Issue
-----
NVT: CUPS < 1.1.23 Multiple Vulnerabilities
OID: 1.3.6.1.4.1.25623.1.0.16141
Threat: Medium (CVSS: 6.5)
Port: 631/tcp
Product detection result: cpe:/a:apple:cups:1.1
Detected by: CUPS Version Detection (OID: 1.3.6.1.4.1.25623.1.0.900348)
Summary:
The remote host is running a CUPS server whose version number is
between 1.0.4 and 1.1.22 inclusive. Such versions are prone to
multiple vulnerabilities :
- The is_path_absolute function in scheduler/client.c for the
daemon in CUPS allows remote attackers to cause a denial
of service (CPU consumption by tight loop) via a '..\..'
URL in an HTTP request.
- A remotely exploitable buffer overflow in the 'hpgltops'
filter that enable specially crafted HPGL files can
execute arbitrary commands as the CUPS 'lp' account.
- A local user may be able to prevent anyone from changing
his or her password until a temporary copy of the new
password file is cleaned up ('lppasswd' flaw).
- A local user may be able to add arbitrary content to the
password file by closing the stderr file descriptor
while running lppasswd (lppasswd flaw).
- A local attacker may be able to truncate the CUPS
password file, thereby denying service to valid clients
using digest authentication. (lppasswd flaw).
- The application applys ACLs to incoming print jobs in a
case-sensitive fashion. Thus, an attacker can bypass
restrictions by changing the case in printer names when
submitting jobs. [Fixed in 1.1.21.]
Vulnerability Detection Result:
Installed version: 1.1
Fixed version: 1.1.23
Solution:
Solution type: VendorFix
Upgrade to CUPS 1.1.23 or later.
Vulnerability Detection Method:
Details:
CUPS < 1.1.23 Multiple Vulnerabilities
(OID: 1.3.6.1.4.1.25623.1.0.16141)
Version used: $Revision: 6040 $
Product Detection Result:
Product:cpe:/a:apple:cups:1.1
Method:CUPS Version Detection
(OID: 1.3.6.1.4.1.25623.1.0.900348)
References:
CVE: CVE-2004-1267, CVE-2004-1268, CVE-2004-1269, CVE-2004-1270, CVE-2005-2874
BID: 11968, 12004, 12005, 12007, 12200, 14265
Other:
OSVDB:12439
OSVDB:12453
OSVDB:12454
FLSA:FEDORA-2004-908
FLSA:FEDORA-2004-559
FLSA:FEDORA-2004-560
GLSA:GLSA-200412-25
http://www.cups.org/str.php?L700
http://www.cups.org/str.php?L1024
http://www.cups.org/str.php?L1023
http://www.cups.org/str.php?L1042
Issue
-----
NVT: CUPS Version Detection
OID: 1.3.6.1.4.1.25623.1.0.900348
Threat: Log (CVSS: 0.0)
Port: 631/tcp
Summary:
Detection of installed version of Common Unix Printing System (CUPS)
This script sends HTTP GET request and try to get the version from the respons!
e, and sets the result in KB.
Vulnerability Detection Result:
Detected CUPS
Version: 1.1
Location: /
CPE: cpe:/a:apple:cups:1.1
Concluded from version/product identification result:
Server: CUPS/1.1
Log Method:
Details:
CUPS Version Detection
(OID: 1.3.6.1.4.1.25623.1.0.900348)
Version used: $Revision: 6040 $
Issue
-----
NVT: DataLife Engine 'catlist' Parameter PHP Code Injection Vulnerability
OID: 1.3.6.1.4.1.25623.1.0.103654
Threat: High (CVSS: 7.5)
Port: 80/tcp
Summary:
DataLife Engine is prone to a remote PHP code-injection vulnerability.
An attacker can exploit this issue to inject and execute arbitrary PHP
code in the context of the affected application. This may facilitate a
compromise of the application and the underlying system
other attacks
are also possible.
DataLife Engine 9.7 is vulnerable
other versions may also be
affected.
Vulnerability Detection Result:
Vulnerability was detected according to the Vulnerability Detection Method.
Solution:
Vendor updates are available. Please see the references for details.
Vulnerability Detection Method:
Details:
DataLife Engine 'catlist' Parameter PHP Code Injection Vulnerability
(OID: 1.3.6.1.4.1.25623.1.0.103654)
Version used: $Revision: 5699 $
References:
CVE: CVE-2013-1412
BID: 57603
Other:
http://www.securityfocus.com/bid/57603
Issue
-----
NVT: DCP-Portal XSS
OID: 1.3.6.1.4.1.25623.1.0.11446
Threat: Medium (CVSS: 4.3)
Port: 80/tcp
Summary:
You are running a version of DCP-Portal which is older or equals to v5.3.2
This version is vulnerable to:
- Cross-site scripting flaws in calendar.php script, which may let an
attacker to execute arbitrary code in the browser of a legitimate user.
In addition to this, your version may also be vulnerable to:
- HTML injection flaws, which may let an attacker to inject hostile
HTML and script code that could permit cookie-based credentials to be stolen
and other attacks.
- HTTP response splitting flaw, which may let an attacker to influence
or misrepresent how web content is served, cached or interpreted.
Vulnerability Detection Result:
Vulnerable url: http://192.168.27.45/info/calendar.php?year=2004&month=<script>f!
oo</script>&day=01
Solution:
Solution type: VendorFix
Upgrade to a newer version when available
Vulnerability Detection Method:
Details:
DCP-Portal XSS
(OID: 1.3.6.1.4.1.25623.1.0.11446)
Version used: $Revision: 6053 $
References:
CVE: CVE-2004-2511, CVE-2004-2512
BID: 7141, 7144, 11338, 11339, 11340
Other:
OSVDB:10585
OSVDB:10586
OSVDB:10587
OSVDB:10588
OSVDB:10589
OSVDB:10590
OSVDB:11405
http://archives.neohapsis.com/archives/bugtraq/2004-10/0042.html
http://archives.neohapsis.com/archives/fulldisclosure/2004-10/0131.html
Issue
-----
NVT: Denial Of Service Vulnerability in OpenSSL June-09 (Linux)
OID: 1.3.6.1.4.1.25623.1.0.800809
Threat: Medium (CVSS: 5.0)
Port: general/tcp
Product detection result: cpe:/a:openssl:openssl:0.9.8d
Detected by: OpenSSL Version Detection (Linux) (OID: 1.3.6.1.4.1.25623.1.0.800335)
Summary:
This host has OpenSSL installed and is prone to Denial of Service
vulnerability.
Vulnerability Detection Result:
Vulnerability was detected according to the Vulnerability Detection Method.
Impact:
Successful exploitation will allow attacker to cause DTLS server crash.
Impact Level: Application
Impact Level: Application
Solution:
Solution type: VendorFix
Upgrade to OpenSSL version 0.9.8i or later
http://www.openssl.org/source
*****
Note: Vulnerability is related to CVE-2009-1386
*****
*****
This might be a False Positive
Only version check is being done depending on the publicly available OpenSSL p!
ackages.
Each vendor might have backported versions of the packages.
*****
Affected Software/OS:
OpenSSL version prior to 0.9.8i on Linux.
Vulnerability Insight:
A NULL pointer dereference error in ssl/s3_pkt.c file which does not properly
check the input packets value via a DTLS ChangeCipherSpec packet that occurs
before ClientHello.
Vulnerability Detection Method:
Details:
Denial Of Service Vulnerability in OpenSSL June-09 (Linux)
(OID: 1.3.6.1.4.1.25623.1.0.800809)
Version used: $Revision: 4869 $
Product Detection Result:
Product:cpe:/a:openssl:openssl:0.9.8d
Method:OpenSSL Version Detection (Linux)
(OID: 1.3.6.1.4.1.25623.1.0.800335)
References:
CVE: CVE-2009-1386
BID: 35174
CERT: DFN-CERT-2010-0720
, DFN-CERT-2010-0588
, DFN-CERT-2010-0300
, DFN-CERT-2009-1699
, DFN-CERT-2009-1318
, DFN-CERT-2009-1317
, DFN-CERT-2009-1238
Other:
http://cvs.openssl.org/chngview?cn=17369
http://www.openwall.com/lists/oss-security/2009/06/02/1
http://rt.openssl.org/Ticket/Display.html?id=1679&user=guest&pass=guest
Issue
-----
NVT: Desktop Boards BIOS Information Detection for Linux
OID: 1.3.6.1.4.1.25623.1.0.800163
Threat: Log (CVSS: 0.0)
Port: general/tcp
Summary:
Detection of installed version of Desktop Boards BIOS.
The script logs in via ssh and queries for the version using the command
line tool 'dmidecode'. Usually this command requires root privileges to
execute.
Vulnerability Detection Result:
Desktop Boards BIOS version 6.00
stderr is not a tty - where are you? was detected on the host
Desktop Boards BIOS Vendor Phoenix Technologies LTD
stderr is not a tty - where are you? was detected on the host
Desktop Boards Base Board version None
stderr is not a tty - where are you? was detected on the host
Desktop Boards Base Board Manufacturer Intel Corporation
stderr is not a tty - where are you? was detected on the host
Desktop Boards Base Board Product Name 440BX Desktop Reference Platform
stderr is not a tty - where are you? was detected on the host
Log Method:
Details:
Desktop Boards BIOS Information Detection for Linux
(OID: 1.3.6.1.4.1.25623.1.0.800163)
Version used: $Revision: 6032 $
Issue
-----
NVT: Determine OS and list of installed packages via SSH login
OID: 1.3.6.1.4.1.25623.1.0.50282
Threat: Log (CVSS: 0.0)
Port: 22/tcp
Summary:
This script will, if given a userid/password or
key to the remote system, login to that system, determine the OS it is running!
, and for
supported systems, extract the list of installed packages/rpms.
Vulnerability Detection Result:
We are able to login and detect that you are running Slackware 11.0
Vulnerability Insight:
The ssh protocol is used to log in. If a specific port is
configured for the credential, then only this port will be tried. Else any por!
t that offers
ssh, usually port 22.
Upon successful login, the command 'uname -a' is issued to find out about the !
type and version
of the operating system.
The result is analysed for various patterns and in several cases additional co!
mmands are tried
to find out more details and to confirm a detection.
The regular Linux distributions are detected this way as well as other linunxo!
id systems and
also many Linux-baseddevices and appliances.
If the system offers a package database, for example RPM- or DEB-based, this f!
ull list of
installed packages is retrieved for further patch-level checks.
Log Method:
Details:
Determine OS and list of installed packages via SSH login
(OID: 1.3.6.1.4.1.25623.1.0.50282)
Version used: $Revision: 6011 $
Issue
-----
NVT: DHCart Multiple Cross Site Scripting And HTML Injection Vulnerabilities
OID: 1.3.6.1.4.1.25623.1.0.100028
Threat: Medium (CVSS: 4.3)
Port: 80/tcp
Summary:
DHCart is prone to multiple cross-site scripting and HTML-injection
vulnerabilities because it fails to sufficiently sanitize user-supplied data.
Vulnerability Detection Result:
Vulnerable url: http://192.168.27.45/info/order.php?dhaction=check&submit_domain!
=Register&domain=<script>alert(document.cookie);</script>&ext1=on
Impact:
Attacker-supplied HTML or JavaScript code could run in the context of the affect!
ed site,
potentially allowing the attacker to steal cookie-based authentication credent!
ials and to control how the site
is rendered to the user
other attacks are also possible.
Solution:
Solution type: VendorFix
Update DHCart to version 3.88 or newer.
Affected Software/OS:
DHCart 3.84 is vulnerable
other versions may also be affected.
Vulnerability Detection Method:
Details:
DHCart Multiple Cross Site Scripting And HTML Injection Vulnerabilities
(OID: 1.3.6.1.4.1.25623.1.0.100028)
Version used: $Revision: 4655 $
References:
CVE: CVE-2008-6297
BID: 32117
Issue
-----
NVT: DIRB (NASL wrapper)
OID: 1.3.6.1.4.1.25623.1.0.103079
Threat: Log (CVSS: 0.0)
Port: 5801/tcp
Summary:
This script uses DIRB to find directories and files on web
applications via brute forcing. See the preferences section for configuration !
options.
Vulnerability Detection Result:
This are the directories/files found with brute force:
http://192.168.27.45:5801/
Log Method:
Details:
DIRB (NASL wrapper)
(OID: 1.3.6.1.4.1.25623.1.0.103079)
Version used: $Revision: 4685 $
Issue
-----
NVT: DIRB (NASL wrapper)
OID: 1.3.6.1.4.1.25623.1.0.103079
Threat: Log (CVSS: 0.0)
Port: 631/tcp
Summary:
This script uses DIRB to find directories and files on web
applications via brute forcing. See the preferences section for configuration !
options.
Vulnerability Detection Result:
This are the directories/files found with brute force:
http://192.168.27.45:5801/
http://192.168.27.45:631/
Log Method:
Details:
DIRB (NASL wrapper)
(OID: 1.3.6.1.4.1.25623.1.0.103079)
Version used: $Revision: 4685 $
Issue
-----
NVT: DIRB (NASL wrapper)
OID: 1.3.6.1.4.1.25623.1.0.103079
Threat: Log (CVSS: 0.0)
Port: 80/tcp
Summary:
This script uses DIRB to find directories and files on web
applications via brute forcing. See the preferences section for configuration !
options.
Vulnerability Detection Result:
This are the directories/files found with brute force:
http://192.168.27.45:5801/
http://192.168.27.45:80/
Log Method:
Details:
DIRB (NASL wrapper)
(OID: 1.3.6.1.4.1.25623.1.0.103079)
Version used: $Revision: 4685 $
Issue
-----
NVT: DIRB (NASL wrapper)
OID: 1.3.6.1.4.1.25623.1.0.103079
Threat: Log (CVSS: 0.0)
Port: 80/tcp
Summary:
This script uses DIRB to find directories and files on web
applications via brute forcing. See the preferences section for configuration !
options.
Vulnerability Detection Result:
This are the directories/files found with brute force:
http://192.168.27.45:5801/
http://192.168.27.45:631/
http://192.168.27.45:80/
Log Method:
Details:
DIRB (NASL wrapper)
(OID: 1.3.6.1.4.1.25623.1.0.103079)
Version used: $Revision: 4685 $
Issue
-----
NVT: Enabled Directory Listing Detection
OID: 1.3.6.1.4.1.25623.1.0.111074
Threat: Medium (CVSS: 5.0)
Port: 80/tcp
Summary:
The script attempts to identify directories with an enabled directory listing.
Vulnerability Detection Result:
The following directories with an enabled directory listing were identified:
http://192.168.27.45/
http://192.168.27.45/beef
http://192.168.27.45/beef/include
http://192.168.27.45/beef/modules
http://192.168.27.45/beef/tmp
http://192.168.27.45/beef/tmp/de2dfc7a9a4bfd754ffd38a21373c091
http://192.168.27.45/manual/howto
http://192.168.27.45/olate/templates/olate
http://192.168.27.45/olate/templates/olate/global
http://192.168.27.45/webexploitation_package_01
http://192.168.27.45/webexploitation_package_02
http://192.168.27.45/webexploitation_package_02/board51
http://192.168.27.45/webexploitation_package_02/board51/boarddata
http://192.168.27.45/webexploitation_package_02/board51/solution
http://192.168.27.45/webexploitation_package_02/iseasynews
http://192.168.27.45/webexploitation_package_02/isguestbook/smileys
http://192.168.27.45/webexploitation_package_02/isshout/smileys
http://192.168.27.45/webexploitation_package_02/isshout/templates/default/
http://192.168.27.45/webexploitation_package_02/nabopoll
http://192.168.27.45/webexploitation_package_02/nabopoll/includes
http://192.168.27.45/webexploitation_package_02/nabopoll/templates
http://192.168.27.45/webexploitation_package_02/nabopoll/test
http://192.168.27.45/webexploitation_package_02/solutions
http://192.168.27.45/webexploitation_package_02/webnews/design
Please review the content manually.
Impact:
Based on the information shown an attacker might be able to gather additional in!
fo about
the structure of this application.
Solution:
Solution type: Mitigation
If not needed disable the directory listing within the webservers config.
Affected Software/OS:
Webservers with an enabled directory listing.
Vulnerability Detection Method:
Check the detected directories if a directory listing is enabled.
Details:
Enabled Directory Listing Detection
(OID: 1.3.6.1.4.1.25623.1.0.111074)
Version used: $Revision: 5440 $
References:
Other:
https://www.owasp.org/index.php/OWASP_Periodic_Table_of_Vulnerabilities_-_Directory_Indexing
Issue
-----
NVT: Faq-O-Matic fom.cgi XSS
OID: 1.3.6.1.4.1.25623.1.0.15540
Threat: Medium (CVSS: 5.0)
Port: 80/tcp
Summary:
The remote host runs Faq-O-Matic, a CGI-based system that automates
the process of maintaining a FAQ.
The remote version of this software is vulnerable to cross-site scripting atta!
cks in the script 'fom.cgi'.
Vulnerability Detection Result:
Vulnerable url: http://192.168.27.45/info/fom.cgi?cmd=<script>foo</script>&file=!
1&keywords=openvas
Impact:
With a specially crafted URL, an attacker can cause arbitrary code
execution resulting in a loss of integrity.
Solution:
Solution type: VendorFix
Upgrade to the latest version of this software
Vulnerability Detection Method:
Details:
Faq-O-Matic fom.cgi XSS
(OID: 1.3.6.1.4.1.25623.1.0.15540)
Version used: $Revision: 6053 $
References:
CVE: CVE-2002-0230, CVE-2002-2011
BID: 4565
Issue
-----
NVT: Fingerprint web server with favicon.ico
OID: 1.3.6.1.4.1.25623.1.0.20108
Threat: Log (CVSS: 0.0)
Port: 80/tcp
Summary:
The remote web server contains a graphic image that is prone to
information disclosure.
Vulnerability Detection Result:
The following apps/services were identified:
"Joomla!" fingerprinted by the file: "http://192.168.27.45http://bt.example.net/!
webexploitation_package_02/joomla107/images/favicon.ico"
"Joomla!" fingerprinted by the file: "http://192.168.27.45http://bt.example.net/!
webexploitation_package_02/joomla107/images/favicon.ico"
"Joomla!" fingerprinted by the file: "http://192.168.27.45http://bt.example.net/!
webexploitation_package_02/joomla109/images/favicon.ico"
"phpmyadmin (2.11.8.1)" fingerprinted by the file: "http://192.168.27.45/phpmyad!
min/favicon.ico"
Impact:
The 'favicon.ico' file found on the remote web server belongs to a
popular webserver/application. This may be used to fingerprint the webserver/a!
pplication.
Solution:
Solution type: Mitigation
Remove the 'favicon.ico' file or create a custom one for your site.
Log Method:
Details:
Fingerprint web server with favicon.ico
(OID: 1.3.6.1.4.1.25623.1.0.20108)
Version used: $Revision: 4988 $
Issue
-----
NVT: Firefox Information Disclosure Vulnerability Jan09 (Linux)
OID: 1.3.6.1.4.1.25623.1.0.900449
Threat: Low (CVSS: 2.1)
Port: general/tcp
Summary:
The host is installed with Mozilla Firefox browser and is prone
to information disclosure vulnerability.
Vulnerability Detection Result:
Vulnerability was detected according to the Vulnerability Detection Method.
Impact:
Successful exploitation will let the attacker execute arbitrary
codes in the context of the web browser and can obtain sensitive information
of the remote user through the web browser.
Impact Level: Application
Solution:
Solution type: VendorFix
Upgrade to Mozilla Firefox version 3.6.3 or later
For updates refer to http://www.getfirefox.com
Affected Software/OS:
Mozilla Firefox version from 2.0 to 3.0.5 on Linux.
Vulnerability Insight:
The Web Browser fails to properly enforce the same-origin policy, which leads
to cross-domain information disclosure.
Vulnerability Detection Method:
Details:
Firefox Information Disclosure Vulnerability Jan09 (Linux)
(OID: 1.3.6.1.4.1.25623.1.0.900449)
Version used: $Revision: 5055 $
References:
CVE: CVE-2009-5913
BID: 33276
Other:
https://bugzilla.redhat.com/show_bug.cgi?id=480938
http://www.trusteer.com/files/In-session-phishing-advisory-2.pdf
Issue
-----
NVT: Firefox Multiple Vulnerabilities Dec-09 (Linux)
OID: 1.3.6.1.4.1.25623.1.0.902005
Threat: High (CVSS: 9.3)
Port: general/tcp
Summary:
The host is installed with Firefox Browser and is prone to multiple
vulnerabilities.
Vulnerability Detection Result:
Vulnerability was detected according to the Vulnerability Detection Method.
Impact:
Successful exploitation will allow attacker to conduct spoofing attacks,
bypass certain security restrictions, manipulate certain data, disclose
sensitive information, or compromise a user's system.
Impact Level: Application/System
Solution:
Upgrade to Firefox version 3.0.16
http://www.mozilla.com/en-US/firefox/all.html
Affected Software/OS:
Firefox version prior to 3.0.16 on Linux.
Vulnerability Insight:
For more information about vulnerabilities on Firefox, refer the links
mentioned in references.
Vulnerability Detection Method:
Details:
Firefox Multiple Vulnerabilities Dec-09 (Linux)
(OID: 1.3.6.1.4.1.25623.1.0.902005)
Version used: $Revision: 5055 $
References:
CVE: CVE-2009-3979, CVE-2009-3981, CVE-2009-3983, CVE-2009-3984, CVE-2009-3985, CVE-2009-3986, CVE-2009-3987
BID: 37361, 37363, 37366, 37367, 37370, 37365, 37360
CERT: DFN-CERT-2010-0775
, DFN-CERT-2010-0593
, DFN-CERT-2010-0584
, DFN-CERT-2010-0369
, DFN-CERT-2010-0036
, DFN-CERT-2009-1827
, DFN-CERT-2009-1826
, DFN-CERT-2009-1825
, DFN-CERT-2009-1802
, DFN-CERT-2009-1800
, DFN-CERT-2009-1795
, DFN-CERT-2009-1790
, DFN-CERT-2009-1784
, DFN-CERT-2009-1783
Other:
http://secunia.com/advisories/37699
http://www.vupen.com/english/advisories/2009/3547
http://www.mozilla.org/security/announce/2009/mfsa2009-65.html
http://www.mozilla.org/security/announce/2009/mfsa2009-68.html
http://www.mozilla.org/security/announce/2009/mfsa2009-69.html
http://www.mozilla.org/security/announce/2009/mfsa2009-70.html
http://www.mozilla.org/security/announce/2009/mfsa2009-71.html
Issue
-----
NVT: Firefox Multiple Vulnerabilities Feb-10 (Linux)
OID: 1.3.6.1.4.1.25623.1.0.900743
Threat: Medium (CVSS: 4.3)
Port: general/tcp
Summary:
The host is installed with Firefox Browser and is prone to multiple
vulnerabilities.
Vulnerability Detection Result:
Vulnerability was detected according to the Vulnerability Detection Method.
Impact:
Successful exploitation allows attackers to obtain sensitive information via
a crafted document.
Impact Level: Application.
Solution:
Solution type: VendorFix
Upgrade to Firefox version 3.6,
For updates refer to http://www.mozilla.com/en-US/firefox/all.html
Affected Software/OS:
Firefox version prior to 3.6 on Linux.
Vulnerability Insight:
- The malformed stylesheet document and cross-origin loading of CSS
stylesheets even when the stylesheet download has an incorrect MIME type.
- IFRAME element allows placing the site&qts URL in the HREF attribute of a
stylesheet 'LINK' element, and then reading the 'document.styleSheets[0].hre!
f'
property value.
Vulnerability Detection Method:
Details:
Firefox Multiple Vulnerabilities Feb-10 (Linux)
(OID: 1.3.6.1.4.1.25623.1.0.900743)
Version used: $Revision: 5394 $
References:
CVE: CVE-2010-0648, CVE-2010-0654
CERT: DFN-CERT-2010-1147
, DFN-CERT-2010-1142
, DFN-CERT-2010-0965
, DFN-CERT-2010-0952
, DFN-CERT-2010-0934
, DFN-CERT-2010-0933
, DFN-CERT-2010-0932
, DFN-CERT-2010-0925
, DFN-CERT-2010-0663
Other:
http://code.google.com/p/chromium/issues/detail?id=9877
http://code.google.com/p/chromium/issues/detail?id=32309
Issue
-----
NVT: Firefox URL Spoofing And Phising Vulnerability (Linux)
OID: 1.3.6.1.4.1.25623.1.0.900512
Threat: Medium (CVSS: 5.8)
Port: general/tcp
Summary:
The host is installed with Mozilla Firefox browser and is prone
to URL spoofing and phising vulnerability.
Vulnerability Detection Result:
Vulnerability was detected according to the Vulnerability Detection Method.
Impact:
Successful remote exploitation will let the attacker spoof the URL
information by using homoglyphs of say the /(slash) and ?(question mark)and
can gain sensitive information by redirecting the user to any malicious URL.
Impact Level: Application
Solution:
Solution type: VendorFix
Upgrade to Mozilla Firefox version 3.6.3 or later
For updates refer to http://www.mozilla.com/en-US/firefox/
Affected Software/OS:
Mozilla Firefox version 3.0.6 and prior on Linux.
Vulnerability Insight:
Firefox doesn't properly prevent the literal rendering of homoglyph
characters in IDN domain names. This renders the user vulnerable to URL
spoofing and phising attacks as the atatcker may redirect the user to a
different arbitrary malformed website.
Vulnerability Detection Method:
Details:
Firefox URL Spoofing And Phising Vulnerability (Linux)
(OID: 1.3.6.1.4.1.25623.1.0.900512)
Version used: $Revision: 5055 $
References:
CVE: CVE-2009-0652
BID: 33837
Other:
http://www.mozilla.org/projects/security/tld-idn-policy-list.html
http://www.blackhat.com/html/bh-dc-09/bh-dc-09-speakers.html#Marlinspike