cvstrac_history_overflow.nasl

来自「漏洞扫描源码,可以扫描linux,windows,交换机路由器」· NASL 代码 · 共 67 行

NASL

67 行

#  This script was written by David Maciejak <david dot maciejak at kyxar dot fr>#  based on work from#  (C) Tenable Network Security## This script is released under the GNU GPLv2if(description){ script_id(14286); script_version ("$Revision: 38 $"); if ( defined_func("script_xref") ) 	script_xref(name:"OSVDB", value:"8639"); name["english"] = "CVSTrac history.c history_update function overflow"; script_name(english:name["english"]);  desc["english"] = "The remote host seems to be running cvstrac, a web-based bug and patch-set tracking system for CVS.This version contains a flaw related to the history_update() function in history.c that may allow an attacker to cause a buffer overflow and execute arbitrary code on the remote system.***** Nessus has determined the vulnerability exists on the target***** simply by looking at the version number(s) of CVSTrac***** installed there. Solution : Update to version 1.1.4 or disable this CGI suiteRisk factor : High"; script_description(english:desc["english"]);  summary["english"] = "Checks for CVSTrac version";  script_summary(english:summary["english"]);  script_category(ACT_GATHER_INFO);   script_copyright(english:"This script is Copyright (C) 2004 David Maciejak"); family["english"] = "CGI abuses"; family["francais"] = "Abus de CGI"; script_family(english:family["english"], francais:family["francais"]); script_dependencie("cvstrac_detect.nasl"); script_require_ports("Services/www", 80); exit(0);}## The script code starts here#include("http_func.inc");port = get_http_port(default:80);kb = get_kb_item("www/" + port + "/cvstrac" );if ( ! kb ) exit(0);stuff = eregmatch(pattern:"(.*) under (.*)", string:kb );version = stuff[1]; if(ereg(pattern:"^(0\.|1\.(0|1\.[0-3]([^0-9]|$)))", string:version))	security_hole(port);

cvstrac_history_overflow.nasl - 源码说明

本页面展示了「漏洞扫描源码,可以扫描linux,windows,交换机路由器」中的 cvstrac_history_overflow.nasl 源码文件，采用 NASL 编程语言编写，共 67 行代码。您可以在线阅读完整代码内容，也可以返回资源详情页下载完整源码包进行本地学习和开发。

虫虫下载站收录了大量与windows相关的技术资源，包括源代码、技术文档、电路图等，是电子工程师和嵌入式开发者的专业学习平台。

⌨️ 快捷键说明

复制代码Ctrl + C

搜索代码Ctrl + F

全屏模式F11

增大字号Ctrl + =

减小字号Ctrl + -

显示快捷键?