Snare Agent for Linux < 1.7.0 / 2.0.0 Multiple Vulnerabilities

Medium Nessus Plugin ID 63334

Synopsis

The remote web server hosts an auditing application that is affected by multiple vulnerabilities.

Description

According to its self-reported version number, the installation of Snare Agent for Linux hosted on the remote web server is affected by multiple vulnerabilities in the optionally configured web interface:

- The web interface discloses a hashed password for remote logins. An attacker can view the page source at /remote and see the hashed password in the 'RemotePassword' field. (CVE-2011-5247)

- The web interface suffers from a cross-site scripting vulnerability because the application fails to sanitize input passed via logged events. An attacker could create a specially crafted request that would execute arbitrary script code in a user's browser.
(CVE-2011-5249)

- The web interface suffers from a cross-site request forgery (CSRF) vulnerability because it fails to properly implement the 'ChToken' parameter used to prevent CSRF attacks. (CVE-2011-5250)

Solution

Upgrade to version 1.7.0 / 2.0.0 or later.

See Also

https://seclists.org/bugtraq/2012/Dec/76

https://seclists.org/bugtraq/2012/Dec/77

https://seclists.org/bugtraq/2012/Dec/78

http://www.nessus.org/u?3546e793

Plugin Details

Severity: Medium

ID: 63334

File Name: snare_linux_1_7_0.nasl

Version: 1.7

Type: remote

Family: CGI abuses

Published: 2012/12/24

Updated: 2019/12/04

Dependencies: 63333

Risk Information

Risk Factor: Medium

CVSS Score Source: CVE-2011-5249

CVSS v2.0

Base Score: 4.3

Temporal Score: 3.4

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Temporal Vector: CVSS2#E:POC/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:intersect_alliance:snare_agent

Required KB Items: www/snare_linux

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Available: true

Exploit Ease: No exploit is required

Patch Publication Date: 2011/08/09

Vulnerability Publication Date: 2011/08/09

Reference Information

CVE: CVE-2011-5247, CVE-2011-5249, CVE-2011-5250

BID: 56883

CWE: 20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990