CLD-366 Details
Other IDs this deficiency may be known by:
Basic Information:
Affected Package(s) |
nmap |
Deficiency Type |
SECURITY |
Date Created |
2018-04-18 18:17:25 |
Date Last Modified |
2018-04-19 12:51:04 |
Version Specific Information:
Cucumber 1.0 i686 | fixed in nmap-7.70-i686-1 |
Cucumber 1.0 x86_64 | fixed in nmap-7.70-x86_64-1 |
Cucumber 1.1 i686 |
fixed in nmap-7.70-i686-1 |
Cucumber 1.1 x86_64 |
fixed in nmap-7.70-x86_64-1 |
Details:
=================================== Overview ===================================
nmap version 6.49BETA6 through 7.60, up to and including SVN revision 37147
contains a Directory Traversal vulnerability in NSE script http-fetch that can
result in file overwrite as the user is running it. This attack appears to be
exploitable via a victim that runs NSE script http-fetch against a malicious
web site. This vulnerability appears to have been fixed in 7.7.
============================ Additional Information ============================
From https://nmap.org/changelog#7.70:
[NSE][SECURITY] Nmap developer nnposter found a security flaw (directory
traversal vulnerability) in the way the non-default http-fetch script sanitized
URLs. If a user manualy ran this NSE script against a malicious web server, the
server could potentially (depending on NSE arguments used) cause files to be
saved outside the intended destination directory. Existing files couldn't be
overwritten. We fixed http-fetch, audited our other scripts to ensure they
didn't make this mistake, and updated the httpspider library API to protect
against this by default. [nnposter, Daniel Miller]
================================= Our Analysis =================================
----- Affected Products -----
Nmap versions 6.49BETA6 through 7.60 (inclusive) are vulnerable. This includes
nmap as originally packaged in Cucumber Linux 1.0 and 1.1 (which used nmap
7.31).
----- Scope and Impact of this Vulnerability -----
Allows for a malicious web server, when scanned by nmap, to write to a file
outside of the intended directory on the scanning machine.
----- Fix for this Vulnerability -----
This vulnerability can be fixed by upgrading to nmap 7.70 or later.
================================= Our Solution =================================
We have upgraded to nmap 7.70.