{"cve": [{"lastseen": "2021-02-02T06:14:27", "description": "Directory traversal vulnerability in uupdate in devscripts 2.14.1 allows remote attackers to modify arbitrary files via a crafted .orig.tar file, related to a symlink.", "edition": 4, "cvss3": {}, "published": "2014-02-05T18:55:00", "title": "CVE-2014-1833", "type": "cve", "cwe": ["CWE-22"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-1833"], "modified": "2018-01-03T02:29:00", "cpe": ["cpe:/a:devscripts_devel_team:devscripts:2.14.1"], "id": "CVE-2014-1833", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1833", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:devscripts_devel_team:devscripts:2.14.1:*:*:*:*:*:*:*"]}], "ubuntu": [{"lastseen": "2020-07-02T11:34:02", "bulletinFamily": "unix", "cvelist": ["CVE-2014-1833"], "description": "It was discovered that the uupdate tool incorrectly handled symlinks. \nIf a user or automated system were tricked into processing specially \ncrafted files, a remote attacker could possibly replace arbitrary files, \nleading to a privilege escalation.", "edition": 5, "modified": "2015-06-16T00:00:00", "published": "2015-06-16T00:00:00", "id": "USN-2649-1", "href": "https://ubuntu.com/security/notices/USN-2649-1", "title": "devscripts vulnerability", "type": "ubuntu", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}], "openvas": [{"lastseen": "2019-05-29T18:36:12", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-1833"], "description": "The remote host is missing an update for the ", "modified": "2019-03-13T00:00:00", "published": "2015-06-17T00:00:00", "id": "OPENVAS:1361412562310842251", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842251", "type": "openvas", "title": "Ubuntu Update for devscripts USN-2649-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for devscripts USN-2649-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842251\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-06-17 06:10:59 +0200 (Wed, 17 Jun 2015)\");\n script_cve_id(\"CVE-2014-1833\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for devscripts USN-2649-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'devscripts'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"It was discovered that the uupdate tool\nincorrectly handled symlinks. If a user or automated system were tricked into\nprocessing specially crafted files, a remote attacker could possibly replace\narbitrary files, leading to a privilege escalation.\");\n script_tag(name:\"affected\", value:\"devscripts on Ubuntu 14.10,\n Ubuntu 14.04 LTS,\n Ubuntu 12.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_xref(name:\"USN\", value:\"2649-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-2649-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.10|14\\.04 LTS|12\\.04 LTS)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"devscripts\", ver:\"2.14.6ubuntu0.1\", rls:\"UBUNTU14.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"devscripts\", ver:\"2.14.1ubuntu0.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"devscripts\", ver:\"2.11.6ubuntu1.7\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-05-29T18:37:13", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-7085", "CVE-2014-1833"], "description": "Check the version of devscripts", "modified": "2019-03-15T00:00:00", "published": "2014-10-29T00:00:00", "id": "OPENVAS:1361412562310868439", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310868439", "type": "openvas", "title": "Fedora Update for devscripts FEDORA-2014-13063", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for devscripts FEDORA-2014-13063\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.868439\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-10-29 05:52:59 +0100 (Wed, 29 Oct 2014)\");\n script_cve_id(\"CVE-2014-1833\", \"CVE-2013-7085\");\n script_tag(name:\"cvss_base\", value:\"5.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:P\");\n script_name(\"Fedora Update for devscripts FEDORA-2014-13063\");\n script_tag(name:\"summary\", value:\"Check the version of devscripts\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"devscripts on Fedora 20\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"FEDORA\", value:\"2014-13063\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2014-October/141446.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC20\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC20\")\n{\n\n if ((res = isrpmvuln(pkg:\"devscripts\", rpm:\"devscripts~2.14.10~1.fc20\", rls:\"FC20\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P"}}], "nessus": [{"lastseen": "2021-01-12T10:12:09", "description": "Update to version 2.14.10, see\nhttp://metadata.ftp-master.debian.org/changelogs//main/d/devscripts/de\nvscripts_2.14.10_changelog for details. Update to version 2.14.9, see\nhttp://metadata.ftp-master.debian.org/changelogs//main/d/devscripts/de\nvscripts_2.14.9_changelog for details. Update to version 2.14.8, see\nhttp://metadata.ftp-master.debian.org/changelogs//main/d/devscripts/de\nvscripts_2.14.8_changelog for details. Fixes CVE-2014-1833. Update to\nversion 2.14.9, see\nhttp://metadata.ftp-master.debian.org/changelogs//main/d/devscripts/de\nvscripts_2.14.9_changelog for details. Update to version 2.14.8, see\nhttp://metadata.ftp-master.debian.org/changelogs//main/d/devscripts/de\nvscripts_2.14.8_changelog for details. Fixes CVE-2014-1833.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 14, "published": "2014-10-29T00:00:00", "title": "Fedora 20 : devscripts-2.14.10-1.fc20 (2014-13063)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-1833"], "modified": "2014-10-29T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:20", "p-cpe:/a:fedoraproject:fedora:devscripts"], "id": "FEDORA_2014-13063.NASL", "href": "https://www.tenable.com/plugins/nessus/78711", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2014-13063.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(78711);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2014-1833\");\n script_bugtraq_id(65260);\n script_xref(name:\"FEDORA\", value:\"2014-13063\");\n\n script_name(english:\"Fedora 20 : devscripts-2.14.10-1.fc20 (2014-13063)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update to version 2.14.10, see\nhttp://metadata.ftp-master.debian.org/changelogs//main/d/devscripts/de\nvscripts_2.14.10_changelog for details. Update to version 2.14.9, see\nhttp://metadata.ftp-master.debian.org/changelogs//main/d/devscripts/de\nvscripts_2.14.9_changelog for details. Update to version 2.14.8, see\nhttp://metadata.ftp-master.debian.org/changelogs//main/d/devscripts/de\nvscripts_2.14.8_changelog for details. Fixes CVE-2014-1833. Update to\nversion 2.14.9, see\nhttp://metadata.ftp-master.debian.org/changelogs//main/d/devscripts/de\nvscripts_2.14.9_changelog for details. Update to version 2.14.8, see\nhttp://metadata.ftp-master.debian.org/changelogs//main/d/devscripts/de\nvscripts_2.14.8_changelog for details. Fixes CVE-2014-1833.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # http://metadata.ftp-master.debian.org/changelogs//main/d/devscripts/devscripts_2.14.10_changelog\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e3fee380\"\n );\n # http://metadata.ftp-master.debian.org/changelogs//main/d/devscripts/devscripts_2.14.8_changelog\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a740fad6\"\n );\n # http://metadata.ftp-master.debian.org/changelogs//main/d/devscripts/devscripts_2.14.9_changelog\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f84508fc\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1059947\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2014-October/141446.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?abfe5f96\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected devscripts package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:devscripts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:20\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/10/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/10/29\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^20([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 20.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC20\", reference:\"devscripts-2.14.10-1.fc20\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"devscripts\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-01-12T10:12:07", "description": "Update to version 2.14.10, see\nhttp://metadata.ftp-master.debian.org/changelogs//main/d/devscripts/de\nvscripts_2.14.10_changelog for details. Update to version 2.14.9, see\nhttp://metadata.ftp-master.debian.org/changelogs//main/d/devscripts/de\nvscripts_2.14.9_changelog for details. Update to version 2.14.8, see\nhttp://metadata.ftp-master.debian.org/changelogs//main/d/devscripts/de\nvscripts_2.14.8_changelog for details. Fixes CVE-2014-1833. Update to\nversion 2.14.9, see\nhttp://metadata.ftp-master.debian.org/changelogs//main/d/devscripts/de\nvscripts_2.14.9_changelog for details. Update to version 2.14.8, see\nhttp://metadata.ftp-master.debian.org/changelogs//main/d/devscripts/de\nvscripts_2.14.8_changelog for details. Fixes CVE-2014-1833.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 14, "published": "2014-11-03T00:00:00", "title": "Fedora 21 : devscripts-2.14.10-1.fc21 (2014-12947)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-1833"], "modified": "2014-11-03T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:21", "p-cpe:/a:fedoraproject:fedora:devscripts"], "id": "FEDORA_2014-12947.NASL", "href": "https://www.tenable.com/plugins/nessus/78798", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2014-12947.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(78798);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2014-1833\");\n script_bugtraq_id(65260);\n script_xref(name:\"FEDORA\", value:\"2014-12947\");\n\n script_name(english:\"Fedora 21 : devscripts-2.14.10-1.fc21 (2014-12947)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update to version 2.14.10, see\nhttp://metadata.ftp-master.debian.org/changelogs//main/d/devscripts/de\nvscripts_2.14.10_changelog for details. Update to version 2.14.9, see\nhttp://metadata.ftp-master.debian.org/changelogs//main/d/devscripts/de\nvscripts_2.14.9_changelog for details. Update to version 2.14.8, see\nhttp://metadata.ftp-master.debian.org/changelogs//main/d/devscripts/de\nvscripts_2.14.8_changelog for details. Fixes CVE-2014-1833. Update to\nversion 2.14.9, see\nhttp://metadata.ftp-master.debian.org/changelogs//main/d/devscripts/de\nvscripts_2.14.9_changelog for details. Update to version 2.14.8, see\nhttp://metadata.ftp-master.debian.org/changelogs//main/d/devscripts/de\nvscripts_2.14.8_changelog for details. Fixes CVE-2014-1833.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # http://metadata.ftp-master.debian.org/changelogs//main/d/devscripts/devscripts_2.14.10_changelog\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e3fee380\"\n );\n # http://metadata.ftp-master.debian.org/changelogs//main/d/devscripts/devscripts_2.14.8_changelog\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a740fad6\"\n );\n # http://metadata.ftp-master.debian.org/changelogs//main/d/devscripts/devscripts_2.14.9_changelog\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f84508fc\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1059947\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2014-November/142006.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b897cfdf\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected devscripts package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:devscripts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:21\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/10/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/11/03\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^21([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 21.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC21\", reference:\"devscripts-2.14.10-1.fc21\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"devscripts\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-01-20T15:28:54", "description": "It was discovered that the uupdate tool incorrectly handled symlinks.\nIf a user or automated system were tricked into processing specially\ncrafted files, a remote attacker could possibly replace arbitrary\nfiles, leading to a privilege escalation.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 22, "published": "2015-06-17T00:00:00", "title": "Ubuntu 12.04 LTS / 14.04 LTS / 14.10 : devscripts vulnerability (USN-2649-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-1833"], "modified": "2015-06-17T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:devscripts", "cpe:/o:canonical:ubuntu_linux:14.10", "cpe:/o:canonical:ubuntu_linux:12.04:-:lts", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "UBUNTU_USN-2649-1.NASL", "href": "https://www.tenable.com/plugins/nessus/84229", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2649-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(84229);\n script_version(\"2.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2014-1833\");\n script_bugtraq_id(65260);\n script_xref(name:\"USN\", value:\"2649-1\");\n\n script_name(english:\"Ubuntu 12.04 LTS / 14.04 LTS / 14.10 : devscripts vulnerability (USN-2649-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that the uupdate tool incorrectly handled symlinks.\nIf a user or automated system were tricked into processing specially\ncrafted files, a remote attacker could possibly replace arbitrary\nfiles, leading to a privilege escalation.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2649-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected devscripts package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:devscripts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/02/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/06/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/06/17\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2015-2020 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(12\\.04|14\\.04|14\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 12.04 / 14.04 / 14.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"12.04\", pkgname:\"devscripts\", pkgver:\"2.11.6ubuntu1.7\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"devscripts\", pkgver:\"2.14.1ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"14.10\", pkgname:\"devscripts\", pkgver:\"2.14.6ubuntu0.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"devscripts\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}], "fedora": [{"lastseen": "2020-12-21T08:17:52", "bulletinFamily": "unix", "cvelist": ["CVE-2013-7085", "CVE-2014-1833"], "description": "Scripts to make the life of a Debian Package maintainer easier. ", "modified": "2014-10-28T06:39:42", "published": "2014-10-28T06:39:42", "id": "FEDORA:7B92B60E9A5A", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 20 Update: devscripts-2.14.10-1.fc20", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P"}}]}
