Vulnerabilities > CVE-2013-4885
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
The http-domino-enum-passwords.nse script in NMap before 6.40, when domino-enum-passwords.idpath is set, allows remote servers to upload "arbitrarily named" files via a crafted FullName parameter in a response, as demonstrated using directory traversal sequences.
Vulnerable Configurations
Exploit-Db
| description | Nmap Arbitrary File Write Vulnerability. CVE-2013-4885. Remote exploit for linux platform |
| id | EDB-ID:38741 |
| last seen | 2016-02-04 |
| modified | 2013-08-06 |
| published | 2013-08-06 |
| reporter | Piotr Duszynski |
| source | https://www.exploit-db.com/download/38741/ |
| title | Nmap Arbitrary File Write Vulnerability |
Nessus
NASL family SuSE Local Security Checks NASL id OPENSUSE-2013-776.NASL description nmap was updated to fix the http-domino-enum-passwords scripts. If you ran the (fortunately non-default) http-domino-enum-passwords script with the (fortunately also non-default) domino-enum-passwords.idpath parameter against a malicious server, it could cause an arbitrarily named file to to be written to the client system. last seen 2020-06-05 modified 2014-06-13 plugin id 75171 published 2014-06-13 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/75171 title openSUSE Security Update : nmap (openSUSE-SU-2013:1561-1) NASL family Solaris Local Security Checks NASL id SOLARIS11_NMAP_20140731.NASL description The remote Solaris system is missing necessary patches to address security updates : - The http-domino-enum-passwords.nse script in NMap before 6.40, when domino-enum-passwords.idpath is set, allows remote servers to upload last seen 2020-06-01 modified 2020-06-02 plugin id 80710 published 2015-01-19 reporter This script is Copyright (C) 2015-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/80710 title Oracle Solaris Third-Party Patch Update : nmap (cve_2013_4885_unrestricted_file) NASL family Fedora Local Security Checks NASL id FEDORA_2013-14786.NASL description - updated for 6.40 - fixes CVE-2013-4885 nmap: arbitrary file upload flaw in http-domino-enum-passwords NSE script Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2013-08-28 plugin id 69485 published 2013-08-28 reporter This script is Copyright (C) 2013-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/69485 title Fedora 18 : nmap-6.40-1.fc18 (2013-14786) NASL family SuSE Local Security Checks NASL id OPENSUSE-2013-790.NASL description nmap was updated to fix bnc#844953/CVE-2013-4885: There was a vulnerability in one of our 437 NSE scripts. If you ran the (fortunately non-default) http-domino-enum-passwords script with the (fortunately also non-default) domino-enum-passwords.idpath parameter against a malicious server, it could cause an arbitrarily named file to to be written to the client system. last seen 2020-06-05 modified 2014-06-13 plugin id 75175 published 2014-06-13 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/75175 title openSUSE Security Update : nmap (openSUSE-SU-2013:1579-1) NASL family Amazon Linux Local Security Checks NASL id ALA_ALAS-2016-671.NASL description The http-domino-enum-passwords.nse script in NMap before 6.40, when domino-enum-passwords.idpath is set, allows remote servers to upload arbitrarily named files via a crafted FullName parameter in a response, as demonstrated using directory traversal sequences. last seen 2020-06-01 modified 2020-06-02 plugin id 90100 published 2016-03-23 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/90100 title Amazon Linux AMI : nmap (ALAS-2016-671)
Seebug
| bulletinFamily | exploit |
| description | BUGTRAQ ID: 62024 CVE(CAN) ID: CVE-2013-4885 nmap是一款用于网络发现(Network Discovery)和安全审计(Security Auditing)的网络安全工具,它是自由软件。 Nmap 6.25在http-domino-enum-passwords NSE脚本内存在任意文件上传漏洞,攻击者可利用此漏洞以当前用户权限写任意文件。 0 Nmap 6.25 厂商补丁: Nmap ---- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://nmap.org/download.html |
| id | SSV:60988 |
| last seen | 2017-11-19 |
| modified | 2013-09-03 |
| published | 2013-09-03 |
| reporter | Root |
| source | https://www.seebug.org/vuldb/ssvid-60988 |
| title | Nmap 任意文件写漏洞(CVE-2013-4885) |
References
- http://lists.opensuse.org/opensuse-updates/2013-10/msg00030.html
- http://lists.opensuse.org/opensuse-updates/2013-10/msg00030.html
- http://lists.opensuse.org/opensuse-updates/2013-10/msg00035.html
- http://lists.opensuse.org/opensuse-updates/2013-10/msg00035.html
- http://nmap.org/changelog.html
- http://nmap.org/changelog.html
- http://packetstormsecurity.com/files/122719/TWSL2013-025.txt
- http://packetstormsecurity.com/files/122719/TWSL2013-025.txt
- https://github.com/drk1wi/portspoof/commit/1791fe4e2b9e5b5c8e000551ab60a64a29d924c3
- https://github.com/drk1wi/portspoof/commit/1791fe4e2b9e5b5c8e000551ab60a64a29d924c3
- https://www.trustwave.com/spiderlabs/advisories/TWSL2013-025.txt
- https://www.trustwave.com/spiderlabs/advisories/TWSL2013-025.txt