Summary: | <net-analyzer/openvas-manager-4.0.4 : security bypass (CVE-2013-6765) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | trivial | CC: | alexanderyt, hanno |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://www.openwall.com/lists/oss-security/2013/11/10/2 | ||
Whiteboard: | ~1 [noglsa] | ||
Package list: | Runtime testing required: | --- |
Bumped. Old versions can be removed in a few days if no issues pop up. It has been a little more then a month if there are no issues maintainer(s), please drop the vulnerable version. Vulnerable versions dropped. Closing. CVE-2013-6765 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6765): OpenVAS Manager 3.0 before 3.0.7 and 4.0 before 4.0.4 allows remote attackers to bypass the OMP authentication restrictions and execute OMP commands via a crafted OMP request for version information, which causes the state to be set to CLIENT_AUTHENTIC, as demonstrated by the omp_xml_handle_end_element function in omp.c. |
From ${URL} : > For OpenVAS Manager, this is a security release addressing a serious > security bug and it is highly recommended to update any installation of > OpenVAS Manager 3.0 and 4.0 with the corresponding release. > > A software bug in OpenVAS Manager allowed an attacker to bypass the OMP > authentication procedure. The attack vector was remotely available in > case OpenVAS Manager was listening on a public network interface. In > case of successful attack, the attacker gained partial rights to execute > OMP commands. The bypass authentication was, however, incomplete and > several OMP commands failed to execute properly. @maintainer(s): since the package has never been marked as stable, we don't need to stabilize it. Please remove the affected versions from the tree.