Vulnerabilities > CVE-2000-0109 - Unspecified vulnerability in Comstock Multicsp 4.2

047910
CVSS 10.0 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
network
low complexity
comstock
critical
nessus
exploit available
NVD
Published: 2000-01-31
Updated: 2022-08-17

Summary

The mcsp Client Site Processor system (MultiCSP) in Standard and Poor's ComStock is installed with several accounts that have no passwords or easily guessable default passwords.

Vulnerable Configurations

Part Description Count
Application
Comstock
1

Exploit-Db

descriptionStandard & Poors ComStock 4.2.4 Machine Vulnerabilities. CVE-2000-0109 . Local exploit for unix platform
idEDB-ID:19823
last seen2016-02-02
modified2000-03-24
published2000-03-24
reporterkadokev
sourcehttps://www.exploit-db.com/download/19823/
titleStandard & Poors ComStock 4.2.4 Machine Vulnerabilities

Nessus

NASL familyMisc.
NASL idMULTICSP_DETECT.NASL
descriptionThe remote host seems to be a Standard & Poor
last seen2020-06-02
modified2000-05-25
plugin id10418
published2000-05-25
reporterThis script is Copyright (C) 2000-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
sourcehttps://www.tenable.com/plugins/nessus/10418
titleStandard & Poor's ComStock MultiCSP Detection
code
#
# (C) Tenable Network Security, Inc.
#


include("compat.inc");

if(description)
{
 script_id(10418);
 script_version ("1.25");
 script_cve_id("CVE-2000-0109");
 script_bugtraq_id(1080);

 script_name(english:"Standard & Poor's ComStock MultiCSP Detection");
 
 script_set_attribute(attribute:"synopsis", value:
"The remote host appears to be running a client application for a stock
quote server." );
 script_set_attribute(attribute:"description", value:
"The remote host seems to be a Standard & Poor's MultiCSP system.

Make sure only authorized systems can connect to it.

In addition, these units ship with several default accounts with a
blank or easily guessed password. However, Nessus has not checked 
for these." );
 script_set_attribute(attribute:"solution", value:
"Protect this host by a firewall" );
 script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
 script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
 script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
 script_set_attribute(attribute:"exploit_available", value:"true");

 script_set_attribute(attribute:"plugin_publication_date", value: "2000/05/25");
 script_set_attribute(attribute:"vuln_publication_date", value: "2000/01/31");
 script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/01");
 script_set_attribute(attribute:"plugin_type", value:"remote");
 script_set_attribute(attribute:"cpe", value:"cpe:/a:comstock:multicsp");
 script_end_attributes();

 
 script_summary(english:"Detect if the remote host is a Standard & Poors' MultiCSP");
 script_category(ACT_GATHER_INFO);
 script_copyright(english:"This script is Copyright (C) 2000-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
 script_family(english:"Misc.");
 script_require_ports("Services/telnet", 23);
 script_dependencies("find_service1.nasl");
 exit(0);
}

#
# The script code starts here
#
include("telnet_func.inc");

port = get_kb_item("Services/telnet");
if(!port)port = 23;
if (get_port_state(port))
{
 banner = get_telnet_banner(port: port);
 if(banner)
   {
   if("MCSP - Standard & Poor's ComStock" >< banner)
      security_hole(port:port, extra:'The remote telnet banner is :\n' + banner);
   }
}

References