CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
EPSS
Percentile
94.5%
The remote host appears to be running Rendezvous, a commercial messaging software product used for building distributed applications
According to its banner, several of the components in the version of Rendezvous installed on the remote host contain a buffer overflow vulnerability in the HTTP administrative interface that may allow arbitrary code execution subject to the privileges of the user that invoked the daemon, or ‘nobody’ in the case the remote system is ‘unix’ and the invoking user was ‘root’.
#
# (C) Tenable Network Security, Inc.
#
include('compat.inc');
if (description)
{
script_id(21677);
script_version("1.22");
script_cve_id("CVE-2006-2830");
script_bugtraq_id(18301);
script_xref(name:"CERT", value:"999884");
script_name(english:"Rendezvous < 7.5.1 HTTP Admin Interface Remote Overflow");
script_summary(english:"Checks version number in Rendezvous' HTTP banner");
script_set_attribute(attribute:"synopsis", value:
"The remote server is prone to a buffer overflow attack." );
script_set_attribute(attribute:"description", value:
"The remote host appears to be running Rendezvous, a commercial
messaging software product used for building distributed applications
According to its banner, several of the components in the version of
Rendezvous installed on the remote host contain a buffer overflow
vulnerability in the HTTP administrative interface that may allow
arbitrary code execution subject to the privileges of the user that
invoked the daemon, or 'nobody' in the case the remote system is
'unix' and the invoking user was 'root'." );
script_set_attribute(attribute:"see_also", value:"https://www.tibco.com/support/advisories/2006/06/tibco-security-advisory-june-5-2006-tibco-rendezvous" );
script_set_attribute(attribute:"solution", value:
"Upgrade to Rendezvous 7.5.1 or later." );
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_attribute(attribute:"cpe", value:"cpe:/a:tibco:rendezvous");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"plugin_publication_date", value: "2006/06/10");
script_set_attribute(attribute:"vuln_publication_date", value: "2006/06/05");
script_set_attribute(attribute:"patch_publication_date", value: "2006/06/05");
script_set_attribute(attribute:"plugin_modification_date", value:"2020/09/21");
script_set_attribute(attribute:"plugin_type", value: "remote");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Gain a shell remotely");
script_copyright(english:"This script is Copyright (C) 2006-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("http_version.nasl");
script_require_ports("Services/www", 7580, 7585);
exit(0);
}
include('global_settings.inc');
include('misc_func.inc');
include('http.inc');
port = get_http_port(default:7580);
# There's a problem if the banner is for Rendezvous < 7.5.1.
banner = get_http_banner(port:port, exit_on_fail: 1);
if (
egrep(pattern:"^Server: .+Rendezvous HTTP Server ([0-6]\.|7\.([0-4]\.|5\.0))", string:banner)
) security_hole(port);