Detections
Analytics

Hobbit Monitor config Method Traversal Arbitrary File Access

medium Nessus Plugin ID 22181

Language:

Synopsis

The remote server is affected by an information disclosure vulnerability.

Description

The version of the Hobbit Monitor daemon installed on the remote host does not properly filter the argument to the 'config' command of directory traversal sequences. An unauthenticated attacker can leverage this flaw to retrieve arbitrary files from the affected host subject to the privileges of the user id under which hobbitd runs.

Solution

Upgrade to Hobbit version 4.1.2p2 or later.

See Also

https://www.securityfocus.com/archive/1/442036/30/0/threaded

Plugin Details

Severity: Medium

ID: 22181

File Name: hobbitd_config_dir_traversal.nasl

Version: 1.16

Type: remote

Family: Misc.

Published: 8/8/2006

Updated: 11/15/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.4

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Information

Exploit Ease: No known exploits are available

Exploited by Nessus: true

Vulnerability Publication Date: 8/2/2006

Reference Information

CVE: CVE-2006-4003

BID: 19317