Vulnerabilities > CVE-2015-8400 - 7PK - Security Features vulnerability in multiple products
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
HIGH Availability impact
NONE Summary
The HTTPS fallback implementation in Shell In A Box (aka shellinabox) before 2.19 makes it easier for remote attackers to conduct DNS rebinding attacks via the "/plain" URL.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family SuSE Local Security Checks NASL id OPENSUSE-2016-1501.NASL description shellinabox was updated to version 2.20 to fix the following security issues : - It was possible to fallback to the HTTP protocol even when configured for HTTPS. (CVE-2015-8400, boo#957748) - Disable secure client-initiated renegotiation - Set SSL options for increased security (disable SSLv2, SSLv3) - Protection against large HTTP requests non security fixes : - Includes some MSIE and iOS rendering fixes last seen 2020-06-05 modified 2016-12-22 plugin id 96063 published 2016-12-22 reporter This script is Copyright (C) 2016-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/96063 title openSUSE Security Update : shellinabox (openSUSE-2016-1501) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update openSUSE-2016-1501. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(96063); script_version("3.2"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2015-8400"); script_name(english:"openSUSE Security Update : shellinabox (openSUSE-2016-1501)"); script_summary(english:"Check for the openSUSE-2016-1501 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "shellinabox was updated to version 2.20 to fix the following security issues : - It was possible to fallback to the HTTP protocol even when configured for HTTPS. (CVE-2015-8400, boo#957748) - Disable secure client-initiated renegotiation - Set SSL options for increased security (disable SSLv2, SSLv3) - Protection against large HTTP requests non security fixes : - Includes some MSIE and iOS rendering fixes" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=957748" ); script_set_attribute( attribute:"solution", value:"Update the affected shellinabox packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:shellinabox"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:shellinabox-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:shellinabox-debugsource"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:13.2"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:42.1"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:42.2"); script_set_attribute(attribute:"patch_publication_date", value:"2016/12/21"); script_set_attribute(attribute:"plugin_publication_date", value:"2016/12/22"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2016-2020 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE13\.2|SUSE42\.1|SUSE42\.2)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "13.2 / 42.1 / 42.2", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE13.2", reference:"shellinabox-2.20-5.3.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"shellinabox-debuginfo-2.20-5.3.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"shellinabox-debugsource-2.20-5.3.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"shellinabox-2.20-11.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"shellinabox-debuginfo-2.20-11.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"shellinabox-debugsource-2.20-11.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"shellinabox-2.20-12.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"shellinabox-debuginfo-2.20-12.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"shellinabox-debugsource-2.20-12.1") ) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "shellinabox / shellinabox-debuginfo / shellinabox-debugsource"); }NASL family Fedora Local Security Checks NASL id FEDORA_2015-463143720F.NASL description - Added support for middle-click paste * Improved iOS support * New logic to enable soft keyboard icon * Disable HTTPS fallback using the URL /plain. Consequently disables automatic upgrades from HTTP to HTTPS (CVE-2015-8400) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2016-03-04 plugin id 89229 published 2016-03-04 reporter This script is Copyright (C) 2016-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/89229 title Fedora 22 : shellinabox-2.19-1.fc22 (2015-463143720f) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2015-463143720f. # include("compat.inc"); if (description) { script_id(89229); script_version("2.3"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2015-8400"); script_xref(name:"FEDORA", value:"2015-463143720f"); script_name(english:"Fedora 22 : shellinabox-2.19-1.fc22 (2015-463143720f)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: " - Added support for middle-click paste * Improved iOS support * New logic to enable soft keyboard icon * Disable HTTPS fallback using the URL /plain. Consequently disables automatic upgrades from HTTP to HTTPS (CVE-2015-8400) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1287578" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1287579" ); # https://lists.fedoraproject.org/pipermail/package-announce/2016-January/175224.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?df0836f4" ); script_set_attribute( attribute:"solution", value:"Update the affected shellinabox package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:shellinabox"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:22"); script_set_attribute(attribute:"patch_publication_date", value:"2016/01/07"); script_set_attribute(attribute:"plugin_publication_date", value:"2016/03/04"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2016-2020 Tenable Network Security, Inc."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^22([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 22.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC22", reference:"shellinabox-2.19-1.fc22")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "shellinabox"); }NASL family Fedora Local Security Checks NASL id FEDORA_2015-1C773E8702.NASL description - Added support for middle-click paste * Improved iOS support * New logic to enable soft keyboard icon * Disable HTTPS fallback using the URL /plain. Consequently disables automatic upgrades from HTTP to HTTPS (CVE-2015-8400) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2016-03-04 plugin id 89163 published 2016-03-04 reporter This script is Copyright (C) 2016-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/89163 title Fedora 23 : shellinabox-2.19-1.fc23 (2015-1c773e8702) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2015-1c773e8702. # include("compat.inc"); if (description) { script_id(89163); script_version("2.3"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2015-8400"); script_xref(name:"FEDORA", value:"2015-1c773e8702"); script_name(english:"Fedora 23 : shellinabox-2.19-1.fc23 (2015-1c773e8702)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: " - Added support for middle-click paste * Improved iOS support * New logic to enable soft keyboard icon * Disable HTTPS fallback using the URL /plain. Consequently disables automatic upgrades from HTTP to HTTPS (CVE-2015-8400) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1287578" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1287579" ); # https://lists.fedoraproject.org/pipermail/package-announce/2016-January/175117.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?3ba30dba" ); script_set_attribute( attribute:"solution", value:"Update the affected shellinabox package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:shellinabox"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:23"); script_set_attribute(attribute:"patch_publication_date", value:"2016/01/07"); script_set_attribute(attribute:"plugin_publication_date", value:"2016/03/04"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2016-2020 Tenable Network Security, Inc."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^23([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 23.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC23", reference:"shellinabox-2.19-1.fc23")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "shellinabox"); }
References
- https://github.com/shellinabox/shellinabox/releases/tag/v2.19
- http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175117.html
- http://www.openwall.com/lists/oss-security/2015/12/02/7
- http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175224.html
- http://www.openwall.com/lists/oss-security/2015/12/02/6
- https://github.com/shellinabox/shellinabox/issues/355