OpenVAS 4.0.4/1.3.2 Multiple Vulnerabilities

2013.11.10
Risk: High
Local: No
Remote: Yes
CWE: N/A

http://lists.wald.intevation.org/pipermail/openvas-announce/2013-November/000157.html For OpenVAS Manager, this is a security release addressing a serious security bug and it is highly recommended to update any installation of OpenVAS Manager 3.0 and 4.0 with the corresponding release. A software bug in OpenVAS Manager allowed an attacker to bypass the OMP authentication procedure. The attack vector was remotely available in case OpenVAS Manager was listening on a public network interface. In case of successful attack, the attacker gained partial rights to execute OMP commands. The bypass authentication was, however, incomplete and several OMP commands failed to execute properly. Use CVE-2013-6765. For OpenVAS Administrator, this is a security release addressing a very serious security bug and it is highly recommended to update any installation of OpenVAS Administrator 1.2 and 1.3 with the corresponding release. A software bug in OpenVAS Administrator allowed an attacker to bypass the OAP authentication procedure. The attack vector was remotely available in case OpenVAS Administrator was listening on a public network interface. In case of successful attack, the attacker was able to create and modify users and could use the gained privileges to take control over an OpenVAS installation if the Scanner and/or Manager instances controlled by this Administrator instance were also listening on public network interfaces. Use CVE-2013-6766.

Referencje:

http://lists.wald.intevation.org/pipermail/openvas-announce/2013-November/000157.html


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top