Bug 995634 (CVE-2013-4885)
Summary: | CVE-2013-4885 nmap: arbitrary file upload flaw in http-domino-enum-passwords NSE script | ||||||
---|---|---|---|---|---|---|---|
Product: | [Other] Security Response | Reporter: | Vincent Danen <vdanen> | ||||
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> | ||||
Status: | CLOSED WONTFIX | QA Contact: | |||||
Severity: | low | Docs Contact: | |||||
Priority: | low | ||||||
Version: | unspecified | CC: | athmanem, bpowers, bressers, dmoppert, ebenes, huzaifas, jeff.blosser, jkurik, jrusnack, magoldma, mhlavink, psabata | ||||
Target Milestone: | --- | Keywords: | Security | ||||
Target Release: | --- | ||||||
Hardware: | All | ||||||
OS: | Linux | ||||||
Whiteboard: | |||||||
Fixed In Version: | nmap 6.40 | Doc Type: | Bug Fix | ||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2015-01-26 20:02:04 UTC | Type: | --- | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Bug Depends On: | 997739, 997775 | ||||||
Bug Blocks: | 995636 | ||||||
Attachments: |
|
Description
Vincent Danen
2013-08-09 22:46:35 UTC
Created attachment 785030 [details]
nmap r31576 patch
The svn patch that corrects this flaw and hardens a few other NSE scripts.
This did not affect the version of nmap in Red Hat Enterprise Linux 5 as it did not have support for NSE scripts. Created nmap tracking bugs for this issue: Affects: fedora-all [bug 997739] Statement: This did not affect the version of nmap as shipped with Red Hat Enterprise Linux 5, as it did not have support for NSE scripts. This issue affects the version of nmap as shipped with Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. nmap-6.40-1.fc18 has been pushed to the Fedora 18 stable repository. If problems still persist, please make note of it in this bug report. I'm willy to say we should wontfix this. If the customer has a reason to see this fixed, please let us know. If you are using Qualsys to scan your systems running RedHat 6.x then Qualsys reports the systems are at risk with a severity rating of a 3. Can RH discuss a release/update? The needinfo request[s] on this closed bug have been removed as they have been unresolved for 500 days |