Vulnerabilities > CVE-2010-4098 - Denial Of Service vulnerability in monotone

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
PARTIAL
network
low complexity
monotone
nessus

Summary

monotone before 0.48.1, when configured to allow remote commands, allows remote attackers to cause a denial of service (crash) via an empty argument to the mtn command.

Nessus

  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2010-16902.NASL
    descriptionUpdate to monotone-0.48.1, which contains a fix for a DoS : Running
    last seen2020-06-01
    modified2020-06-02
    plugin id50507
    published2010-11-08
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/50507
    titleFedora 13 : monotone-0.48.1-1.fc13 (2010-16902)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory 2010-16902.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(50507);
      script_version("1.11");
      script_cvs_date("Date: 2019/08/02 13:32:32");
    
      script_cve_id("CVE-2010-4098");
      script_bugtraq_id(44383);
      script_xref(name:"FEDORA", value:"2010-16902");
    
      script_name(english:"Fedora 13 : monotone-0.48.1-1.fc13 (2010-16902)");
      script_summary(english:"Checks rpm output for the updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Update to monotone-0.48.1, which contains a fix for a DoS :
    
    Running 'mtn ' or 'mtn ls ' doesn't cause an internal error
    anymore. In monotone 0.48 and earlier this behavior could be used to
    crash a server remotely (but only if it was configured to allow
    execution of remote commands). Therefore everyone running such a
    server should update as soon as possible.
    
    There's also a fix for a non-critical issue :
    
    Using mtn:// style URIs for netsync operations didn't work with 0.48
    on systems which only have a 'monotone' entry in /etc/services.
    Failing to find a corresponding entry for the schema in a given URI
    isn't considered fatal now, instead mtn falls back to its default
    port.
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=647302"
      );
      # https://lists.fedoraproject.org/pipermail/package-announce/2010-November/050468.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?ce8027d7"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected monotone package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:monotone");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:13");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2010/10/28");
      script_set_attribute(attribute:"plugin_publication_date", value:"2010/11/08");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! ereg(pattern:"^13([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 13.x", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    flag = 0;
    if (rpm_check(release:"FC13", reference:"monotone-0.48.1-1.fc13")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "monotone");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_3_MONOTONE-101111.NASL
    descriptionremote attackers could crash a monotone server via an empty argument to the
    last seen2020-06-01
    modified2020-06-02
    plugin id75645
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/75645
    titleopenSUSE Security Update : monotone (openSUSE-SU-2010:0936-1)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update monotone-3505.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(75645);
      script_version("1.4");
      script_cvs_date("Date: 2019/10/25 13:36:39");
    
      script_cve_id("CVE-2010-4098");
    
      script_name(english:"openSUSE Security Update : monotone (openSUSE-SU-2010:0936-1)");
      script_summary(english:"Check for the monotone-3505 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "remote attackers could crash a monotone server via an empty argument
    to the 'mtn' command (CVE-2010-4098)."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=649515"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://lists.opensuse.org/opensuse-updates/2010-11/msg00013.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected monotone package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:monotone");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:11.3");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2010/11/11");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/13");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE11\.3)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "11.3", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE11.3", reference:"monotone-0.48.1-1.3.1") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "monotone");
    }
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2010-16888.NASL
    descriptionUpdate to monotone-0.48.1, which contains a fix for a DoS : Running
    last seen2020-06-01
    modified2020-06-02
    plugin id50506
    published2010-11-08
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/50506
    titleFedora 14 : monotone-0.48.1-1.fc14 (2010-16888)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory 2010-16888.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(50506);
      script_version("1.11");
      script_cvs_date("Date: 2019/08/02 13:32:32");
    
      script_cve_id("CVE-2010-4098");
      script_bugtraq_id(44383);
      script_xref(name:"FEDORA", value:"2010-16888");
    
      script_name(english:"Fedora 14 : monotone-0.48.1-1.fc14 (2010-16888)");
      script_summary(english:"Checks rpm output for the updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Update to monotone-0.48.1, which contains a fix for a DoS :
    
    Running 'mtn ' or 'mtn ls ' doesn't cause an internal error
    anymore. In monotone 0.48 and earlier this behavior could be used to
    crash a server remotely (but only if it was configured to allow
    execution of remote commands). Therefore everyone running such a
    server should update as soon as possible.
    
    There's also a fix for a non-critical issue :
    
    Using mtn:// style URIs for netsync operations didn't work with 0.48
    on systems which only have a 'monotone' entry in /etc/services.
    Failing to find a corresponding entry for the schema in a given URI
    isn't considered fatal now, instead mtn falls back to its default
    port.
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=647302"
      );
      # https://lists.fedoraproject.org/pipermail/package-announce/2010-November/050484.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?5a3126d9"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected monotone package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:monotone");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:14");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2010/10/28");
      script_set_attribute(attribute:"plugin_publication_date", value:"2010/11/08");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! ereg(pattern:"^14([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 14.x", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    flag = 0;
    if (rpm_check(release:"FC14", reference:"monotone-0.48.1-1.fc14")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "monotone");
    }