Vulnerabilities > CVE-2004-0698 - Local Security vulnerability in WebSTAR

047910
CVSS 3.6 - LOW
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
NONE
local
low complexity
4d
nessus

Summary

4D WebSTAR 5.3.2 and earlier allows local users to read and modify arbitrary files via a symlink attack.

Nessus

NASL familyFTP
NASL id4D_WEBSTAR_SYMB_LINK.NASL
descriptionThe remote server is running 4D WebStar FTP Server. The version of 4D WebStar FTP Server on the remote host is reportedly affected by a local symbolic link vulnerability caused by the application opening files without properly verifying their existence or their absolute location. Successful exploitation of this issue will allow an attacker to write to arbitrary files subject to the permissions of the affected application.
last seen2020-06-01
modified2020-06-02
plugin id14241
published2004-08-09
reporterThis script is Copyright (C) 2004-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/14241
title4D WebSTAR Symlink Privilege Escalation
code
#
# (C) Tenable Network Security, Inc.
#


include("compat.inc");

if(description)
{
 script_id(14241);
 script_version ("1.22");
 script_cve_id("CVE-2004-0698");
 script_bugtraq_id(10714);
 script_xref(name:"Secunia", value:"12063");

 script_name(english:"4D WebSTAR Symlink Privilege Escalation");
 script_summary(english:"Checks for 4D FTP Server");

 script_set_attribute(attribute:"synopsis", value:
"The remote FTP server is affected by a local symbolic link
vulnerability." );
 script_set_attribute(attribute:"description", value:
"The remote server is running 4D WebStar FTP Server. The version of 4D
WebStar FTP Server on the remote host is reportedly affected by a
local symbolic link vulnerability caused by the application opening
files without properly verifying their existence or their absolute
location.

Successful exploitation of this issue will allow an attacker to write
to arbitrary files subject to the permissions of the affected
application." );
 script_set_attribute(attribute:"see_also", value:"https://seclists.org/bugtraq/2004/Jul/130");
 script_set_attribute(attribute:"solution", value:
"Upgrade to 4D WebStar 5.3.3 or later." );
 script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:N");
 script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
 script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
 script_set_attribute(attribute:"exploit_available", value:"false");

 script_set_attribute(attribute:"plugin_publication_date", value: "2004/08/09");
 script_set_attribute(attribute:"vuln_publication_date", value: "2004/07/13");
 script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/12");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_end_attributes();

 script_category(ACT_GATHER_INFO);
 script_copyright(english:"This script is Copyright (C) 2004-2020 Tenable Network Security, Inc.");
 script_family(english:"FTP");
 script_dependencie("http_version.nasl", "ftpserver_detect_type_nd_version.nasl");
 script_require_ports("Services/www", 80, "Services/ftp", 21);
 exit(0);
}


include("http_func.inc");
include("http_keepalive.inc");
include("ftp_func.inc");


# 4D runs both FTP and WWW on the same port
port = get_http_port(default:80, embedded:TRUE);
if(!get_port_state(port))
	exit(0);

banner = get_http_banner(port:port);
if ( ! banner ) 
	exit(0);
# Server: 4D_WebSTAR_S/5.3.3 (MacOS X)
if ( "4D_WebSTAR" >< banner &&
     egrep(pattern:"^Server: 4D_WebSTAR.*/([0-4]\.|5\.([0-2]\.|3\.[0-2][^0-9]))", string:banner) ) 
{
 port = get_ftp_port(default:21);
 ftpbanner = get_ftp_banner(port:port);
 if ( egrep(string:ftpbanner, pattern:"^220 FTP server ready\."))
 { 
  security_note(port);
 }
}