WebCalendar\n\n=====\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttp://sourceforge.net/project/shownotes.php?release_id=491130\nhttp://xforce.iss.net/xforce/xfdb/32832\nhttp://www.vuxml.org/freebsd/72999d57-d6f6-11db-961b-005056847b26.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\nif(description)\n{\n script_id(58866);\n script_version(\"$Revision: 4203 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2016-10-04 07:30:30 +0200 (Tue, 04 Oct 2016) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-04 20:41:11 +0200 (Thu, 04 Sep 2008)\");\n script_cve_id(\"CVE-2007-1343\");\n script_bugtraq_id(22834);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"FreeBSD Ports: WebCalendar\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"WebCalendar\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.0.5\")<0) {\n txt += 'Package WebCalendar version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "debian": [{"lastseen": "2019-05-30T02:21:26", "bulletinFamily": "unix", "cvelist": ["CVE-2007-1343"], "description": "- --------------------------------------------------------------------------\nDebian Security Advisory DSA 1267-1 security@debian.org\nhttp://www.debian.org/security/ Moritz Muehlenhoff\nMarch 15th, 2006 http://www.debian.org/security/faq\n- --------------------------------------------------------------------------\n\nPackage : webcalendar\nVulnerability : missing input sanitising\nProblem-Type : remote\nDebian-specific: no\nCVE ID : CVE-2007-1343\n\nIt was discovered that WebCalendar, a PHP-based calendar application,\ninsufficiently protects an internal variable, which allows remote file\ninclusion.\n\nFor the stable distribution (sarge) this problem has been fixed in\nversion 0.9.45-4sarge6.\n\nThe upcoming stable distribution (etch) no longer contains webcalendar\npackages.\n\nFor the unstable distribution (sid) this problem will be fixed soon.\n\nWe recommend that you upgrade your webcalendar package.\n\n\nUpgrade Instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 3.1 alias sarge\n- --------------------------------\n\n Source archives:\n\n http://security.debian.org/pool/updates/main/w/webcalendar/webcalendar_0.9.45-4sarge6.dsc\n Size/MD5 checksum: 608 98123f7302a7b8f90beb5100f6922ad5\n http://security.debian.org/pool/updates/main/w/webcalendar/webcalendar_0.9.45-4sarge6.diff.gz\n Size/MD5 checksum: 12730 17a8a7a4aebf500e71e00314786c4b1c\n http://security.debian.org/pool/updates/main/w/webcalendar/webcalendar_0.9.45.orig.tar.gz\n Size/MD5 checksum: 612360 a6a66dc54cd293429b604fe6da7633a6\n\n Architecture independent components:\n\n http://security.debian.org/pool/updates/main/w/webcalendar/webcalendar_0.9.45-4sarge6_all.deb\n Size/MD5 checksum: 628890 1ac0d19d172483c9045997532d2b5e68\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\n", "edition": 2, "modified": "2007-03-15T00:00:00", "published": "2007-03-15T00:00:00", "id": "DEBIAN:DSA-1267-1:FBDAA", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2007/msg00022.html", "title": "[SECURITY] [DSA 1267-1] New webcalendar packages fix remote file inclusion", "type": "debian", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "freebsd": [{"lastseen": "2019-05-29T18:34:36", "bulletinFamily": "unix", "cvelist": ["CVE-2007-1343"], "description": "\nSecunia reports:\n\nA vulnerability has been discovered in WebCalendar,\n\t which can be exploited by malicious people to compromise\n\t a vulnerable system.\nInput passed to unspecified parameters is not properly\n\t verified before being used with the \"noSet\" parameter set.\n\t This can be exploited to overwrite certain variables, and\n\t allows e.g. the inclusion of arbitrary PHP files from internal\n\t or external resources.\n\n", "edition": 4, "modified": "2007-03-04T00:00:00", "published": "2007-03-04T00:00:00", "id": "72999D57-D6F6-11DB-961B-005056847B26", "href": "https://vuxml.freebsd.org/freebsd/72999d57-d6f6-11db-961b-005056847b26.html", "title": "WebCalendar -- \"noSet\" variable overwrite vulnerability", "type": "freebsd", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2021-01-06T09:44:45", "description": "It was discovered that WebCalendar, a PHP-based calendar application,\ninsufficiently protects an internal variable, which allows remote file\ninclusion.", "edition": 24, "published": "2007-03-18T00:00:00", "title": "Debian DSA-1267-1 : webcalendar - missing input sanitising", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-1343"], "modified": "2007-03-18T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:3.1", "p-cpe:/a:debian:debian_linux:webcalendar"], "id": "DEBIAN_DSA-1267.NASL", "href": "https://www.tenable.com/plugins/nessus/24834", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-1267. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(24834);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2007-1343\");\n script_xref(name:\"DSA\", value:\"1267\");\n\n script_name(english:\"Debian DSA-1267-1 : webcalendar - missing input sanitising\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that WebCalendar, a PHP-based calendar application,\ninsufficiently protects an internal variable, which allows remote file\ninclusion.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.debian.org/security/2007/dsa-1267\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the webcalendar package.\n\nFor the stable distribution (sarge) this problem has been fixed in\nversion 0.9.45-4sarge6.\n\nThe upcoming stable distribution (etch) no longer contains webcalendar\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:webcalendar\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:3.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/03/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/03/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"3.1\", prefix:\"webcalendar\", reference:\"0.9.45-4sarge6\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-07T10:45:37", "description": "Secunia reports :\n\nA vulnerability has been discovered in WebCalendar, which can be\nexploited by malicious people to compromise a vulnerable system.\n\nInput passed to unspecified parameters is not properly verified before\nbeing used with the 'noSet' parameter set. This can be exploited to\noverwrite certain variables, and allows e.g. the inclusion of\narbitrary PHP files from internal or external resources.", "edition": 27, "published": "2007-04-10T00:00:00", "title": "FreeBSD : WebCalendar -- 'noSet' variable overwrite vulnerability (72999d57-d6f6-11db-961b-005056847b26)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-1343"], "modified": "2007-04-10T00:00:00", "cpe": ["cpe:/o:freebsd:freebsd", "p-cpe:/a:freebsd:freebsd:WebCalendar"], "id": "FREEBSD_PKG_72999D57D6F611DB961B005056847B26.NASL", "href": "https://www.tenable.com/plugins/nessus/25016", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(25016);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2007-1343\");\n script_bugtraq_id(22834);\n\n script_name(english:\"FreeBSD : WebCalendar -- 'noSet' variable overwrite vulnerability (72999d57-d6f6-11db-961b-005056847b26)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Secunia reports :\n\nA vulnerability has been discovered in WebCalendar, which can be\nexploited by malicious people to compromise a vulnerable system.\n\nInput passed to unspecified parameters is not properly verified before\nbeing used with the 'noSet' parameter set. This can be exploited to\noverwrite certain variables, and allows e.g. the inclusion of\narbitrary PHP files from internal or external resources.\"\n );\n # http://sourceforge.net/project/shownotes.php?release_id=491130\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?95774e6e\"\n );\n # http://xforce.iss.net/xforce/xfdb/32832\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ea5cabbe\"\n );\n # https://vuxml.freebsd.org/freebsd/72999d57-d6f6-11db-961b-005056847b26.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2d60125c\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:WebCalendar\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/03/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/04/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/04/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"WebCalendar<1.0.5\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-20T15:48:28", "description": "The version of WebCalendar installed on the remote host allows an\nattacker to overwrite the 'noSet' array used by the application to\nprotect selected global variables. By leveraging this issue, an\nunauthenticated, remote attacker can gain control of protected global\nvariables, which could lead to other attacks, such as remote file\nincludes. \n\nNote that successful exploitation of this issue does not require any\nspecial PHP settings.", "edition": 24, "published": "2007-03-07T00:00:00", "title": "WebCalendar includes/functions.php noSet Variable Overwrite", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-1343"], "modified": "2007-03-07T00:00:00", "cpe": [], "id": "WEBCALENDAR_NOSET_OVERWRITE.NASL", "href": "https://www.tenable.com/plugins/nessus/24780", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(24780);\n script_version(\"1.16\");\n\n script_cve_id(\"CVE-2007-1343\");\n script_bugtraq_id(22834);\n\n script_name(english:\"WebCalendar includes/functions.php noSet Variable Overwrite\");\n script_summary(english:\"Tries to overwrite variable in noSet array\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server contains a PHP script that is affected by a\nvariable overwriting vulnerability.\" );\n script_set_attribute(attribute:\"description\", value:\n\"The version of WebCalendar installed on the remote host allows an\nattacker to overwrite the 'noSet' array used by the application to\nprotect selected global variables. By leveraging this issue, an\nunauthenticated, remote attacker can gain control of protected global\nvariables, which could lead to other attacks, such as remote file\nincludes. \n\nNote that successful exploitation of this issue does not require any\nspecial PHP settings.\" );\n script_set_attribute(attribute:\"see_also\", value:\"http://sourceforge.net/project/shownotes.php?release_id=491130\" );\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to WebCalendar 1.0.5 or later.\" );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No exploit is required\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2007/03/07\");\n script_set_attribute(attribute:\"vuln_publication_date\", value: \"2007/03/04\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\nscript_set_attribute(attribute:\"plugin_type\", value:\"remote\");\nscript_end_attributes();\n\n\n script_category(ACT_ATTACK);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.\");\n\n script_dependencies(\"webcalendar_detect.nasl\");\n script_exclude_keys(\"Settings/disable_cgi_scanning\");\n script_require_ports(\"Services/www\", 80);\n script_require_keys(\"www/webcalendar\");\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\n\nport = get_http_port(default:80);\nif (!can_host_php(port:port)) exit(0);\n\n\n# Test an install.\ninstall = get_kb_item(string(\"www/\", port, \"/webcalendar\"));\nif (isnull(install)) exit(0);\nmatches = eregmatch(string:install, pattern:\"^(.+) under (/.*)$\");\nif (!isnull(matches))\n{\n dir = matches[2];\n\n # Try to generate an error by overwriting 'db_type'.\n w = http_send_recv3(method:\"GET\",\n item:string(\n dir, \"/week.php?\",\n \"noSet[]=1&\",\n \"db_type=\", SCRIPT_NAME\n ), \n port:port\n );\n if (isnull(w)) exit(0);\n res = w[2];\n\n # There's a problem if we could.\n if (string(\"dbi_connect(): invalid db_type '\", SCRIPT_NAME, \"'\") >< res)\n {\n security_hole(port);\n exit(0);\n }\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:24", "bulletinFamily": "software", "cvelist": ["CVE-2007-1392", "CVE-2007-1361", "CVE-2007-1300", "CVE-2007-1410", "CVE-2007-1417", "CVE-2007-1432", "CVE-2007-1343", "CVE-2007-1292", "CVE-2007-1372", "CVE-2007-1449", "CVE-2007-1374", "CVE-2007-1450", "CVE-2007-1409", "CVE-2007-1341", "CVE-2007-1433", "CVE-2007-1424", "CVE-2007-1368", "CVE-2007-1360", "CVE-2007-1436", "CVE-2007-1437", "CVE-2007-1415", "CVE-2007-1421", "CVE-2007-1434", "CVE-2007-1344"], "description": "PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.", "edition": 1, "modified": "2007-03-10T00:00:00", "published": "2007-03-10T00:00:00", "id": "SECURITYVULNS:VULN:7370", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:7370", "title": "Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}

Debian Security Advisory DSA 1267-1 (webcalendar)

Description

The remote host is missing an update to webcalendar announced via advisory DSA 1267-1. It was discovered that WebCalendar, a PHP-based calendar application, insufficiently protects an internal variable, which allows remote file inclusion.

The remote host is missing an update to webcalendar announced via advisory DSA 1267-1.

It was discovered that WebCalendar, a PHP-based calendar application, insufficiently protects an internal variable, which allows remote file inclusion.