Vulnerabilities > CVE-2013-4114 - Credentials Management vulnerability in Henri Wahl Nagstamon
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE Summary
The automatic update request in Nagstamont before 0.9.10 uses a cleartext base64 format for transmission of a username and password, which allows remote attackers to obtain sensitive information by sniffing the network.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family Fedora Local Security Checks NASL id FEDORA_2013-12526.NASL description Added patch for fix security hole in updates-checking mechanism Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2013-07-16 plugin id 68894 published 2013-07-16 reporter This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/68894 title Fedora 19 : nagstamon-0.9.9-9.fc19 (2013-12526) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2013-12526. # include("compat.inc"); if (description) { script_id(68894); script_version("1.7"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12"); script_cve_id("CVE-2013-4114"); script_bugtraq_id(61120); script_xref(name:"FEDORA", value:"2013-12526"); script_name(english:"Fedora 19 : nagstamon-0.9.9-9.fc19 (2013-12526)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "Added patch for fix security hole in updates-checking mechanism Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=983673" ); # https://lists.fedoraproject.org/pipermail/package-announce/2013-July/111698.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?39018852" ); script_set_attribute( attribute:"solution", value:"Update the affected nagstamon package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:nagstamon"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:19"); script_set_attribute(attribute:"patch_publication_date", value:"2013/07/07"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/07/16"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^19([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 19.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC19", reference:"nagstamon-0.9.9-9.fc19")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "nagstamon"); }NASL family Fedora Local Security Checks NASL id FEDORA_2013-12541.NASL description Added patch for fix security hole in updates-checking mechanism Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2013-07-16 plugin id 68895 published 2013-07-16 reporter This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/68895 title Fedora 18 : nagstamon-0.9.9-9.fc18 (2013-12541) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2013-12541. # include("compat.inc"); if (description) { script_id(68895); script_version("1.7"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12"); script_cve_id("CVE-2013-4114"); script_bugtraq_id(61120); script_xref(name:"FEDORA", value:"2013-12541"); script_name(english:"Fedora 18 : nagstamon-0.9.9-9.fc18 (2013-12541)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "Added patch for fix security hole in updates-checking mechanism Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=983673" ); # https://lists.fedoraproject.org/pipermail/package-announce/2013-July/111706.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?12978b34" ); script_set_attribute( attribute:"solution", value:"Update the affected nagstamon package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:nagstamon"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:18"); script_set_attribute(attribute:"patch_publication_date", value:"2013/07/07"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/07/16"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^18([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 18.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC18", reference:"nagstamon-0.9.9-9.fc18")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "nagstamon"); }NASL family SuSE Local Security Checks NASL id OPENSUSE-2013-601.NASL description - update to 0.9.10 : + added fullscreen option + added Thruk support + added Check_MK cookie-based auth + added new Centreon autologin option + added configurable default sort order + added filter for hosts in hard/soft state for Nagios, Icinga, Opsview and Centreon + added $STATUS-INFO$ variable for custom actions + added audio alarms also in fullscreen mode + improved update interval set in seconds instead minutes + improved Icinga JSON support + improved Centreon 2.4 xml/broker support + improved Nagios 3.4 pagination support + improved nicer GTK theme Murrine on MacOSX + fixed security bug + fixed some memory leaks + fixed superfluous passive icon for Check_MK + fixed blocking of shutdown/reboot on MacOSX + fixed saving converted pre 0.9.9 config immediately + fixed statusbar position when offscreen + fixed some GUI issues + fixed update detection - this version fixes a security bug in the automatic update check (mentioned in CVE-2013-4114 and bnc #829217) - fix build on CentOS > 5 last seen 2020-06-05 modified 2014-06-13 plugin id 75094 published 2014-06-13 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/75094 title openSUSE Security Update : nagstamon (openSUSE-SU-2013:1235-1) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update openSUSE-2013-601. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(75094); script_version("1.4"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2013-4114"); script_bugtraq_id(61120); script_name(english:"openSUSE Security Update : nagstamon (openSUSE-SU-2013:1235-1)"); script_summary(english:"Check for the openSUSE-2013-601 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: " - update to 0.9.10 : + added fullscreen option + added Thruk support + added Check_MK cookie-based auth + added new Centreon autologin option + added configurable default sort order + added filter for hosts in hard/soft state for Nagios, Icinga, Opsview and Centreon + added $STATUS-INFO$ variable for custom actions + added audio alarms also in fullscreen mode + improved update interval set in seconds instead minutes + improved Icinga JSON support + improved Centreon 2.4 xml/broker support + improved Nagios 3.4 pagination support + improved nicer GTK theme Murrine on MacOSX + fixed security bug + fixed some memory leaks + fixed superfluous passive icon for Check_MK + fixed blocking of shutdown/reboot on MacOSX + fixed saving converted pre 0.9.9 config immediately + fixed statusbar position when offscreen + fixed some GUI issues + fixed update detection - this version fixes a security bug in the automatic update check (mentioned in CVE-2013-4114 and bnc #829217) - fix build on CentOS > 5" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=829217" ); script_set_attribute( attribute:"see_also", value:"https://lists.opensuse.org/opensuse-updates/2013-07/msg00072.html" ); script_set_attribute( attribute:"solution", value:"Update the affected nagstamon package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:nagstamon"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:12.2"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:12.3"); script_set_attribute(attribute:"patch_publication_date", value:"2013/07/15"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/13"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE12\.2|SUSE12\.3)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "12.2 / 12.3", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if ( rpm_check(release:"SUSE12.2", reference:"nagstamon-0.9.10-2.4.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"nagstamon-0.9.10-4.4.1") ) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "nagstamon"); }NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201401-03.NASL description The remote host is affected by the vulnerability described in GLSA-201401-03 (Nagstamon: Information disclosure) Nagstamon’s automatic request to check for updates includes plaintext username and password information for one of the monitor servers that the Nagstamon instance connects to. Impact : A remote attacker could eavesdrop on this request and gain user credentials for a monitor server. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 71810 published 2014-01-07 reporter This script is Copyright (C) 2014-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/71810 title GLSA-201401-03 : Nagstamon: Information disclosure code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 201401-03. # # The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(71810); script_version("1.5"); script_cvs_date("Date: 2018/07/12 19:01:15"); script_cve_id("CVE-2013-4114"); script_bugtraq_id(61120); script_xref(name:"GLSA", value:"201401-03"); script_name(english:"GLSA-201401-03 : Nagstamon: Information disclosure"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-201401-03 (Nagstamon: Information disclosure) Nagstamon’s automatic request to check for updates includes plaintext username and password information for one of the monitor servers that the Nagstamon instance connects to. Impact : A remote attacker could eavesdrop on this request and gain user credentials for a monitor server. Workaround : There is no known workaround at this time." ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/201401-03" ); script_set_attribute( attribute:"solution", value: "All Nagstamon users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=net-analyzer/nagstamon-0.9.11_rc1'" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:nagstamon"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2014/01/06"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/01/07"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"net-analyzer/nagstamon", unaffected:make_list("ge 0.9.11_rc1"), vulnerable:make_list("lt 0.9.11_rc1"))) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get()); else security_warning(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Nagstamon"); }
References
- http://lists.opensuse.org/opensuse-updates/2013-07/msg00072.html
- http://nagstamon.ifw-dresden.de/docs/security/
- http://secunia.com/advisories/54072
- http://secunia.com/advisories/54276
- http://www.openwall.com/lists/oss-security/2013/07/11/7
- https://bugs.gentoo.org/show_bug.cgi?id=476538
- https://bugzilla.redhat.com/show_bug.cgi?id=983673