Security Response Team

We handle security issues quickly and transparently

If you identify a security problem in our product or with one of our services, please report to this e-mail address and provide as many details as you have to reproduce the problem.

security@greenbone.net

We will immediately start our procedure for handling security issues and keep you informed.

We have the option to receive encrypted emails:

PGP key: greenbone-security-team-public-key

Before use, verify key via direct contact:

60DF 863C 7526 ABDA 1FB5  CB87 AF94 94DA 4F56 EBAF

In case you detect a security bug in our product, we kindly ask you to act in the sense of the Responsible Disclosure and give us time to fix the problem and to prepare security updates for all users. Of course we would like to give credit to you in the respective advisories.

This corresponds to the procedure of the Responsible Disclosure and the way we act ourselves in case we find security bugs in other products.

Greenbone Security Advisories

GBSA-2016-02: DoS attack via GET/POST

Summary

All GSM models except for GSM 25 and GSM 25V with Greenbone OS 3.1 are subject to a DoS attack via the web interface.

Given the attacker has access to a GSM web interface, a special GET or POST request can be sent that will cause the invalidation of all user session tokens.

Affected

All GSM models except GSM 25 and GSM 25V.

Greenbone OS 3.1.1 up to 3.1.25.

Severity

CVSS: AV:A/AC:L/Au:N/C:N/I:N/A:P (3.3 – Low)

Resolution

Upgrade at least to Greenbone OS 3.1.26.

History

2016-01-26: problem identified by Rene Behring.
2016-01-28: problem solved and solution prepared.
2016-02-02: solution published as new Patch Level release for GOS 3.1.

Download this advisory as CVRF

GBSA-2016-01: Cross site scripting

Summary

All GSM models except for GSM 25 and GSM 25V with Greenbone OS 3.1 are subject to a cross site scripting vulnerability in the web user interface.

Given the attacker has access to a session token of the browser session, a cross site scripting can be executed via a command of the charts module.

Affected

All GSM models except GSM 25 and GSM 25V.

Greenbone OS 3.1.1 up to 3.1.23.

Severity

CVSS: AV:A/AC:M/Au:M/C:P/I:N/A:N (1.9 – Low)

Resolution

Upgrade at least to Greenbone OS 3.1.24.

History

2016-01-07: problem identified by Sebastian Neef (Internetwache.org).
2016-01-08: problem solved and solution prepared.
2016-01-09: solution published as new Patch Level release for GOS 3.1.
2016-01-20: added assigned CVE-2016-1926.

Download this advisory as CVRF

GBSA-2015-01: Baseboard control via BMC factory settings

Summary

The models GSM 600 and GSM 650 have factory settings of the BMC (Baseboard Management Controller) which were not pre-configured at time of shipping. It is possible to use a pre-configured account to access the hardware administration via network. Apart from reading the hardware profile, it is also possible to shut down or reboot the device.

Affected

Hardware models GSM 600 and GSM 650 with

  • Greenbone OS 3.0.1 up to 3.0.36
  • Greenbone OS 3.1.1 up to 3.1.18

Severity

CVSS: AV:A/AC:L/Au:S/C:P/I:P/A:C (6.7 – Medium)

Resolution

Upgrade at least to Greenbone OS 3.0.37 or Greenbone OS 3.1.18.

Temporary workaround: re-configure BMC manually regarding network channel and user accounts.

History

2015-09-22: problem identified by Greenbone staff.
2015-09-23: problem solved and solution published as new Patch Level release for GOS 3.1 and GOS 3.0.

Download this advisory as CVRF

GBSA-2014-02: SQL injection

Summary

A software bug in the server module “OpenVAS Manager” allows remote attackers to inject SQL code that reads data from the database.

Greenbone OS is affected by this vulnerability. A successful attack is possible if the attacker controls a user account for the web interface or for OMP. The attacker will gain read access to the database.

Greenbone OS is affected in case the user account has permission to manage schedule objects. This is by default the case for roles “User” and “Admin”.

Affected

Greenbone OS 2.2.0-1 up to 2.2.0-33.

Greenbone OS 3.0.1 up to 3.0.28.

Severity

CVSS: AV:N/AC:L/Au:S/C:C/I:N/A:N (6.8 – Medium)

Resolution

Upgrade at least to Greenbone OS 2.2.0-34 or Greenbone OS 3.0.29.

Temporary workaround: disable non-trustworthy user accounts.

References

History

2014-11-28: problem identified by Greenbone staff (12:50), problem solved (15:50), solution published as new Patch Level release for GOS 2.2.0 and GOS 3.0 (18:40).

Download this advisory as CVRF

GBSA-2014-01: DHCP code injection via Bash bug "Shellshock"

Summary

A software bug in the shell “Bash” allows remote attackers to inject arbitrary code. This bug is also referred to as “Shellshock”.

Greenbone OS is affected by this vulnerability regarding the DHCP client functionality. A successful attack is possible if the attacker can compromise the DHCP server of the internal network or can inject his own DHCP service into the internal network. The attacker will gain root privileges.

Greenbone OS is only affected in this scenario in case DHCP is configured for Greenbone OS. When using a static IP address, this attack vector does not work.

Affected

Greenbone OS 2.2.0-1 up to 2.2.0-31 if DHCP is enabled.

Greenbone OS 3.0.1 up to 3.0.25 if DHCP is enabled.

Resolution

Upgrade at least to Greenbone OS 2.2.0-32 or Greenbone OS 3.0.26.

Temporary workaround: disable DHCP and use static IP address instead.

References

  • CVE-2014-6271

History

2014-09-24: general Bash problem report received and verified.
2014-09-25: attack vector analysis for Greenbone OS and solution test.
2014-09-26: solution published as new Patch Level release for GOS 2.2.0 and GOS 3.0.

Download this advisory as CVRF

GBSA-2013-01: OMP authentication bypass

Summary

A software bug in the server module “OpenVAS Manager” allowed bypassing the OMP authentication procedure. The attack vector is remotely available in case public OMP is enabled. In case of successful attack, the attacker gains partial rights to execute OMP commands. The bypass authentication is, however, incomplete and several OMP commands will fail to execute properly.

Affected

Greenbone OS 2.2.0-1 up to 2.2.0-19 if public OMP is enabled.

Resolution

Upgrade at least to Greenbone OS 2.2.0-20.

Temporary workaround: disable public OMP.

References

History

2013-11-07: problem report received and verified.
2013-11-08: resolution implemented, confirmed and made available.
2013-11-14: received CVE assignment.
2013-11-15: OpenVAS Security Advisory OVSA20131108 released.

Download this advisory as CVRF