Executive Summary
Summary | |
---|---|
Title | New ntlmaps packages fix information leak |
Informations | |||
---|---|---|---|
Name | DSA-830 | First vendor Publication | 2005-09-30 |
Vendor | Debian | Last vendor Modification | 2005-09-30 |
Severity (Vendor) | N/A | Revision | 1 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:L/AC:L/Au:N/C:P/I:N/A:N) | |||
---|---|---|---|
Cvss Base Score | 2.1 | Attack Range | Local |
Cvss Impact Score | 2.9 | Attack Complexity | Low |
Cvss Expoit Score | 3.9 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Drew Parsons noticed that the post-installation script of ntlmaps, an NTLM authorisation proxy server, changes the permissions of the configuration file to be world-readable. It contains the user name and password of the Windows NT system that ntlmaps connects to and, hence, leaks them to lokal users. The old stable distribution (woody) does not contain an ntlmaps package. For the stable distribution (sarge) this problem has been fixed in version 0.9.9-2sarge1. For the unstable distribution (sid) this problem has been fixed in version 0.9.9-4. We recommend that you upgrade your ntlmaps package. |
Original Source
Url : http://www.debian.org/security/2005/dsa-830 |
OpenVAS Exploits
Date | Description |
---|---|
2008-01-17 | Name : Debian Security Advisory DSA 830-1 (ntlmaps) File : nvt/deb_830_1.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
19735 | ntlmaps Post-Installation Script System Password Disclosure |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2005-10-05 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-830.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:34:25 |
|