PatchLink Update Server checkprofile.asp checkid Parameter SQL Injection

high Nessus Plugin ID 22115

Synopsis

The remote web server contains an ASP script that is prone to a SQL injection attack.

Description

The remote host is running PatchLink Update Server, a patch and vulnerability management solution.

The version of PatchLink Update Server installed on the remote host fails to sanitize user-supplied input to the 'agentid' parameter of the '/dagent/checkprofile.php' script before using it to construct database queries. An unauthenticated attacker can exploit this flaw to manipulate database queries, which might lead to disclosure of sensitive information, modification of data, or attacks against the underlying database.

Note that Novell ZENworks Patch Management is based on PatchLink Update Server and is affected as well.

Solution

Apply patch 6.1 P1 / 6.2 SR1 P1 if using PatchLink Update Server or 6.2 SR1 P1 if using Novell ZENworks Patch Management.

See Also

https://www.securityfocus.com/archive/1/438710/30/0/threaded

http://support.novell.com/cgi-bin/search/searchtid.cgi?10100709.htm

Plugin Details

Severity: High

ID: 22115

File Name: plus_agentid_sql_injection.nasl

Version: 1.17

Type: remote

Family: CGI abuses

Published: 7/28/2006

Updated: 1/19/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.8

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: cpe:/a:lumension:patchlink_update_server

Required KB Items: www/ASP

Exploit Ease: No exploit is required

Vulnerability Publication Date: 6/28/2006

Reference Information

CVE: CVE-2006-3430

BID: 18715