Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2013-6765

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2013-6765
Last Modified 19 May 2014 03:03:45
Published 19 May 2014 10:55:09
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2013-6765

Summary

OpenVAS Manager 3.0 before 3.0.7 and 4.0 before 4.0.4 allows remote attackers to bypass the OMP authentication restrictions and execute OMP commands via a crafted OMP request for version information, which causes the state to be set to CLIENT_AUTHENTIC, as demonstrated by the omp_xml_handle_end_element function in omp.c.

Vulnerable Systems

Application

  • Openvas Manager 3.0

  • Openvas Manager 3.0.0

  • Openvas Manager 3.0.1

  • Openvas Manager 3.0.2

  • Openvas Manager 3.0.3

  • Openvas Manager 3.0.4

  • Openvas Manager 3.0.5

  • Openvas Manager 3.0.6

  • Openvas Manager 4.0

  • Openvas Manager 4.0.0

  • Openvas Manager 4.0.1

  • Openvas Manager 4.0.2

  • Openvas Manager 4.0.3


References

MLIST - [oss-security] 20131110 CVE-2013-6765 CVE-2013-6766 for OpenVAS 4.0.4/1.3.2/etc.

CONFIRM - http://www.openvas.org/OVSA20131108.html

MLIST - [Openvas-announce] 20131108 Security Releases for OpenVAS-5 and OpenVAS-6


Last Updated: 27 May 2016 11:05:18