Vulnerabilities > CVE-2002-0874 - Denial-Of-Service vulnerability in Interchange
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE Summary
Vulnerability in Interchange 4.8.6, 4.8.3, and other versions, when running in INET mode, allows remote attackers to read arbitrary files.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 5 |
Exploit-Db
description | Red Hat Interchange 4.8.x Arbitrary File Read Vulnerability. CVE-2002-0874. Remote exploit for linux platform |
id | EDB-ID:21706 |
last seen | 2016-02-02 |
modified | 2002-08-13 |
published | 2002-08-13 |
reporter | anonymous |
source | https://www.exploit-db.com/download/21706/ |
title | Red Hat Interchange 4.8.x - Arbitrary File Read Vulnerability |
Nessus
NASL family Service detection NASL id INTERCHANGE_DETECT.NASL description It seems that last seen 2020-06-02 modified 2002-09-21 plugin id 11128 published 2002-09-21 reporter This script is Copyright (C) 2002-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/11128 title Red Hat Interchange INET Mode Detection code # # (C) Tenable Network Security, Inc. # # Script audit and contributions from Carmichael Security # Erik Anderson <[email protected]> # Added BugtraqID # # Note: this service is *not* a web server, but it looks like it for # find_service # HEAD / HTTP/1.0 (the only request it seems to recognize) # HTTP/1.0 200 OK # Last-modified: [15/August/2002:17:41:40 +0200] # Content-type: application/octet-stream # # GET / HTTP/1.0 (or anything else, even not HTTP: GROUMPF\r\n) # HTTP/1.0 404 Not found # Content-type: application/octet-stream # # / not a Interchange catalog or help file. # include("compat.inc"); if(description) { script_id(11128); script_version ("1.23"); script_cve_id("CVE-2002-0874"); script_bugtraq_id(5453); script_xref(name:"DSA", value:"150"); script_name(english:"Red Hat Interchange INET Mode Detection"); script_set_attribute(attribute:"synopsis", value: "The remote host is running Red Hat Interchange." ); script_set_attribute(attribute:"description", value: "It seems that 'Red Hat Interchange' ecommerce and dynamic content management application is running in 'Inet' mode on this port. Versions 4.8.5 and earlier are flawed and may disclose contents of sensitive files to attackers. ** Nessus neither checked Interchange version nor tried ** to exploit the vulnerability" ); script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?f3cc17f8" ); script_set_attribute(attribute:"solution", value: "Upgrade your software if necessary or configure it for 'Unix mode' communication only." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_publication_date", value: "2002/09/21"); script_set_attribute(attribute:"vuln_publication_date", value: "2002/08/13"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/01"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"cpe", value:"cpe:/a:interchange_development_group:interchange"); script_end_attributes(); script_summary(english:"Redhat Interchange e-commerce application detection"); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2002-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Service detection"); script_dependencie("http_version.nasl"); script_require_ports("Services/www", 7786); exit(0); } #### include("global_settings.inc"); include("misc_func.inc"); include("http.inc"); port = get_http_port(default:7786); w = http_send_recv_buf(port:port, data: 'NESSUS / HTTP/1.0\r\n\r\n', exit_on_fail: TRUE); r = strcat(w[0], w[1], '\r\n', w[2]); if ("/ not a Interchange catalog or help file" >< r) security_warning(port);
NASL family Debian Local Security Checks NASL id DEBIAN_DSA-150.NASL description A problem has been discovered in Interchange, an e-commerce and general HTTP database display system, which can lead to an attacker being able to read any file to which the user of the Interchange daemon has sufficient permissions, when Interchange runs in last seen 2020-06-01 modified 2020-06-02 plugin id 14987 published 2004-09-29 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/14987 title Debian DSA-150-1 : interchange - illegal file exposition code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-150. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(14987); script_version("1.20"); script_cvs_date("Date: 2019/08/02 13:32:17"); script_cve_id("CVE-2002-0874"); script_bugtraq_id(5453); script_xref(name:"DSA", value:"150"); script_name(english:"Debian DSA-150-1 : interchange - illegal file exposition"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "A problem has been discovered in Interchange, an e-commerce and general HTTP database display system, which can lead to an attacker being able to read any file to which the user of the Interchange daemon has sufficient permissions, when Interchange runs in 'INET mode' (internet domain socket). This is not the default setting in Debian packages, but configurable with Debconf and via configuration file. We also believe that this bug cannot exploited on a regular Debian system. This problem has been fixed by the package maintainer in version 4.8.3.20020306-1.woody.1 for the current stable distribution (woody) and in version 4.8.6-1 for the unstable distribution (sid). The old stable distribution (potato) is not affected, since it doesn't ship the Interchange system." ); script_set_attribute( attribute:"see_also", value:"http://www.debian.org/security/2002/dsa-150" ); script_set_attribute(attribute:"solution", value:"Upgrade the interchange packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:interchange"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:3.0"); script_set_attribute(attribute:"patch_publication_date", value:"2002/08/13"); script_set_attribute(attribute:"plugin_publication_date", value:"2004/09/29"); script_set_attribute(attribute:"vuln_publication_date", value:"2002/08/13"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"3.0", prefix:"interchange", reference:"4.8.3.20020306-1.woody.1")) flag++; if (deb_check(release:"3.0", prefix:"interchange-cat-foundation", reference:"4.8.3.20020306-1.woody.1")) flag++; if (deb_check(release:"3.0", prefix:"interchange-ui", reference:"4.8.3.20020306-1.woody.1")) flag++; if (deb_check(release:"3.0", prefix:"libapache-mod-interchange", reference:"4.8.3.20020306-1.woody.1")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");