Vulnerabilities > CVE-2009-0667 - Unspecified vulnerability in Ocsinventory-Ng OCS Inventory NG and Ocsinventory-Agent
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN ocsinventory-ng
nessus
Summary
Untrusted search path vulnerability in Agent/Backend.pm in Ocsinventory-Agent before 0.0.9.3, and 1.x before 1.0.1, in OCS Inventory allows local users to gain privileges via a Trojan horse Perl module in an arbitrary directory.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 10 |
Nessus
NASL family Fedora Local Security Checks NASL id FEDORA_2010-16314.NASL description - security update for CVE-2009-0667 http://bugs.debian.org/590879 http://www.debian.org/security/2009/dsa-1828 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 50397 published 2010-10-29 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/50397 title Fedora 14 : ocsinventory-agent-1.1.2.1-1.fc14 (2010-16314) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2010-16314. # include("compat.inc"); if (description) { script_id(50397); script_version("1.14"); script_cvs_date("Date: 2019/08/02 13:32:32"); script_bugtraq_id(35593); script_xref(name:"DSA", value:"1828"); script_xref(name:"FEDORA", value:"2010-16314"); script_name(english:"Fedora 14 : ocsinventory-agent-1.1.2.1-1.fc14 (2010-16314)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: " - security update for CVE-2009-0667 http://bugs.debian.org/590879 http://www.debian.org/security/2009/dsa-1828 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); # http://bugs.debian.org/590879 script_set_attribute( attribute:"see_also", value:"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=590879" ); # https://lists.fedoraproject.org/pipermail/package-announce/2010-October/049983.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?ff792590" ); script_set_attribute( attribute:"solution", value:"Update the affected ocsinventory-agent package." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:ocsinventory-agent"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:14"); script_set_attribute(attribute:"patch_publication_date", value:"2010/10/14"); script_set_attribute(attribute:"plugin_publication_date", value:"2010/10/29"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^14([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 14.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC14", reference:"ocsinventory-agent-1.1.2.1-1.fc14")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "ocsinventory-agent"); }
NASL family Debian Local Security Checks NASL id DEBIAN_DSA-1828.NASL description It was discovered that the ocsinventory-agent which is part of the ocsinventory suite, a hardware and software configuration indexing service, is prone to an insecure perl module search path. As the agent is started via cron and the current directory (/ in this case) is included in the default perl module path the agent scans every directory on the system for its perl modules. This enables an attacker to execute arbitrary code via a crafted ocsinventory-agent perl module placed on the system. The oldstable distribution (etch) does not contain ocsinventory-agent. last seen 2020-06-01 modified 2020-06-02 plugin id 44693 published 2010-02-24 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/44693 title Debian DSA-1828-1 : ocsinventory-agent - insecure module search path code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-1828. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(44693); script_version("1.9"); script_cvs_date("Date: 2019/08/02 13:32:22"); script_cve_id("CVE-2009-0667"); script_xref(name:"DSA", value:"1828"); script_name(english:"Debian DSA-1828-1 : ocsinventory-agent - insecure module search path"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "It was discovered that the ocsinventory-agent which is part of the ocsinventory suite, a hardware and software configuration indexing service, is prone to an insecure perl module search path. As the agent is started via cron and the current directory (/ in this case) is included in the default perl module path the agent scans every directory on the system for its perl modules. This enables an attacker to execute arbitrary code via a crafted ocsinventory-agent perl module placed on the system. The oldstable distribution (etch) does not contain ocsinventory-agent." ); script_set_attribute( attribute:"see_also", value:"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=506416" ); script_set_attribute( attribute:"see_also", value:"https://www.debian.org/security/2009/dsa-1828" ); script_set_attribute( attribute:"solution", value: "Upgrade the ocsinventory-agent packages. For the stable distribution (lenny), this problem has been fixed in version 1:0.0.9.2repack1-4lenny1." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:ocsinventory-agent"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:5.0"); script_set_attribute(attribute:"patch_publication_date", value:"2009/07/07"); script_set_attribute(attribute:"plugin_publication_date", value:"2010/02/24"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"5.0", prefix:"ocsinventory-agent", reference:"1:0.0.9.2repack1-4lenny1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family Fedora Local Security Checks NASL id FEDORA_2010-16334.NASL description - security update for CVE-2009-0667 http://bugs.debian.org/590879 http://www.debian.org/security/2009/dsa-1828 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 50310 published 2010-10-24 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/50310 title Fedora 12 : ocsinventory-agent-1.1.2.1-1.fc12 (2010-16334) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2010-16334. # include("compat.inc"); if (description) { script_id(50310); script_version("1.14"); script_cvs_date("Date: 2019/08/02 13:32:32"); script_bugtraq_id(35593); script_xref(name:"DSA", value:"1828"); script_xref(name:"FEDORA", value:"2010-16334"); script_name(english:"Fedora 12 : ocsinventory-agent-1.1.2.1-1.fc12 (2010-16334)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: " - security update for CVE-2009-0667 http://bugs.debian.org/590879 http://www.debian.org/security/2009/dsa-1828 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); # http://bugs.debian.org/590879 script_set_attribute( attribute:"see_also", value:"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=590879" ); # https://lists.fedoraproject.org/pipermail/package-announce/2010-October/049731.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?7004f384" ); script_set_attribute( attribute:"solution", value:"Update the affected ocsinventory-agent package." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:ocsinventory-agent"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:12"); script_set_attribute(attribute:"patch_publication_date", value:"2010/10/14"); script_set_attribute(attribute:"plugin_publication_date", value:"2010/10/24"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^12([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 12.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC12", reference:"ocsinventory-agent-1.1.2.1-1.fc12")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "ocsinventory-agent"); }
NASL family Fedora Local Security Checks NASL id FEDORA_2010-16335.NASL description - security update for CVE-2009-0667 http://bugs.debian.org/590879 http://www.debian.org/security/2009/dsa-1828 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 50311 published 2010-10-24 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/50311 title Fedora 13 : ocsinventory-agent-1.1.2.1-1.fc13 (2010-16335) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2010-16335. # include("compat.inc"); if (description) { script_id(50311); script_version("1.14"); script_cvs_date("Date: 2019/08/02 13:32:32"); script_bugtraq_id(35593); script_xref(name:"DSA", value:"1828"); script_xref(name:"FEDORA", value:"2010-16335"); script_name(english:"Fedora 13 : ocsinventory-agent-1.1.2.1-1.fc13 (2010-16335)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: " - security update for CVE-2009-0667 http://bugs.debian.org/590879 http://www.debian.org/security/2009/dsa-1828 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); # http://bugs.debian.org/590879 script_set_attribute( attribute:"see_also", value:"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=590879" ); # https://lists.fedoraproject.org/pipermail/package-announce/2010-October/049719.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?8639b845" ); script_set_attribute( attribute:"solution", value:"Update the affected ocsinventory-agent package." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:ocsinventory-agent"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:13"); script_set_attribute(attribute:"patch_publication_date", value:"2010/10/14"); script_set_attribute(attribute:"plugin_publication_date", value:"2010/10/24"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^13([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 13.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC13", reference:"ocsinventory-agent-1.1.2.1-1.fc13")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "ocsinventory-agent"); }
Seebug
bulletinFamily | exploit |
description | BUGTRAQ ID: 35593 CVE(CAN) ID: CVE-2009-0667 OCS Inventory NG(Open Computer and Software Inventory Next Generation)是一款系统管理软件,能帮助管理员掌握计算机软件安装和配置,在HTTP代理和服务器之间实现低网络流量通讯。 OCS Inventory套件中的代理组件没有安全地处理Perl模块搜索路径。在通过cron启动代理且默认的Perl模块路径中包含有当前目录的情况下,代理会在系统上的每个目录中扫描Perl模块。以下是Agent/Backend.pm中所执行的代码: foreach my $d (@INC) { next unless -d $d; File::Find::find( sub { push @installed_mod, $File::Find::name if $File::Find::name =~ /Ocsinventory\/Agent\/Backend\/.*\.pm$/; } , $d); } 由于@INC中包含有“.”,这实际会导致从$pwd扫描所有的子目录。 如果攻击者在系统中放置了特制的ocsinventory-agent perl模块,在扫描到该模块时就会导致执行任意代码。 OCS Inventory NG 1.00 厂商补丁: Debian ------ Debian已经为此发布了一个安全公告(DSA-1828-1)以及相应补丁: DSA-1828-1:New ocsinventory-agent packages fix arbitrary code execution 链接:http://www.debian.org/security/2009/dsa-1828 补丁下载: Source archives: http://security.debian.org/pool/updates/main/o/ocsinventory-agent/ocsinventory-agent_0.0.9.2repack1-4lenny1.dsc Size/MD5 checksum: 1334 cf43f5ea659d2ec4d4b854953e8c18c6 http://security.debian.org/pool/updates/main/o/ocsinventory-agent/ocsinventory-agent_0.0.9.2repack1.orig.tar.gz Size/MD5 checksum: 207786 ce09d43d41596641dbb1bd66dc4f2b62 http://security.debian.org/pool/updates/main/o/ocsinventory-agent/ocsinventory-agent_0.0.9.2repack1-4lenny1.diff.gz Size/MD5 checksum: 12171 d718e83817905e2e22edcfa25fa863b4 Architecture independent packages: http://security.debian.org/pool/updates/main/o/ocsinventory-agent/ocsinventory-agent_0.0.9.2repack1-4lenny1_all.deb Size/MD5 checksum: 83362 1d103ed0bb2520dfb3fc8b430ae30a6c 补丁安装方法: 1. 手工安装补丁包: 首先,使用下面的命令来下载补丁软件: # wget url (url是补丁下载链接地址) 然后,使用下面的命令来安装补丁: # dpkg -i file.deb (file是相应的补丁名) 2. 使用apt-get自动安装补丁包: 首先,使用下面的命令更新内部数据库: # apt-get update 然后,使用下面的命令安装更新软件包: # apt-get upgrade |
id | SSV:11771 |
last seen | 2017-11-19 |
modified | 2009-07-09 |
published | 2009-07-09 |
reporter | Root |
title | OCS Inventory NG代理Backend.pm Perl模块处理代码执行漏洞 |
References
- http://security.debian.org/pool/updates/main/o/ocsinventory-agent/ocsinventory-agent_0.0.9.2repack1-4lenny1.diff.gz
- http://www.vupen.com/english/advisories/2009/1809
- http://nana.rulezlan.org/~goneri/ocsinventory-agent/Ocsinventory-Agent-0.0.9.3.tar.gz
- http://www.debian.org/security/2009/dsa-1828
- http://www.securityfocus.com/bid/35593
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=506416
- http://secunia.com/advisories/35768
- http://osvdb.org/55718
- http://secunia.com/advisories/35727
- http://www.ocsinventory-ng.org/index.php?mact=News%2Ccntnt01%2Cdetail%2C0&cntnt01articleid=144