{"id": "SECURITYVULNS:VULN:1300", "bulletinFamily": "software", "title": "\u041f\u0435\u0440\u0435\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435 \u0431\u0443\u0444\u0435\u0440\u0430 \u0432 cesarFTP, Cerberus FTPd (buffer overflow)", "description": "\u041f\u0435\u0440\u0435\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435 \u0431\u0443\u0444\u0435\u0440\u0430 \u0432\u043e \u043c\u043d\u043e\u0433\u0438\u0445 \u043a\u043e\u043c\u0430\u043d\u0434\u0430\u0445.", "published": "2001-07-02T00:00:00", "modified": "2001-07-02T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:1300", "reporter": "COBALT", "references": ["https://vulners.com/securityvulns/securityvulns:doc:1787"], "cvelist": [], "type": "securityvulns", "lastseen": "2018-08-31T11:09:16", "edition": 1, "viewCount": 4, "enchantments": {"score": {"value": 3.9, "vector": "NONE", "modified": "2018-08-31T11:09:16", "rev": 2}, "dependencies": {"references": [{"type": "pentestpartners", "idList": ["PENTESTPARTNERS:4A2BF23A4BBCC93D88E3AA6C5E124734"]}, {"type": "nessus", "idList": ["SUSE_SU-2020-1300-1.NASL"]}, {"type": "mskb", "idList": ["KB3127968", "KB3203386", "KB3178710", "KB4484117", "KB3115427", "KB3115016", "KB3213555", "KB3191885", "KB3114486", "KB3118268"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:1787"]}], "modified": "2018-08-31T11:09:16", "rev": 2}, "vulnersScore": 3.9}, "affectedSoftware": [{"name": "CesarFTP", "operator": "eq", "version": "0.98"}]}

{"rst": [{"lastseen": "2021-01-17T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **p8-sz[.]inc.antpool.com** in [RST Threat Feed](https://rstcloud.net/profeed) with score **10**.\n First seen: 2020-09-03T03:00:00, Last seen: 2021-01-17T03:00:00.\n IOC tags: **cryptomining**.\nIOC could be a **False Positive** (Domain not resolved. Whois records not found).\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2020-09-03T00:00:00", "id": "RST:AAD3B414-1300-3CD8-B944-CA4C9FA09062", "href": "", "published": "2021-02-24T00:00:00", "title": "RST Threat feed. IOC: p8-sz.inc.antpool.com", "type": "rst", "cvss": {}}, {"lastseen": "2021-02-23T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **117[.]211.40.134:52356** in [RST Threat Feed](https://rstcloud.net/profeed) with score **10**.\n First seen: 2021-02-16T03:00:00, Last seen: 2021-02-23T03:00:00.\n IOC tags: **malware**.\nIOC could be a **False Positive** (Domain not resolved. Whois records not found).\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2021-02-16T00:00:00", "id": "RST:494FC2C4-1300-3180-ADB8-F8D32FA3876A", "href": "", "published": "2021-02-24T00:00:00", "title": "RST Threat feed. IOC: 117.211.40.134:52356", "type": "rst", "cvss": {}}, {"lastseen": "2021-01-17T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **tabcasove[.]publicnode.ydns.eu** in [RST Threat Feed](https://rstcloud.net/profeed) with score **10**.\n First seen: 2021-01-17T03:00:00, Last seen: 2021-01-17T03:00:00.\n IOC tags: **cryptomining**.\nIOC could be a **False Positive** (Domain not resolved. Whois records not found).\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2021-01-17T00:00:00", "id": "RST:966BD9EE-1300-3E09-8343-7643D8007D7C", "href": "", "published": "2021-02-24T00:00:00", "title": "RST Threat feed. IOC: tabcasove.publicnode.ydns.eu", "type": "rst", "cvss": {}}, {"lastseen": "2021-02-24T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **http://42[.]230.52.184:49780/i** in [RST Threat Feed](https://rstcloud.net/profeed) with score **66**.\n First seen: 2021-02-24T03:00:00, Last seen: 2021-02-24T03:00:00.\n IOC tags: **malware**.\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2021-02-24T00:00:00", "id": "RST:E3A8F45B-1300-3F87-AEB3-919014D469F4", "href": "", "published": "2021-02-24T00:00:00", "title": "RST Threat feed. IOC: http://42.230.52.184:49780/i", "type": "rst", "cvss": {}}, {"lastseen": "2021-02-23T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **0[.]0.0.0 junezhu.pms.api.btc.top** in [RST Threat Feed](https://rstcloud.net/profeed) with score **48**.\n First seen: 2021-02-23T03:00:00, Last seen: 2021-02-23T03:00:00.\n IOC tags: **cryptomining**.\nDomain has DNS A records: 52[.]1.161.122\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2021-02-23T00:00:00", "id": "RST:471A853F-1300-3A50-89DD-73E801A4A5B4", "href": "", "published": "2021-02-23T00:00:00", "title": "RST Threat feed. IOC: 0.0.0.0 junezhu.pms.api.btc.top", "type": "rst", "cvss": {}}, {"lastseen": "2021-02-21T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **119[.]23.229.241** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **10**.\n First seen: 2021-02-15T03:00:00, Last seen: 2021-02-21T03:00:00.\n IOC tags: **generic**.\nASN 37963: (First IP 119.23.0.0, Last IP 119.23.255.255).\nASN Name \"CNNICALIBABACNNETAP\" and Organisation \"Hangzhou Alibaba Advertising CoLtd\".\nASN hosts 2755153 domains.\nGEO IP information: City \"\", Country \"China\".\nIOC could be a **False Positive** (Cloud provider IP).\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2021-02-15T00:00:00", "id": "RST:0DEE79AA-1300-3881-8F1F-28A689A1B123", "href": "", "published": "2021-02-22T00:00:00", "title": "RST Threat feed. IOC: 119.23.229.241", "type": "rst", "cvss": {}}, {"lastseen": "2021-02-17T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **179[.]106.12.108** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **38**.\n First seen: 2021-01-17T03:00:00, Last seen: 2021-02-17T03:00:00.\n IOC tags: **botnet, generic**.\nWe found that the IOC is used by: **mirai**.\nASN 262604: (First IP 179.106.0.0, Last IP 179.106.15.255).\nASN Name \"\" and Organisation \"Clickcom telecomunicaes ltdame\".\nASN hosts 1 domains.\nGEO IP information: City \"Timbauba\", Country \"Brazil\".\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2021-01-17T00:00:00", "id": "RST:FC607724-1300-375F-AC75-15014D115E8F", "href": "", "published": "2021-02-18T00:00:00", "title": "RST Threat feed. IOC: 179.106.12.108", "type": "rst", "cvss": {}}, {"lastseen": "2021-02-14T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **belkar[.]site** in [RST Threat Feed](https://rstcloud.net/profeed) with score **10**.\n First seen: 2020-12-22T03:00:00, Last seen: 2021-02-14T03:00:00.\n IOC tags: **generic**.\nIOC could be a **False Positive** (Domain not resolved. Whois records not found).\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2020-12-22T00:00:00", "id": "RST:09E2FCAE-1300-321C-98C6-37A9E0C1AD87", "href": "", "published": "2021-02-15T00:00:00", "title": "RST Threat feed. IOC: belkar.site", "type": "rst", "cvss": {}}, {"lastseen": "2021-02-15T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **0[.]0.0.0 www.for-pccare-online.xyz** in [RST Threat Feed](https://rstcloud.net/profeed) with score **10**.\n First seen: 2021-02-15T03:00:00, Last seen: 2021-02-15T03:00:00.\n IOC tags: **generic**.\nIOC could be a **False Positive** (Domain not resolved. Whois records not found).\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2021-02-15T00:00:00", "id": "RST:B235DCAD-1300-3A3E-95CE-E539BF69DDF4", "href": "", "published": "2021-02-15T00:00:00", "title": "RST Threat feed. IOC: 0.0.0.0 www.for-pccare-online.xyz", "type": "rst", "cvss": {}}, {"lastseen": "2021-02-15T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **0[.]0.0.0 xxxfiles.se** in [RST Threat Feed](https://rstcloud.net/profeed) with score **10**.\n First seen: 2021-02-15T03:00:00, Last seen: 2021-02-15T03:00:00.\n IOC tags: **generic**.\nIOC could be a **False Positive** (Domain not resolved. Whois records not found).\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2021-02-15T00:00:00", "id": "RST:2E67AEC5-1300-32FB-821D-304FAC90F139", "href": "", "published": "2021-02-15T00:00:00", "title": "RST Threat feed. IOC: 0.0.0.0 xxxfiles.se", "type": "rst", "cvss": {}}], "nessus": [{"lastseen": "2021-02-25T17:09:30", "description": "According to the version of the gnome-keyring packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerability :\n\n - In pam/gkr-pam-module.c in GNOME Keyring before 3.27.2,\n the user's password is kept in a session-child process\n spawned from the LightDM daemon. This can expose the\n credential in cleartext.(CVE-2018-20781)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 2, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2021-02-22T00:00:00", "title": "EulerOS 2.0 SP2 : gnome-keyring (EulerOS-SA-2021-1300)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-20781"], "modified": "2021-02-22T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:gnome-keyring", "cpe:/o:huawei:euleros:2.0", "p-cpe:/a:huawei:euleros:gnome-keyring-pam"], "id": "EULEROS_SA-2021-1300.NASL", "href": "https://www.tenable.com/plugins/nessus/146659", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(146659);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/02/24\");\n\n script_cve_id(\n \"CVE-2018-20781\"\n );\n\n script_name(english:\"EulerOS 2.0 SP2 : gnome-keyring (EulerOS-SA-2021-1300)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the gnome-keyring packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerability :\n\n - In pam/gkr-pam-module.c in GNOME Keyring before 3.27.2,\n the user's password is kept in a session-child process\n spawned from the LightDM daemon. This can expose the\n credential in cleartext.(CVE-2018-20781)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-1300\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?36e80224\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected gnome-keyring package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/02/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/02/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:gnome-keyring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:gnome-keyring-pam\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(2)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"gnome-keyring-3.14.0-1.h3\",\n \"gnome-keyring-pam-3.14.0-1.h3\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"2\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gnome-keyring\");\n}\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}]}