© 2017 Blackfort Technology

Ernst-Robert-Curtius-Str. 8a

53117 Bonn

Informationssicherheit & Datenschutz


 

Issue
-----
NVT:    CUPS < 1.1.23 Multiple Vulnerabilities
OID:    1.3.6.1.4.1.25623.1.0.16141
Threat: Medium (CVSS: 6.5)
Port:   631/tcp

Product detection result: cpe:/a:apple:cups:1.1
Detected by: CUPS Version Detection (OID: 1.3.6.1.4.1.25623.1.0.900348)

Summary:
The remote host is running a CUPS server whose version number is
  between 1.0.4 and 1.1.22 inclusive. Such versions are prone to
  multiple vulnerabilities :
  - The is_path_absolute function in scheduler/client.c for the 
    daemon in CUPS allows remote attackers to cause a denial
    of service (CPU consumption by tight loop) via a '..\..'
    URL in an HTTP request.
  - A remotely exploitable buffer overflow in the 'hpgltops'
    filter that enable specially crafted HPGL files can 
    execute arbitrary commands as the CUPS 'lp' account.
  - A local user may be able to prevent anyone from changing 
    his or her password until a temporary copy of the new 
    password file is cleaned up ('lppasswd' flaw).
  - A local user may be able to add arbitrary content to the 
    password file by closing the stderr file descriptor 
    while running lppasswd (lppasswd flaw).
  - A local attacker may be able to truncate the CUPS 
    password file, thereby denying service to valid clients 
    using digest authentication. (lppasswd flaw).
  - The application applys ACLs to incoming print jobs in a 
    case-sensitive fashion. Thus, an attacker can bypass 
    restrictions by changing the case in printer names when 
    submitting jobs. [Fixed in 1.1.21.]

Vulnerability Detection Result:
Installed version: 1.1
Fixed version:     1.1.23

Solution:
Solution type: VendorFix
Upgrade to CUPS 1.1.23 or later.

Vulnerability Detection Method:
Details:
CUPS < 1.1.23 Multiple Vulnerabilities
(OID: 1.3.6.1.4.1.25623.1.0.16141)
Version used: $Revision: 6040 $

Product Detection Result:
Product:cpe:/a:apple:cups:1.1

Method:CUPS Version Detection
(OID: 1.3.6.1.4.1.25623.1.0.900348)

References:
CVE: CVE-2004-1267, CVE-2004-1268, CVE-2004-1269, CVE-2004-1270, CVE-2005-2874
BID: 11968,  12004,  12005,  12007,  12200,  14265
Other:
    OSVDB:12439
     OSVDB:12453
     OSVDB:12454
     FLSA:FEDORA-2004-908
     FLSA:FEDORA-2004-559
     FLSA:FEDORA-2004-560
     GLSA:GLSA-200412-25
    http://www.cups.org/str.php?L700
    http://www.cups.org/str.php?L1024
    http://www.cups.org/str.php?L1023
    http://www.cups.org/str.php?L1042


Issue
-----
NVT:    CUPS Version Detection
OID:    1.3.6.1.4.1.25623.1.0.900348
Threat: Log (CVSS: 0.0)
Port:   631/tcp

Summary:
Detection of installed version of Common Unix Printing System (CUPS)
  This script sends HTTP GET request and try to get the version from the respons!
e, and sets the result in KB.

Vulnerability Detection Result:
Detected CUPS
Version:  1.1
Location: /
CPE:      cpe:/a:apple:cups:1.1
Concluded from version/product identification result:
Server: CUPS/1.1

Log Method:
Details:
CUPS Version Detection
(OID: 1.3.6.1.4.1.25623.1.0.900348)
Version used: $Revision: 6040 $


Issue
-----
NVT:    DataLife Engine 'catlist' Parameter PHP Code Injection Vulnerability
OID:    1.3.6.1.4.1.25623.1.0.103654
Threat: High (CVSS: 7.5)
Port:   80/tcp

Summary:
DataLife Engine is prone to a remote PHP code-injection vulnerability.
An attacker can exploit this issue to inject and execute arbitrary PHP
code in the context of the affected application. This may facilitate a
compromise of the application and the underlying system
 other attacks
are also possible.
DataLife Engine 9.7 is vulnerable
 other versions may also be
affected.

Vulnerability Detection Result:
Vulnerability was detected according to the Vulnerability Detection Method.

Solution:
Vendor updates are available. Please see the references for details.

Vulnerability Detection Method:
Details:
DataLife Engine 'catlist' Parameter PHP Code Injection Vulnerability
(OID: 1.3.6.1.4.1.25623.1.0.103654)
Version used: $Revision: 5699 $

References:
CVE: CVE-2013-1412
BID: 57603
Other:
    http://www.securityfocus.com/bid/57603


Issue
-----
NVT:    DCP-Portal XSS
OID:    1.3.6.1.4.1.25623.1.0.11446
Threat: Medium (CVSS: 4.3)
Port:   80/tcp

Summary:
You are running a version of DCP-Portal which is older or equals to v5.3.2
  This version is vulnerable to:
  - Cross-site scripting flaws in calendar.php script, which may let an
  attacker to execute arbitrary code in the browser of a legitimate user.
  In addition to this, your version may also be vulnerable to:
  - HTML injection flaws, which may let an attacker to inject hostile
  HTML and script code that could permit cookie-based credentials to be stolen
  and other attacks.
  - HTTP response splitting flaw, which may let an attacker to influence
  or misrepresent how web content is served, cached or interpreted.

Vulnerability Detection Result:
Vulnerable url: http://192.168.27.45/info/calendar.php?year=2004&month=<script>f!
oo</script>&day=01

Solution:
Solution type: VendorFix
Upgrade to a newer version when available

Vulnerability Detection Method:
Details:
DCP-Portal XSS
(OID: 1.3.6.1.4.1.25623.1.0.11446)
Version used: $Revision: 6053 $

References:
CVE: CVE-2004-2511, CVE-2004-2512
BID: 7141,  7144,  11338,  11339,  11340
Other:
    OSVDB:10585
     OSVDB:10586
     OSVDB:10587
     OSVDB:10588
     OSVDB:10589
     OSVDB:10590
     OSVDB:11405
    http://archives.neohapsis.com/archives/bugtraq/2004-10/0042.html
    http://archives.neohapsis.com/archives/fulldisclosure/2004-10/0131.html


Issue
-----
NVT:    Denial Of Service Vulnerability in OpenSSL June-09 (Linux)
OID:    1.3.6.1.4.1.25623.1.0.800809
Threat: Medium (CVSS: 5.0)
Port:   general/tcp

Product detection result: cpe:/a:openssl:openssl:0.9.8d
Detected by: OpenSSL Version Detection (Linux) (OID: 1.3.6.1.4.1.25623.1.0.800335)

Summary:
This host has OpenSSL installed and is prone to Denial of Service
  vulnerability.

Vulnerability Detection Result:
Vulnerability was detected according to the Vulnerability Detection Method.

Impact:
Successful exploitation will allow attacker to cause DTLS server crash.
  Impact Level: Application
  Impact Level: Application

Solution:
Solution type: VendorFix
Upgrade to OpenSSL version 0.9.8i or later
  http://www.openssl.org/source
  *****
  Note: Vulnerability is related to CVE-2009-1386
  *****
  *****
  This might be a False Positive
  Only version check is being done depending on the publicly available OpenSSL p!
ackages. 
  Each vendor might have backported versions of the packages.
  *****

Affected Software/OS:
OpenSSL version prior to 0.9.8i on Linux.

Vulnerability Insight:
A NULL pointer dereference error in ssl/s3_pkt.c file which does not properly
  check the input packets value via a DTLS ChangeCipherSpec packet that occurs
  before ClientHello.

Vulnerability Detection Method:
Details:
Denial Of Service Vulnerability in OpenSSL June-09 (Linux)
(OID: 1.3.6.1.4.1.25623.1.0.800809)
Version used: $Revision: 4869 $

Product Detection Result:
Product:cpe:/a:openssl:openssl:0.9.8d

Method:OpenSSL Version Detection (Linux)
(OID: 1.3.6.1.4.1.25623.1.0.800335)

References:
CVE: CVE-2009-1386
BID: 35174
CERT: DFN-CERT-2010-0720
, DFN-CERT-2010-0588
, DFN-CERT-2010-0300
, DFN-CERT-2009-1699
, DFN-CERT-2009-1318
, DFN-CERT-2009-1317
, DFN-CERT-2009-1238

Other:
    http://cvs.openssl.org/chngview?cn=17369
    http://www.openwall.com/lists/oss-security/2009/06/02/1
    http://rt.openssl.org/Ticket/Display.html?id=1679&user=guest&pass=guest


Issue
-----
NVT:    Desktop Boards BIOS Information Detection for Linux
OID:    1.3.6.1.4.1.25623.1.0.800163
Threat: Log (CVSS: 0.0)
Port:   general/tcp

Summary:
Detection of installed version of Desktop Boards BIOS.
The script logs in via ssh and queries for the version using the command
line tool 'dmidecode'. Usually this command requires root privileges to
execute.

Vulnerability Detection Result:
Desktop Boards BIOS version 6.00
stderr is not a tty - where are you? was detected on the host
Desktop Boards BIOS Vendor Phoenix Technologies LTD
stderr is not a tty - where are you? was detected on the host
Desktop Boards Base Board version None
stderr is not a tty - where are you? was detected on the host
Desktop Boards Base Board Manufacturer Intel Corporation
stderr is not a tty - where are you? was detected on the host
Desktop Boards Base Board Product Name 440BX Desktop Reference Platform
stderr is not a tty - where are you? was detected on the host

Log Method:
Details:
Desktop Boards BIOS Information Detection for Linux
(OID: 1.3.6.1.4.1.25623.1.0.800163)
Version used: $Revision: 6032 $


Issue
-----
NVT:    Determine OS and list of installed packages via SSH login
OID:    1.3.6.1.4.1.25623.1.0.50282
Threat: Log (CVSS: 0.0)
Port:   22/tcp

Summary:
This script will, if given a userid/password or
  key to the remote system, login to that system, determine the OS it is running!
, and for
  supported systems, extract the list of installed packages/rpms.

Vulnerability Detection Result:
We are able to login and detect that you are running Slackware 11.0

Vulnerability Insight:
The ssh protocol is used to log in. If a specific port is
  configured for the credential, then only this port will be tried. Else any por!
t that offers
  ssh, usually port 22.
  Upon successful login, the command 'uname -a' is issued to find out about the !
type and version
  of the operating system.
  The result is analysed for various patterns and in several cases additional co!
mmands are tried
  to find out more details and to confirm a detection.
  The regular Linux distributions are detected this way as well as other linunxo!
id systems and
  also many Linux-baseddevices and appliances.
  If the system offers a package database, for example RPM- or DEB-based, this f!
ull list of
  installed packages is retrieved for further patch-level checks.

Log Method:
Details:
Determine OS and list of installed packages via SSH login
(OID: 1.3.6.1.4.1.25623.1.0.50282)
Version used: $Revision: 6011 $


Issue
-----
NVT:    DHCart Multiple Cross Site Scripting And HTML Injection Vulnerabilities
OID:    1.3.6.1.4.1.25623.1.0.100028
Threat: Medium (CVSS: 4.3)
Port:   80/tcp

Summary:
DHCart is prone to multiple cross-site scripting and HTML-injection
  vulnerabilities because it fails to sufficiently sanitize user-supplied data.

Vulnerability Detection Result:
Vulnerable url: http://192.168.27.45/info/order.php?dhaction=check&submit_domain!
=Register&domain=<script>alert(document.cookie);</script>&ext1=on

Impact:
Attacker-supplied HTML or JavaScript code could run in the context of the affect!
ed site,
  potentially allowing the attacker to steal cookie-based authentication credent!
ials and to control how the site
  is rendered to the user
 other attacks are also possible.

Solution:
Solution type: VendorFix
Update DHCart to version 3.88 or newer.

Affected Software/OS:
DHCart 3.84 is vulnerable
 other versions may also be affected.

Vulnerability Detection Method:
Details:
DHCart Multiple Cross Site Scripting And HTML Injection Vulnerabilities
(OID: 1.3.6.1.4.1.25623.1.0.100028)
Version used: $Revision: 4655 $

References:
CVE: CVE-2008-6297
BID: 32117


Issue
-----
NVT:    DIRB (NASL wrapper)
OID:    1.3.6.1.4.1.25623.1.0.103079
Threat: Log (CVSS: 0.0)
Port:   5801/tcp

Summary:
This script uses DIRB to find directories and files on web
  applications via brute forcing. See the preferences section for configuration !
options.

Vulnerability Detection Result:
This are the directories/files found with brute force:
http://192.168.27.45:5801/

Log Method:
Details:
DIRB (NASL wrapper)
(OID: 1.3.6.1.4.1.25623.1.0.103079)
Version used: $Revision: 4685 $


Issue
-----
NVT:    DIRB (NASL wrapper)
OID:    1.3.6.1.4.1.25623.1.0.103079
Threat: Log (CVSS: 0.0)
Port:   631/tcp

Summary:
This script uses DIRB to find directories and files on web
  applications via brute forcing. See the preferences section for configuration !
options.

Vulnerability Detection Result:
This are the directories/files found with brute force:
http://192.168.27.45:5801/
http://192.168.27.45:631/

Log Method:
Details:
DIRB (NASL wrapper)
(OID: 1.3.6.1.4.1.25623.1.0.103079)
Version used: $Revision: 4685 $


Issue
-----
NVT:    DIRB (NASL wrapper)
OID:    1.3.6.1.4.1.25623.1.0.103079
Threat: Log (CVSS: 0.0)
Port:   80/tcp

Summary:
This script uses DIRB to find directories and files on web
  applications via brute forcing. See the preferences section for configuration !
options.

Vulnerability Detection Result:
This are the directories/files found with brute force:
http://192.168.27.45:5801/
http://192.168.27.45:80/

Log Method:
Details:
DIRB (NASL wrapper)
(OID: 1.3.6.1.4.1.25623.1.0.103079)
Version used: $Revision: 4685 $


Issue
-----
NVT:    DIRB (NASL wrapper)
OID:    1.3.6.1.4.1.25623.1.0.103079
Threat: Log (CVSS: 0.0)
Port:   80/tcp

Summary:
This script uses DIRB to find directories and files on web
  applications via brute forcing. See the preferences section for configuration !
options.

Vulnerability Detection Result:
This are the directories/files found with brute force:
http://192.168.27.45:5801/
http://192.168.27.45:631/
http://192.168.27.45:80/

Log Method:
Details:
DIRB (NASL wrapper)
(OID: 1.3.6.1.4.1.25623.1.0.103079)
Version used: $Revision: 4685 $


Issue
-----
NVT:    Enabled Directory Listing Detection
OID:    1.3.6.1.4.1.25623.1.0.111074
Threat: Medium (CVSS: 5.0)
Port:   80/tcp

Summary:
The script attempts to identify directories with an enabled directory listing.

Vulnerability Detection Result:
The following directories with an enabled directory listing were identified:
http://192.168.27.45/
http://192.168.27.45/beef
http://192.168.27.45/beef/include
http://192.168.27.45/beef/modules
http://192.168.27.45/beef/tmp
http://192.168.27.45/beef/tmp/de2dfc7a9a4bfd754ffd38a21373c091
http://192.168.27.45/manual/howto
http://192.168.27.45/olate/templates/olate
http://192.168.27.45/olate/templates/olate/global
http://192.168.27.45/webexploitation_package_01
http://192.168.27.45/webexploitation_package_02
http://192.168.27.45/webexploitation_package_02/board51
http://192.168.27.45/webexploitation_package_02/board51/boarddata
http://192.168.27.45/webexploitation_package_02/board51/solution
http://192.168.27.45/webexploitation_package_02/iseasynews
http://192.168.27.45/webexploitation_package_02/isguestbook/smileys
http://192.168.27.45/webexploitation_package_02/isshout/smileys
http://192.168.27.45/webexploitation_package_02/isshout/templates/default/
http://192.168.27.45/webexploitation_package_02/nabopoll
http://192.168.27.45/webexploitation_package_02/nabopoll/includes
http://192.168.27.45/webexploitation_package_02/nabopoll/templates
http://192.168.27.45/webexploitation_package_02/nabopoll/test
http://192.168.27.45/webexploitation_package_02/solutions
http://192.168.27.45/webexploitation_package_02/webnews/design
Please review the content manually.

Impact:
Based on the information shown an attacker might be able to gather additional in!
fo about
  the structure of this application.

Solution:
Solution type: Mitigation
If not needed disable the directory listing within the webservers config.

Affected Software/OS:
Webservers with an enabled directory listing.

Vulnerability Detection Method:
Check the detected directories if a directory listing is enabled.
Details:
Enabled Directory Listing Detection
(OID: 1.3.6.1.4.1.25623.1.0.111074)
Version used: $Revision: 5440 $

References:
Other:
    https://www.owasp.org/index.php/OWASP_Periodic_Table_of_Vulnerabilities_-_Directory_Indexing


Issue
-----
NVT:    Faq-O-Matic fom.cgi XSS
OID:    1.3.6.1.4.1.25623.1.0.15540
Threat: Medium (CVSS: 5.0)
Port:   80/tcp

Summary:
The remote host runs Faq-O-Matic, a CGI-based system that automates
  the process of maintaining a FAQ.
  The remote version of this software is vulnerable to cross-site scripting atta!
cks in the script 'fom.cgi'.

Vulnerability Detection Result:
Vulnerable url: http://192.168.27.45/info/fom.cgi?cmd=<script>foo</script>&file=!
1&keywords=openvas

Impact:
With a specially crafted URL, an attacker can cause arbitrary code
  execution resulting in a loss of integrity.

Solution:
Solution type: VendorFix
Upgrade to the latest version of this software

Vulnerability Detection Method:
Details:
Faq-O-Matic fom.cgi XSS
(OID: 1.3.6.1.4.1.25623.1.0.15540)
Version used: $Revision: 6053 $

References:
CVE: CVE-2002-0230, CVE-2002-2011
BID: 4565


Issue
-----
NVT:    Fingerprint web server with favicon.ico
OID:    1.3.6.1.4.1.25623.1.0.20108
Threat: Log (CVSS: 0.0)
Port:   80/tcp

Summary:
The remote web server contains a graphic image that is prone to
  information disclosure.

Vulnerability Detection Result:
The following apps/services were identified:
"Joomla!" fingerprinted by the file: "http://192.168.27.45http://bt.example.net/!
webexploitation_package_02/joomla107/images/favicon.ico"
"Joomla!" fingerprinted by the file: "http://192.168.27.45http://bt.example.net/!
webexploitation_package_02/joomla107/images/favicon.ico"
"Joomla!" fingerprinted by the file: "http://192.168.27.45http://bt.example.net/!
webexploitation_package_02/joomla109/images/favicon.ico"
"phpmyadmin (2.11.8.1)" fingerprinted by the file: "http://192.168.27.45/phpmyad!
min/favicon.ico"

Impact:
The 'favicon.ico' file found on the remote web server belongs to a
  popular webserver/application. This may be used to fingerprint the webserver/a!
pplication.

Solution:
Solution type: Mitigation
Remove the 'favicon.ico' file or create a custom one for your site.

Log Method:
Details:
Fingerprint web server with favicon.ico
(OID: 1.3.6.1.4.1.25623.1.0.20108)
Version used: $Revision: 4988 $


Issue
-----
NVT:    Firefox Information Disclosure Vulnerability Jan09 (Linux)
OID:    1.3.6.1.4.1.25623.1.0.900449
Threat: Low (CVSS: 2.1)
Port:   general/tcp

Summary:
The host is installed with Mozilla Firefox browser and is prone
  to information disclosure vulnerability.

Vulnerability Detection Result:
Vulnerability was detected according to the Vulnerability Detection Method.

Impact:
Successful exploitation will let the attacker execute arbitrary
  codes in the context of the web browser and can obtain sensitive information
  of the remote user through the web browser.
  Impact Level: Application

Solution:
Solution type: VendorFix
Upgrade to Mozilla Firefox version 3.6.3 or later
  For updates refer to http://www.getfirefox.com

Affected Software/OS:
Mozilla Firefox version from 2.0 to 3.0.5 on Linux.

Vulnerability Insight:
The Web Browser fails to properly enforce the same-origin policy, which leads
  to cross-domain information disclosure.

Vulnerability Detection Method:
Details:
Firefox Information Disclosure Vulnerability Jan09 (Linux)
(OID: 1.3.6.1.4.1.25623.1.0.900449)
Version used: $Revision: 5055 $

References:
CVE: CVE-2009-5913
BID: 33276
Other:
    https://bugzilla.redhat.com/show_bug.cgi?id=480938
    http://www.trusteer.com/files/In-session-phishing-advisory-2.pdf


Issue
-----
NVT:    Firefox Multiple Vulnerabilities Dec-09 (Linux)
OID:    1.3.6.1.4.1.25623.1.0.902005
Threat: High (CVSS: 9.3)
Port:   general/tcp

Summary:
The host is installed with Firefox Browser and is prone to multiple
  vulnerabilities.

Vulnerability Detection Result:
Vulnerability was detected according to the Vulnerability Detection Method.

Impact:
Successful exploitation will allow attacker to conduct spoofing attacks,
  bypass certain security restrictions, manipulate certain data, disclose
  sensitive information, or compromise a user's system.
  Impact Level: Application/System

Solution:
Upgrade to Firefox version 3.0.16
  http://www.mozilla.com/en-US/firefox/all.html

Affected Software/OS:
Firefox version prior to 3.0.16 on Linux.

Vulnerability Insight:
For more information about vulnerabilities on Firefox, refer the links
  mentioned in references.

Vulnerability Detection Method:
Details:
Firefox Multiple Vulnerabilities Dec-09 (Linux)
(OID: 1.3.6.1.4.1.25623.1.0.902005)
Version used: $Revision: 5055 $

References:
CVE: CVE-2009-3979, CVE-2009-3981, CVE-2009-3983, CVE-2009-3984, CVE-2009-3985, CVE-2009-3986, CVE-2009-3987
BID: 37361,  37363,  37366,  37367,  37370,  37365,  37360
CERT: DFN-CERT-2010-0775
, DFN-CERT-2010-0593
, DFN-CERT-2010-0584
, DFN-CERT-2010-0369
, DFN-CERT-2010-0036
, DFN-CERT-2009-1827
, DFN-CERT-2009-1826
, DFN-CERT-2009-1825
, DFN-CERT-2009-1802
, DFN-CERT-2009-1800
, DFN-CERT-2009-1795
, DFN-CERT-2009-1790
, DFN-CERT-2009-1784
, DFN-CERT-2009-1783

Other:
    http://secunia.com/advisories/37699
    http://www.vupen.com/english/advisories/2009/3547
    http://www.mozilla.org/security/announce/2009/mfsa2009-65.html
    http://www.mozilla.org/security/announce/2009/mfsa2009-68.html
    http://www.mozilla.org/security/announce/2009/mfsa2009-69.html
    http://www.mozilla.org/security/announce/2009/mfsa2009-70.html
    http://www.mozilla.org/security/announce/2009/mfsa2009-71.html


Issue
-----
NVT:    Firefox Multiple Vulnerabilities Feb-10 (Linux)
OID:    1.3.6.1.4.1.25623.1.0.900743
Threat: Medium (CVSS: 4.3)
Port:   general/tcp

Summary:
The host is installed with Firefox Browser and is prone to multiple
  vulnerabilities.

Vulnerability Detection Result:
Vulnerability was detected according to the Vulnerability Detection Method.

Impact:
Successful exploitation allows attackers to obtain sensitive information via
  a crafted document.
  Impact Level: Application.

Solution:
Solution type: VendorFix
Upgrade to Firefox version 3.6,
  For updates refer to http://www.mozilla.com/en-US/firefox/all.html

Affected Software/OS:
Firefox version prior to 3.6 on Linux.

Vulnerability Insight:
- The malformed stylesheet document and cross-origin loading of CSS
    stylesheets even when the stylesheet download has an incorrect MIME type.
  - IFRAME element allows placing the site&qts URL in the HREF attribute of a
    stylesheet 'LINK' element, and then reading the 'document.styleSheets[0].hre!
f'
    property value.

Vulnerability Detection Method:
Details:
Firefox Multiple Vulnerabilities Feb-10 (Linux)
(OID: 1.3.6.1.4.1.25623.1.0.900743)
Version used: $Revision: 5394 $

References:
CVE: CVE-2010-0648, CVE-2010-0654
CERT: DFN-CERT-2010-1147
, DFN-CERT-2010-1142
, DFN-CERT-2010-0965
, DFN-CERT-2010-0952
, DFN-CERT-2010-0934
, DFN-CERT-2010-0933
, DFN-CERT-2010-0932
, DFN-CERT-2010-0925
, DFN-CERT-2010-0663

Other:
    http://code.google.com/p/chromium/issues/detail?id=9877
    http://code.google.com/p/chromium/issues/detail?id=32309


Issue
-----
NVT:    Firefox URL Spoofing And Phising Vulnerability (Linux)
OID:    1.3.6.1.4.1.25623.1.0.900512
Threat: Medium (CVSS: 5.8)
Port:   general/tcp

Summary:
The host is installed with Mozilla Firefox browser and is prone
  to URL spoofing and phising vulnerability.

Vulnerability Detection Result:
Vulnerability was detected according to the Vulnerability Detection Method.

Impact:
Successful remote exploitation will let the attacker spoof the URL
  information by using homoglyphs of say the /(slash) and ?(question mark)and
  can gain sensitive information by redirecting the user to any malicious URL.
  Impact Level: Application

Solution:
Solution type: VendorFix
Upgrade to Mozilla Firefox version 3.6.3 or later
  For updates refer to http://www.mozilla.com/en-US/firefox/

Affected Software/OS:
Mozilla Firefox version 3.0.6 and prior on Linux.

Vulnerability Insight:
Firefox doesn't properly prevent the literal rendering of homoglyph
  characters in IDN domain names. This renders the user vulnerable to URL
  spoofing and phising attacks as the atatcker may redirect the user to a
  different arbitrary malformed website.

Vulnerability Detection Method:
Details:
Firefox URL Spoofing And Phising Vulnerability (Linux)
(OID: 1.3.6.1.4.1.25623.1.0.900512)
Version used: $Revision: 5055 $

References:
CVE: CVE-2009-0652
BID: 33837
Other:
    http://www.mozilla.org/projects/security/tld-idn-policy-list.html
    http://www.blackhat.com/html/bh-dc-09/bh-dc-09-speakers.html#Marlinspike