Vulnerabilities > CVE-2004-1097 - Unspecified vulnerability in Cherokee Httpd
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN cherokee
nessus
Summary
Format string vulnerability in the cherokee_logger_ncsa_write_string function in Cherokee 0.4.17 and earlier, when authenticating via auth_pam, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via format string specifiers in the URL.
Vulnerable Configurations
Nessus
NASL family Web Servers NASL id CHEROKEE_0_4_17.NASL description The remote host is running Cherokee - a fast and tiny web server. The remote version of this software is vulnerable to a format string attack when processing authentication requests using auth_pam. This could allow a remote attacker to cause a denial of service, or potentially execute arbitrary code. last seen 2020-06-01 modified 2020-06-02 plugin id 15617 published 2004-11-03 reporter This script is Copyright (C) 2004-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/15617 title Cherokee Web Server auth_pam Authentication Format String code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if(description) { script_id(15617); script_version("1.19"); script_cve_id("CVE-2004-1097"); script_bugtraq_id(11574); script_name(english:"Cherokee Web Server auth_pam Authentication Format String"); script_summary(english:"Checks for version of Cherokee"); script_set_attribute( attribute:"synopsis", value:"The remote web server has a format string vulnerability." ); script_set_attribute( attribute:"description", value: "The remote host is running Cherokee - a fast and tiny web server. The remote version of this software is vulnerable to a format string attack when processing authentication requests using auth_pam. This could allow a remote attacker to cause a denial of service, or potentially execute arbitrary code." ); script_set_attribute( attribute:"see_also", value:"https://bugs.gentoo.org/show_bug.cgi?id=67667" ); script_set_attribute( attribute:"solution", value:"Upgrade to Cherokee 0.4.17.1 or later." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_publication_date", value: "2004/11/03"); script_set_attribute(attribute:"vuln_publication_date", value: "2004/10/15"); script_cvs_date("Date: 2018/11/15 20:50:25"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Web Servers"); script_copyright(english:"This script is Copyright (C) 2004-2018 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencie("find_service1.nasl", "http_version.nasl"); script_require_ports("Services/www", 443); exit(0); } # # The script code starts here # include("global_settings.inc"); include("misc_func.inc"); include("http.inc"); port = get_http_port(default:80); banner = get_http_banner(port:port); if(!banner)exit(0); serv = strstr(banner, "Server"); if(ereg(pattern:"^Server:.*Cherokee/0\.([0-3]\.|4\.([0-9]|1[0-7]))[^0-9.]", string:serv)) { security_hole(port); }NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200411-02.NASL description The remote host is affected by the vulnerability described in GLSA-200411-02 (Cherokee: Format string vulnerability) Florian Schilhabel from the Gentoo Linux Security Audit Team found a format string vulnerability in the cherokee_logger_ncsa_write_string() function. Impact : Using a specially crafted URL when authenticating via auth_pam, a malicious user may be able to crash the server or execute arbitrary code on the target machine with permissions of the user running Cherokee. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 15590 published 2004-11-02 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/15590 title GLSA-200411-02 : Cherokee: Format string vulnerability code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 200411-02. # # The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(15590); script_version("1.15"); script_cvs_date("Date: 2019/08/02 13:32:41"); script_cve_id("CVE-2004-1097"); script_xref(name:"GLSA", value:"200411-02"); script_name(english:"GLSA-200411-02 : Cherokee: Format string vulnerability"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-200411-02 (Cherokee: Format string vulnerability) Florian Schilhabel from the Gentoo Linux Security Audit Team found a format string vulnerability in the cherokee_logger_ncsa_write_string() function. Impact : Using a specially crafted URL when authenticating via auth_pam, a malicious user may be able to crash the server or execute arbitrary code on the target machine with permissions of the user running Cherokee. Workaround : There is no known workaround at this time." ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/200411-02" ); script_set_attribute( attribute:"solution", value: "All Cherokee users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=www-servers/cherokee-0.4.17.1'" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:cherokee"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2004/11/01"); script_set_attribute(attribute:"plugin_publication_date", value:"2004/11/02"); script_set_attribute(attribute:"vuln_publication_date", value:"2004/10/15"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"www-servers/cherokee", unaffected:make_list("ge 0.4.17.1"), vulnerable:make_list("le 0.4.17"))) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get()); else security_hole(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Cherokee"); }