Vulnerabilities > CVE-2002-0738 - Unspecified vulnerability in Mhonarc 2.5/2.5.1/2.5.2
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN mhonarc
nessus
Summary
MHonArc 2.5.2 and earlier does not properly filter Javascript from archived e-mail messages, which could allow remote attackers to execute script in web clients by (1) splitting the SCRIPT tag into smaller pieces, (2) including the script in a SRC argument to an IMG tag, or (3) using "&={script}" syntax.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 3 |
Nessus
NASL family Debian Local Security Checks NASL id DEBIAN_DSA-163.NASL description Jason Molenda and Hiromitsu Takagi foundways to exploit cross site scripting bugs in mhonarc, a mail to HTML converter. When processing maliciously crafted mails of type text/html mhonarc does not deactivate all scripting parts properly. This is fixed in upstream version 2.5.3. If you are worried about security, it is recommended that you disable support of text/html messages in your mail archives. There is no guarantee that the mhtxthtml.pl library is robust enough to eliminate all possible exploits that can occur with HTML data. To exclude HTML data, you can use the MIMEEXCS resource. For example : <MIMEExcs> text/html text/x-html </MIMEExcs> The type last seen 2020-06-01 modified 2020-06-02 plugin id 15000 published 2004-09-29 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/15000 title Debian DSA-163-1 : mhonarc - XSS code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-163. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(15000); script_version("1.20"); script_cvs_date("Date: 2019/08/02 13:32:17"); script_cve_id("CVE-2002-0738"); script_bugtraq_id(4546); script_xref(name:"DSA", value:"163"); script_name(english:"Debian DSA-163-1 : mhonarc - XSS"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "Jason Molenda and Hiromitsu Takagi foundways to exploit cross site scripting bugs in mhonarc, a mail to HTML converter. When processing maliciously crafted mails of type text/html mhonarc does not deactivate all scripting parts properly. This is fixed in upstream version 2.5.3. If you are worried about security, it is recommended that you disable support of text/html messages in your mail archives. There is no guarantee that the mhtxthtml.pl library is robust enough to eliminate all possible exploits that can occur with HTML data. To exclude HTML data, you can use the MIMEEXCS resource. For example : <MIMEExcs> text/html text/x-html </MIMEExcs> The type 'text/x-html' is probably not used any more, but is good to include it, just-in-case. If you are concerned that this could block out the entire contents of some messages, then you could do the following instead : <MIMEFilters> text/html; m2h_text_plain::filter; mhtxtplain.pl text/x-html; m2h_text_plain::filter; mhtxtplain.pl </MIMEFilters> This treats the HTML as text/plain. The above problems have been fixed in version 2.5.2-1.1 for the current stable distribution (woody), in version 2.4.4-1.1 for the old stable distribution (potato) and in version 2.5.11-1 for the unstable distribution (sid)." ); script_set_attribute( attribute:"see_also", value:"http://online.securityfocus.com/archive/1/268455" ); script_set_attribute( attribute:"see_also", value:"http://www.debian.org/security/2002/dsa-163" ); script_set_attribute(attribute:"solution", value:"Upgrade the mhonarc packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:mhonarc"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:2.2"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:3.0"); script_set_attribute(attribute:"patch_publication_date", value:"2002/09/09"); script_set_attribute(attribute:"plugin_publication_date", value:"2004/09/29"); script_set_attribute(attribute:"vuln_publication_date", value:"2002/04/19"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"2.2", prefix:"mhonarc", reference:"2.4.4-1.1")) flag++; if (deb_check(release:"3.0", prefix:"mhonarc", reference:"2.5.2-1.1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family CGI abuses : XSS NASL id TORTURE_CGI_CROSS_SITE_SCRIPTING2.NASL description The remote web server hosts CGI scripts that fail to adequately sanitize request strings of malicious JavaScript. By leveraging this issue, an attacker may be able to cause arbitrary HTML and script code to be executed in a user last seen 2020-06-01 modified 2020-06-02 plugin id 47831 published 2010-07-26 reporter This script is Copyright (C) 2010-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/47831 title CGI Generic XSS (comprehensive test)
References
- http://archives.neohapsis.com/archives/bugtraq/2002-04/0260.html
- http://archives.neohapsis.com/archives/bugtraq/2002-04/0260.html
- http://www.debian.org/security/2002/dsa-163
- http://www.debian.org/security/2002/dsa-163
- http://www.iss.net/security_center/static/8894.php
- http://www.iss.net/security_center/static/8894.php
- http://www.mhonarc.org/MHonArc/CHANGES
- http://www.mhonarc.org/MHonArc/CHANGES
- http://www.securityfocus.com/bid/4546
- http://www.securityfocus.com/bid/4546