Bug 995634 - (CVE-2013-4885) CVE-2013-4885 nmap: arbitrary file upload flaw in http-domino-enum-passwords NSE script
CVE-2013-4885 nmap: arbitrary file upload flaw in http-domino-enum-passwords ...
Status: CLOSED WONTFIX
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
low Severity low
: ---
: ---
Assigned To: Red Hat Product Security
impact=low,public=20130807,reported=2...
: Security
Depends On: 997739 997775
Blocks: 995636
  Show dependency treegraph
 
Reported: 2013-08-09 18:46 EDT by Vincent Danen
Modified: 2015-08-24 15:51 EDT (History)
10 users (show)

See Also:
Fixed In Version: nmap 6.40
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2015-01-26 15:02:04 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
nmap r31576 patch (8.75 KB, patch)
2013-08-09 18:48 EDT, Vincent Danen
no flags Details | Diff

  None (edit)
Description Vincent Danen 2013-08-09 18:46:35 EDT
A flaw in the http-domino-enum-password NSE script for Nmap was discovered [1].  If this script was run with the non-default domino-enum-passwords.idpath parameter against a malicious server, it could cause an arbitrarily named file to be written to the client system with the permissions of the user running the nmap client.

This was corrected in upstream version 6.40 [2] (svn r31576).  This svn revision also updates a few other NSE scripts for extra safety.


[1] http://packetstormsecurity.com/files/122719/TWSL2013-025.txt
[2] http://nmap.org/changelog.html
Comment 1 Vincent Danen 2013-08-09 18:48:06 EDT
Created attachment 785030 [details]
nmap r31576 patch

The svn patch that corrects this flaw and hardens a few other NSE scripts.
Comment 2 Vincent Danen 2013-08-09 18:52:28 EDT
This did not affect the version of nmap in Red Hat Enterprise Linux 5 as it did not have support for NSE scripts.
Comment 3 Huzaifa S. Sidhpurwala 2013-08-16 01:54:41 EDT
Created nmap tracking bugs for this issue:

Affects: fedora-all [bug 997739]
Comment 5 Huzaifa S. Sidhpurwala 2013-08-16 04:09:08 EDT
Statement:

This did not affect the version of nmap as shipped with Red Hat Enterprise Linux 5, as it did not have support for NSE scripts. This issue affects the version of nmap as shipped with Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw.
Comment 7 Fedora Update System 2013-08-27 19:27:44 EDT
nmap-6.40-1.fc18 has been pushed to the Fedora 18 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 11 Josh Bressers 2015-01-26 15:01:24 EST
I'm willy to say we should wontfix this. If the customer has a reason to see this fixed, please let us know.
Comment 13 Jeff 2015-06-24 13:06:07 EDT
If you are using Qualsys to scan your systems running RedHat 6.x then Qualsys reports the systems are at risk with a severity rating of a 3. Can RH discuss a release/update?

Note You need to log in before you can comment on or make changes to this bug.