Vulnerabilities > CVE-2000-0883 - Unspecified vulnerability in Mandrakesoft Mandrake Linux 6.1/7.0/7.1
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE Summary
The default configuration of mod_perl for Apache as installed on Mandrake Linux 6.1 through 7.1 sets the /perl/ directory to be browseable, which allows remote attackers to list the contents of that directory.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
OS | 3 |
Exploit-Db
description | Mandrake 6.1/7.0/7.1 /perl http Directory Disclosure Vulnerability. CVE-2000-0883. Remote exploit for linux platform |
id | EDB-ID:20220 |
last seen | 2016-02-02 |
modified | 2000-09-11 |
published | 2000-09-11 |
reporter | anonymous |
source | https://www.exploit-db.com/download/20220/ |
title | Mandrake 6.1/7.0/7.1 /perl http Directory Disclosure Vulnerability |
Nessus
NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2000-046.NASL description The configuration file, /etc/httpd/conf/addon-modules/mod_perl.conf contained an Options directive that was not entirely secure and allowed people to browse the /perl/ directory. This update adds the last seen 2020-06-01 modified 2020-06-02 plugin id 61838 published 2012-09-06 reporter This script is Copyright (C) 2012-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/61838 title Mandrake Linux Security Advisory : mod_perl (MDKSA-2000:046) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Mandrake Linux Security Advisory MDKSA-2000:046. # The text itself is copyright (C) Mandriva S.A. # include("compat.inc"); if (description) { script_id(61838); script_version("1.5"); script_cvs_date("Date: 2019/08/02 13:32:46"); script_cve_id("CVE-2000-0883"); script_xref(name:"MDKSA", value:"2000:046"); script_name(english:"Mandrake Linux Security Advisory : mod_perl (MDKSA-2000:046)"); script_summary(english:"Checks rpm output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Mandrake Linux host is missing a security update." ); script_set_attribute( attribute:"description", value: "The configuration file, /etc/httpd/conf/addon-modules/mod_perl.conf contained an Options directive that was not entirely secure and allowed people to browse the /perl/ directory. This update adds the '-Indexes' directive to the Options command, thus making the directory non- browseable." ); script_set_attribute( attribute:"solution", value:"Update the affected mod_perl package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mod_perl"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:6.1"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:7.0"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:7.1"); script_set_attribute(attribute:"patch_publication_date", value:"2000/09/11"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/09/06"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2012-2019 Tenable Network Security, Inc."); script_family(english:"Mandriva Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux"); if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu); flag = 0; if (rpm_check(release:"MDK6.1", cpu:"i386", reference:"mod_perl-1.21-17mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK7.0", cpu:"i386", reference:"mod_perl-1.21-21mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK7.1", cpu:"i386", reference:"mod_perl-1.22-29mdk", yank:"mdk")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family Web Servers NASL id PERL_BROWSEABLE.NASL description The /perl directory is browsable. This will show you the name of the installed common perl scripts and those that are written by the webmaster and thus may be exploitable. This plugin has been deprecated. Webmirror3 (plugin ID 10662) will identify a browsable directory. last seen 2017-01-01 modified 2016-12-30 plugin id 10511 published 2000-09-12 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=10511 title mod_perl for Apache HTTP Server /perl/ Directory Listing (deprecated) code #%NASL_MIN_LEVEL 999999 # # (C) Tenable Network Security, Inc. # # @DEPRECATED@ # # Disabled on 2016/04/01. Webmirror3.nbin will identify browsable # directories. include("compat.inc"); if(description) { script_id(10511); script_version ("1.24"); script_cvs_date("Date: 2018/07/24 18:56:13"); script_cve_id("CVE-2000-0883"); script_bugtraq_id(1678); script_name(english:"mod_perl for Apache HTTP Server /perl/ Directory Listing (deprecated)"); script_summary(english:"Checks if /perl browsable."); script_set_attribute(attribute:"synopsis", value: "This plugin has been deprecated."); script_set_attribute(attribute:"description", value: "The /perl directory is browsable. This will show you the name of the installed common perl scripts and those that are written by the webmaster and thus may be exploitable. This plugin has been deprecated. Webmirror3 (plugin ID 10662) will identify a browsable directory."); script_set_attribute(attribute:"solution", value:"n/a"); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"vuln_publication_date", value: "2000/09/11"); script_set_attribute(attribute:"plugin_publication_date", value: "2000/09/12"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Web Servers"); script_copyright(english:"This script is Copyright (C) 2000-2018 Tenable Network Security, Inc."); script_dependencie("http_version.nasl"); script_require_ports("Services/www", 80); exit(0); } # Deprecated. exit(0, "This plugin has been deprecated. Webmirror3 (plugin ID 10662) will identify a browsable directory."); # # The script code starts here include("global_settings.inc"); include("misc_func.inc"); include("http.inc"); port = get_http_port(default:80); r = http_send_recv3(method: "GET", item:"/perl/", port:port); if (isnull(r)) exit(1, "Server did not answer"); if (" 200 " >< r[0]) { buf = tolower(r[2]); must_see = "index of /perl"; if (must_see >< buf) { security_warning(port); set_kb_item(name: 'www/'+port+'/content/directory_index', value: '/perl:'); } }