CVE-2018-1000161

NameCVE-2018-1000161
Descriptionnmap version 6.49BETA6 through 7.60, up to and including SVN revision 37147 contains a Directory Traversal vulnerability in NSE script http-fetch that can result in file overwrite as the user is running it. This attack appears to be exploitable via a victim that runs NSE script http-fetch against a malicious web site. This vulnerability appears to have been fixed in 7.7.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
NVD severitylow

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
nmap (PTS)jessie6.47-3+deb8u2fixed
stretch7.40-1vulnerable
buster7.70+dfsg1-6fixed
bullseye, sid7.80+dfsg1-2fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
nmapsource(unstable)7.70+dfsg1-1
nmapsourcejessie(not affected)
nmapsourcewheezy(not affected)

Notes

[stretch] - nmap <no-dsa> (Minor issue)
[jessie] - nmap <not-affected> (Vulnerable code not present)
[wheezy] - nmap <not-affected> (Vulnerable code not present)
Fixed by: https://github.com/nmap/nmap/commit/098e32713650f54732472f31245b7eca936b2bd8
Fixed by: https://github.com/nmap/nmap/commit/da0c861299ae1ce6268e9591838f7a1144b327d7
Fixed by: https://github.com/nmap/nmap/commit/88631b50676c38824e01d30819f46258a8497b0a
Fixed by: https://github.com/nmap/nmap/commit/80e1977308e51b1b7aa038a38f8837a7e90b3849
Introduced in https://github.com/nmap/nmap/commit/88381c2e685297a4fafe7182a06877b27da34e1e
Script added in 6.49BETA6 (cf. https://bugzilla.suse.com/show_bug.cgi?id=1088608#c1)

Search for package or bug name: Reporting problems