We Handle Security Issues Quickly and Transparently
We will immediately start our procedure for handling security issues and keep you informed.
We have the option to receive encrypted emails:
PGP key: greenbone-security-team-public-key
Before use, verify key via direct contact:
60DF 863C 7526 ABDA 1FB5 CB87 AF94 94DA 4F56 EBAF
In case you detect a security bug in our product, we kindly ask you to act in the sense of the Responsible Disclosure and give us time to fix the problem and to prepare security updates for all users. Of course we would like to give credit to you in the respective advisories.
This corresponds to the procedure of the Responsible Disclosure and the way we act ourselves in case we find security bugs in other products.
Greenbone Security Advisories
GBSA-2016-02: DoS attack via GET/POST
Summary
All appliance models except for Greenbone Enterprise 25 and Greenbone Enterprise 25V with Greenbone OS 3.1 are subject to a DoS attack via the web interface.
Given the attacker has access to a web interface, a special GET or POST request can be sent that will cause the invalidation of all user session tokens.
Affected
All appliance models except Greenbone Enterprise 25 and Greenbone Enterprise 25V.
Greenbone OS 3.1.1 up to 3.1.25.
Severity
CVSS: AV:A/AC:L/Au:N/C:N/I:N/A:P (3.3 – Low)
Resolution
Upgrade at least to Greenbone OS 3.1.26.
History
2016-01-26: problem identified by Rene Behring.
2016-01-28: problem solved and solution prepared.
2016-02-02: solution published as new Patch Level release for GOS 3.1.
GBSA-2016-01: Cross-Site-Scripting
Summary
All appliance models except for Greenbone Enterprise 25 and Greenbone Enterprise 25V with Greenbone OS 3.1 are subject to a cross site scripting vulnerability in the web user interface.
Given the attacker has access to a session token of the browser session, a cross site scripting can be executed via a command of the charts module.
Affected
All appliance models except Greenbone Enterprise 25 and Greenbone Enterprise 25V.
Greenbone OS 3.1.1 up to 3.1.23.
Severity
CVSS: AV:A/AC:M/Au:M/C:P/I:N/A:N (1.9 – Low)
Resolution
Upgrade at least to Greenbone OS 3.1.24.
History
2016-01-07: problem identified by Sebastian Neef (Internetwache.org).
2016-01-08: problem solved and solution prepared.
2016-01-09: solution published as new Patch Level release for GOS 3.1.
2016-01-20: added assigned CVE-2016-1926.
GBSA-2015-01: Baseboard control via BMC factory settings
Summary
The models Greenbone Enterprise 600 and Greenbone Enterprise 650 have factory settings of the BMC (Baseboard Management Controller) which were not pre-configured at time of shipping. It is possible to use a pre-configured account to access the hardware administration via network. Apart from reading the hardware profile, it is also possible to shut down or reboot the device.
Affected
Hardware models Greenbone Enterprise 600 and Greenbone Enterprise 650 with
- Greenbone OS 3.0.1 up to 3.0.36
- Greenbone OS 3.1.1 up to 3.1.18
Severity
CVSS: AV:A/AC:L/Au:S/C:P/I:P/A:C (6.7 – Medium)
Resolution
Upgrade at least to Greenbone OS 3.0.37 or Greenbone OS 3.1.18.
Temporary workaround: re-configure BMC manually regarding network channel and user accounts.
History
2015-09-22: problem identified by Greenbone staff.
2015-09-23: problem solved and solution published as new Patch Level release for GOS 3.1 and GOS 3.0.
GBSA-2014-02: SQL injection
Summary
A software bug in the server module “OpenVAS Manager” allows remote attackers to inject SQL code that reads data from the database.
Greenbone OS is affected by this vulnerability. A successful attack is possible if the attacker controls a user account for the web interface or for OMP. The attacker will gain read access to the database.
Greenbone OS is affected in case the user account has permission to manage schedule objects. This is by default the case for roles “User” and “Admin”.
Affected
Greenbone OS 2.2.0-1 up to 2.2.0-33.
Greenbone OS 3.0.1 up to 3.0.28.
Severity
CVSS: AV:N/AC:L/Au:S/C:C/I:N/A:N (6.8 – Medium)
Resolution
Upgrade at least to Greenbone OS 2.2.0-34 or Greenbone OS 3.0.29.
Temporary workaround: disable non-trustworthy user accounts.
References
- CVE-2014-9220
- OpenVAS Security Advisory OVSA20141128
History
2014-11-28: problem identified by Greenbone staff (12:50), problem solved (15:50), solution published as new Patch Level release for GOS 2.2.0 and GOS 3.0 (18:40).
GBSA-2014-01: DHCP code injection via Bash bug "Shellshock"
Summary
A software bug in the shell “Bash” allows remote attackers to inject arbitrary code. This bug is also referred to as “Shellshock”.
Greenbone OS is affected by this vulnerability regarding the DHCP client functionality. A successful attack is possible if the attacker can compromise the DHCP server of the internal network or can inject his own DHCP service into the internal network. The attacker will gain root privileges.
Greenbone OS is only affected in this scenario in case DHCP is configured for Greenbone OS. When using a static IP address, this attack vector does not work.
Affected
Greenbone OS 2.2.0-1 up to 2.2.0-31 if DHCP is enabled.
Greenbone OS 3.0.1 up to 3.0.25 if DHCP is enabled.
Resolution
Upgrade at least to Greenbone OS 2.2.0-32 or Greenbone OS 3.0.26.
Temporary workaround: disable DHCP and use static IP address instead.
References
- CVE-2014-6271
History
2014-09-24: general Bash problem report received and verified.
2014-09-25: attack vector analysis for Greenbone OS and solution test.
2014-09-26: solution published as new Patch Level release for GOS 2.2.0 and GOS 3.0.
GBSA-2013-01: OMP authentication bypass
Summary
A software bug in the server module “OpenVAS Manager” allowed bypassing the OMP authentication procedure. The attack vector is remotely available in case public OMP is enabled. In case of successful attack, the attacker gains partial rights to execute OMP commands. The bypass authentication is, however, incomplete and several OMP commands will fail to execute properly.
Affected
Greenbone OS 2.2.0-1 up to 2.2.0-19 if public OMP is enabled.
Resolution
Upgrade at least to Greenbone OS 2.2.0-20.
Temporary workaround: disable public OMP.
References
- CVE-2013-6765
- OpenVAS Security Advisory OVSA20131108
History
2013-11-07: problem report received and verified.
2013-11-08: resolution implemented, confirmed and made available.
2013-11-14: received CVE assignment.
2013-11-15: OpenVAS Security Advisory OVSA20131108 released.
