Vulnerabilities > CVE-2002-0334 - Unspecified vulnerability in Xtell 1.91.1/2.6.1
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN xtell
nessus
Summary
xtell (xtelld) 1.91.1 and earlier, and 2.x before 2.7, allows local users to modify files via a symlink attack on the .xtell-log file.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 2 |
Nessus
NASL family Debian Local Security Checks NASL id DEBIAN_DSA-121.NASL description Several security related problems have been found in the xtell package, a simple messaging client and server. In detail, these problems contain several buffer overflows, a problem in connection with symbolic links, unauthorized directory traversal when the path contains last seen 2020-06-01 modified 2020-06-02 plugin id 14958 published 2004-09-29 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/14958 title Debian DSA-121-1 : xtell - buffer overflow, symlink problem, '..' directory traversal code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-121. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(14958); script_version("1.19"); script_cvs_date("Date: 2019/08/02 13:32:16"); script_cve_id("CVE-2002-0332", "CVE-2002-0333", "CVE-2002-0334"); script_xref(name:"DSA", value:"121"); script_name(english:"Debian DSA-121-1 : xtell - buffer overflow, symlink problem, '..' directory traversal"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "Several security related problems have been found in the xtell package, a simple messaging client and server. In detail, these problems contain several buffer overflows, a problem in connection with symbolic links, unauthorized directory traversal when the path contains '..'. These problems could lead into an attacker being able to execute arbitrary code on the server machine. The server runs with nobody privileges by default, so this would be the account to be exploited. They have been corrected by backporting changes from a newer upstream version by the Debian maintainer for xtell. These problems are fixed in version 1.91.1 in the stable distribution of Debian and in version 2.7 for the testing and unstable distribution of Debian." ); script_set_attribute( attribute:"see_also", value:"http://www.debian.org/security/2002/dsa-121" ); script_set_attribute( attribute:"solution", value:"Upgrade the xtell packages immediately." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:xtell"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:2.2"); script_set_attribute(attribute:"patch_publication_date", value:"2002/03/11"); script_set_attribute(attribute:"plugin_publication_date", value:"2004/09/29"); script_set_attribute(attribute:"vuln_publication_date", value:"2002/02/27"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"2.2", prefix:"xtell", reference:"1.91.1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Debian Local Security Checks NASL id DEBIAN_DSA-090.NASL description The xtel (an X emulator for minitel) package as distributed with Debian GNU/Linux 2.2 has two possible symlink attacks : - xteld creates a temporary file /tmp/.xtel-<user> without checking for symlinks. - when printing a hardcopy xtel would create a temporary file without protecting itself against symlink attacks. Both problems have been fixed in version 3.2.1-4.potato.1 . last seen 2020-06-01 modified 2020-06-02 plugin id 14927 published 2004-09-29 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/14927 title Debian DSA-090-1 : xtel - symlink attack code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-090. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(14927); script_version("1.19"); script_cvs_date("Date: 2019/08/02 13:32:16"); script_cve_id("CVE-2002-0334"); script_bugtraq_id(3626); script_xref(name:"DSA", value:"090"); script_name(english:"Debian DSA-090-1 : xtel - symlink attack"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "The xtel (an X emulator for minitel) package as distributed with Debian GNU/Linux 2.2 has two possible symlink attacks : - xteld creates a temporary file /tmp/.xtel-<user> without checking for symlinks. - when printing a hardcopy xtel would create a temporary file without protecting itself against symlink attacks. Both problems have been fixed in version 3.2.1-4.potato.1 ." ); script_set_attribute( attribute:"see_also", value:"http://www.debian.org/security/2001/dsa-090" ); script_set_attribute(attribute:"solution", value:"Upgrade the affected xtel package."); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:N/I:P/A:N"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:xtel"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:2.2"); script_set_attribute(attribute:"patch_publication_date", value:"2001/12/05"); script_set_attribute(attribute:"plugin_publication_date", value:"2004/09/29"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"2.2", prefix:"xtel", reference:"3.2.1-4.potato.1")) flag++; if (flag) { if (report_verbosity > 0) security_note(port:0, extra:deb_report_get()); else security_note(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
References
- http://marc.info/?l=bugtraq&m=101494896516467&w=2
- http://marc.info/?l=bugtraq&m=101494896516467&w=2
- http://www.debian.org/security/2002/dsa-121
- http://www.debian.org/security/2002/dsa-121
- http://www.iss.net/security_center/static/8314.php
- http://www.iss.net/security_center/static/8314.php
- http://www.securityfocus.com/bid/4197
- http://www.securityfocus.com/bid/4197