Amazon Linux AMI : rpm (ALAS-2012-61)

2013-09-0400:00:00

www.tenable.com

Multiple flaws were found in the way RPM parsed package file headers.
An attacker could create a specially crafted RPM package that, when its package header was accessed, or during package signature verification, could cause an application using the RPM library (such as the rpm command line tool, or the yum and up2date package managers) to crash or, potentially, execute arbitrary code. (CVE-2012-0060 , CVE-2012-0061 , CVE-2012-0815)

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Amazon Linux AMI Security Advisory ALAS-2012-61.
#

include("compat.inc");

if (description)
{
  script_id(69668);
  script_version("1.6");
  script_cvs_date("Date: 2018/04/18 15:09:34");

  script_cve_id("CVE-2012-0060");
  script_xref(name:"ALAS", value:"2012-61");
  script_xref(name:"RHSA", value:"2012:0451");

  script_name(english:"Amazon Linux AMI : rpm (ALAS-2012-61)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Amazon Linux AMI host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Multiple flaws were found in the way RPM parsed package file headers.
An attacker could create a specially crafted RPM package that, when
its package header was accessed, or during package signature
verification, could cause an application using the RPM library (such
as the rpm command line tool, or the yum and up2date package managers)
to crash or, potentially, execute arbitrary code. (CVE-2012-0060 ,
CVE-2012-0061 , CVE-2012-0815)"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://alas.aws.amazon.com/ALAS-2012-61.html"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Run 'yum update rpm' to update your system."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:rpm");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:rpm-apidocs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:rpm-build");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:rpm-cron");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:rpm-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:rpm-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:rpm-libs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:rpm-python");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux");

  script_set_attribute(attribute:"patch_publication_date", value:"2012/04/05");
  script_set_attribute(attribute:"plugin_publication_date", value:"2013/09/04");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.");
  script_family(english:"Amazon Linux Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

release = get_kb_item("Host/AmazonLinux/release");
if (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, "Amazon Linux");
os_ver = pregmatch(pattern: "^AL(A|\d)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux");
os_ver = os_ver[1];
if (os_ver != "A")
{
  if (os_ver == 'A') os_ver = 'AMI';
  audit(AUDIT_OS_NOT, "Amazon Linux AMI", "Amazon Linux " + os_ver);
}

if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;
if (rpm_check(release:"ALA", reference:"rpm-4.8.0-19.38.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"rpm-apidocs-4.8.0-19.38.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"rpm-build-4.8.0-19.38.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"rpm-cron-4.8.0-19.38.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"rpm-debuginfo-4.8.0-19.38.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"rpm-devel-4.8.0-19.38.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"rpm-libs-4.8.0-19.38.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"rpm-python-4.8.0-19.38.amzn1")) flag++;

if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "rpm / rpm-apidocs / rpm-build / rpm-cron / rpm-debuginfo / etc");
}

VendorProductVersionCPE
amazonlinuxrpmp-cpe:/a:amazon:linux:rpm
amazonlinuxrpm-apidocsp-cpe:/a:amazon:linux:rpm-apidocs
amazonlinuxrpm-buildp-cpe:/a:amazon:linux:rpm-build
amazonlinuxrpm-cronp-cpe:/a:amazon:linux:rpm-cron
amazonlinuxrpm-debuginfop-cpe:/a:amazon:linux:rpm-debuginfo
amazonlinuxrpm-develp-cpe:/a:amazon:linux:rpm-devel
amazonlinuxrpm-libsp-cpe:/a:amazon:linux:rpm-libs
amazonlinuxrpm-pythonp-cpe:/a:amazon:linux:rpm-python
amazonlinuxcpe:/o:amazon:linux

Vendor	Product	Version	CPE
amazon	linux	rpm	p-cpe:/a:amazon:linux:rpm
amazon	linux	rpm-apidocs	p-cpe:/a:amazon:linux:rpm-apidocs
amazon	linux	rpm-build	p-cpe:/a:amazon:linux:rpm-build
amazon	linux	rpm-cron	p-cpe:/a:amazon:linux:rpm-cron
amazon	linux	rpm-debuginfo	p-cpe:/a:amazon:linux:rpm-debuginfo
amazon	linux	rpm-devel	p-cpe:/a:amazon:linux:rpm-devel
amazon	linux	rpm-libs	p-cpe:/a:amazon:linux:rpm-libs
amazon	linux	rpm-python	p-cpe:/a:amazon:linux:rpm-python
amazon	linux		cpe:/o:amazon:linux