Vulnerabilities > CVE-2002-0333 - Remote vulnerability in xtell Trusted TTY Device Name

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
PARTIAL
Availability impact
NONE
network
low complexity
xtell
nessus
exploit available
NVD
Published: 2002-06-25
Updated: 2016-10-18

Summary

Directory traversal vulnerability in xtell (xtelld) 1.91.1 and earlier, and 2.x before 2.7, allows remote attackers to read files with short names, and local users to read more files using a symlink with a short name, via a .. in the TTY argument.

Vulnerable Configurations

Part Description Count
Application
Xtell
2

Exploit-Db

descriptionxtell 2.6.1 User Status Remote Information Disclosure Vulnerability. CVE-2002-0333. Remote exploit for linux platform
idEDB-ID:21310
last seen2016-02-02
modified2002-02-27
published2002-02-27
reporterspybreak
sourcehttps://www.exploit-db.com/download/21310/
titlextell 2.6.1 User Status Remote Information Disclosure Vulnerability

Nessus

NASL familyDebian Local Security Checks
NASL idDEBIAN_DSA-121.NASL
descriptionSeveral security related problems have been found in the xtell package, a simple messaging client and server. In detail, these problems contain several buffer overflows, a problem in connection with symbolic links, unauthorized directory traversal when the path contains
last seen2020-06-01
modified2020-06-02
plugin id14958
published2004-09-29
reporterThis script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/14958
titleDebian DSA-121-1 : xtell - buffer overflow, symlink problem, '..' directory traversal
code
#%NASL_MIN_LEVEL 80502

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Debian Security Advisory DSA-121. The text 
# itself is copyright (C) Software in the Public Interest, Inc.
#

include("compat.inc");

if (description)
{
  script_id(14958);
  script_version("1.19");
  script_cvs_date("Date: 2019/08/02 13:32:16");

  script_cve_id("CVE-2002-0332", "CVE-2002-0333", "CVE-2002-0334");
  script_xref(name:"DSA", value:"121");

  script_name(english:"Debian DSA-121-1 : xtell - buffer overflow, symlink problem, '..' directory traversal");
  script_summary(english:"Checks dpkg output for the updated package");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Debian host is missing a security-related update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Several security related problems have been found in the xtell
package, a simple messaging client and server. In detail, these
problems contain several buffer overflows, a problem in connection
with symbolic links, unauthorized directory traversal when the path
contains '..'. These problems could lead into an attacker being able
to execute arbitrary code on the server machine. The server runs with
nobody privileges by default, so this would be the account to be
exploited.

They have been corrected by backporting changes from a newer upstream
version by the Debian maintainer for xtell. These problems are fixed
in version 1.91.1 in the stable distribution of Debian and in version
2.7 for the testing and unstable distribution of Debian."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.debian.org/security/2002/dsa-121"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Upgrade the xtell packages immediately."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:xtell");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:2.2");

  script_set_attribute(attribute:"patch_publication_date", value:"2002/03/11");
  script_set_attribute(attribute:"plugin_publication_date", value:"2004/09/29");
  script_set_attribute(attribute:"vuln_publication_date", value:"2002/02/27");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc.");
  script_family(english:"Debian Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("debian_package.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;
if (deb_check(release:"2.2", prefix:"xtell", reference:"1.91.1")) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
  else security_hole(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");

References