Bug 995634 (CVE-2013-4885) - CVE-2013-4885 nmap: arbitrary file upload flaw in http-domino-enum-passwords NSE script [NEEDINFO]
Summary: CVE-2013-4885 nmap: arbitrary file upload flaw in http-domino-enum-passwords ...
Keywords:
Status: CLOSED WONTFIX
Alias: CVE-2013-4885
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 997739 997775
Blocks: 995636
TreeView+ depends on / blocked
 
Reported: 2013-08-09 22:46 UTC by Vincent Danen
Modified: 2019-09-29 13:07 UTC (History)
12 users (show)

Fixed In Version: nmap 6.40
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2015-01-26 20:02:04 UTC
dmoppert: needinfo? (bpowers)


Attachments (Terms of Use)
nmap r31576 patch (8.75 KB, patch)
2013-08-09 22:48 UTC, Vincent Danen
no flags Details | Diff

Description Vincent Danen 2013-08-09 22:46:35 UTC
A flaw in the http-domino-enum-password NSE script for Nmap was discovered [1].  If this script was run with the non-default domino-enum-passwords.idpath parameter against a malicious server, it could cause an arbitrarily named file to be written to the client system with the permissions of the user running the nmap client.

This was corrected in upstream version 6.40 [2] (svn r31576).  This svn revision also updates a few other NSE scripts for extra safety.


[1] http://packetstormsecurity.com/files/122719/TWSL2013-025.txt
[2] http://nmap.org/changelog.html

Comment 1 Vincent Danen 2013-08-09 22:48:06 UTC
Created attachment 785030 [details]
nmap r31576 patch

The svn patch that corrects this flaw and hardens a few other NSE scripts.

Comment 2 Vincent Danen 2013-08-09 22:52:28 UTC
This did not affect the version of nmap in Red Hat Enterprise Linux 5 as it did not have support for NSE scripts.

Comment 3 Huzaifa S. Sidhpurwala 2013-08-16 05:54:41 UTC
Created nmap tracking bugs for this issue:

Affects: fedora-all [bug 997739]

Comment 5 Huzaifa S. Sidhpurwala 2013-08-16 08:09:08 UTC
Statement:

This did not affect the version of nmap as shipped with Red Hat Enterprise Linux 5, as it did not have support for NSE scripts. This issue affects the version of nmap as shipped with Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw.

Comment 7 Fedora Update System 2013-08-27 23:27:44 UTC
nmap-6.40-1.fc18 has been pushed to the Fedora 18 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 11 Josh Bressers 2015-01-26 20:01:24 UTC
I'm willy to say we should wontfix this. If the customer has a reason to see this fixed, please let us know.

Comment 13 Jeff 2015-06-24 17:06:07 UTC
If you are using Qualsys to scan your systems running RedHat 6.x then Qualsys reports the systems are at risk with a severity rating of a 3. Can RH discuss a release/update?


Note You need to log in before you can comment on or make changes to this bug.