Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2007-2021 and is owned by Tenable, Inc. or an Affiliate thereof.DEBIAN_DSA-1371.NASL
HistorySep 14, 2007 - 12:00 a.m.

Debian DSA-1371-1 : phpwiki - several vulnerabilities

2007-09-1400:00:00
This script is Copyright (C) 2007-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
41

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.034 Low

EPSS

Percentile

91.5%

JSON

Several vulnerabilities have been discovered in phpWiki, a wiki engine written in PHP. The Common Vulnerabilities and Exposures project identifies the following problems :

  • CVE-2007-2024 It was discovered that phpWiki performs insufficient file name validation, which allows unrestricted file uploads.

  • CVE-2007-2025 It was discovered that phpWiki performs insufficient file name validation, which allows unrestricted file uploads.

  • CVE-2007-3193 If the configuration lacks a nonzero PASSWORD_LENGTH_MINIMUM, phpWiki might allow remote attackers to bypass authentication via an empty password, which causes ldap_bind to return true when used with certain LDAP implementations.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Debian Security Advisory DSA-1371. The text 
# itself is copyright (C) Software in the Public Interest, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(26032);
  script_version("1.14");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/04");

  script_cve_id("CVE-2007-2024", "CVE-2007-2025", "CVE-2007-3193");
  script_xref(name:"DSA", value:"1371");

  script_name(english:"Debian DSA-1371-1 : phpwiki - several vulnerabilities");
  script_summary(english:"Checks dpkg output for the updated package");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Debian host is missing a security-related update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Several vulnerabilities have been discovered in phpWiki, a wiki engine
written in PHP. The Common Vulnerabilities and Exposures project
identifies the following problems :

  - CVE-2007-2024
    It was discovered that phpWiki performs insufficient
    file name validation, which allows unrestricted file
    uploads.

  - CVE-2007-2025
    It was discovered that phpWiki performs insufficient
    file name validation, which allows unrestricted file
    uploads.

  - CVE-2007-3193
    If the configuration lacks a nonzero
    PASSWORD_LENGTH_MINIMUM, phpWiki might allow remote
    attackers to bypass authentication via an empty
    password, which causes ldap_bind to return true when
    used with certain LDAP implementations."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=429201"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=441390"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2007-2024"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2007-2025"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2007-3193"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.debian.org/security/2007/dsa-1371"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"Upgrade the phpwiki package.

The old stable distribution (sarge) does not contain phpwiki packages.

For the stable distribution (etch) these problems have been fixed in
version 1.3.12p3-5etch1."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:phpwiki");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:4.0");

  script_set_attribute(attribute:"patch_publication_date", value:"2007/09/11");
  script_set_attribute(attribute:"plugin_publication_date", value:"2007/09/14");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2007-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Debian Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("debian_package.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;
if (deb_check(release:"4.0", prefix:"phpwiki", reference:"1.3.12p3-5etch1")) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
  else security_hole(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
VendorProductVersionCPE
debiandebian_linuxphpwikip-cpe:/a:debian:debian_linux:phpwiki
debiandebian_linux4.0cpe:/o:debian:debian_linux:4.0

Related

debian 1
openvas 6
osv 1
gentoo 2
nessus 2
prion 3
cvelist 3
ubuntucve 3
nvd 3
cve 3
cert 1
securityvulns 1
debian
debian
[SECURITY] [DSA 1371-1] New phpwiki packages fix several vulnerabilities
2007-09-11 18:46:30
openvas
openvas
Debian Security Advisory DSA 1371-1 (phpwiki)
2008-01-17 00:00:00
Debian: Security Advisory (DSA-1371-1)
2008-01-17 00:00:00
Gentoo Security Advisory GLSA 200705-16 (phpwiki)
2008-09-24 00:00:00
osv
osv
phpwiki - several vulnerabilities
2007-09-11 00:00:00
gentoo
gentoo
PhpWiki: Remote execution of arbitrary code
2007-05-17 00:00:00
PhpWiki: Authentication bypass
2007-09-18 00:00:00
nessus
nessus
GLSA-200705-16 : PhpWiki: Remote execution of arbitrary code
2007-05-20 00:00:00
GLSA-200709-10 : PhpWiki: Authentication bypass
2007-09-24 00:00:00
prion
prion
Unrestricted file upload
2007-04-13 18:19:00
Authentication flaw
2007-06-12 23:30:00
Unrestricted file upload
2007-04-13 18:19:00
cvelist
cvelist
CVE-2007-2025
2007-04-13 18:00:00
CVE-2007-3193
2007-06-12 23:00:00
CVE-2007-2024
2007-04-13 18:00:00
ubuntucve
ubuntucve
CVE-2007-2025
2007-04-13 00:00:00
CVE-2007-3193
2007-06-12 00:00:00
CVE-2007-2024
2007-04-13 00:00:00
nvd
nvd
CVE-2007-2025
2007-04-13 18:19:00
CVE-2007-3193
2007-06-12 23:30:00
CVE-2007-2024
2007-04-13 18:19:00
cve
cve
CVE-2007-2025
2007-04-13 18:19:00
CVE-2007-3193
2007-06-12 23:30:00
CVE-2007-2024
2007-04-13 18:19:00
cert
cert
PhpWiki fails to properly restrict uploaded files
2007-04-12 00:00:00
securityvulns
securityvulns
Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
2007-04-12 00:00:00

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.034 Low

EPSS

Percentile

91.5%

JSON
Related for DEBIAN_DSA-1371.NASL
debian1openvas6osv1gentoo2nessus2prion3cvelist3ubuntucve3nvd3cve3cert1securityvulns1