ID ALA_ALAS-2013-250.NASL Type nessus Reporter Tenable Modified 2018-04-18T00:00:00
Description
Multiple flaws were found in the way Augeas handled configuration files when updating them. An application using Augeas to update configuration files in a directory that is writable to by a different user (for example, an application running as root that is updating files in a directory owned by a non-root service user) could have been tricked into overwriting arbitrary files or leaking information via a symbolic link or mount point attack. (CVE-2012-0786 , CVE-2012-0787)
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Amazon Linux AMI Security Advisory ALAS-2013-250.
#
include("compat.inc");
if (description)
{
script_id(71267);
script_version("1.4");
script_cvs_date("Date: 2018/04/18 15:09:35");
script_cve_id("CVE-2012-0786", "CVE-2012-0787");
script_xref(name:"ALAS", value:"2013-250");
script_xref(name:"RHSA", value:"2013:1537");
script_name(english:"Amazon Linux AMI : augeas (ALAS-2013-250)");
script_summary(english:"Checks rpm output for the updated packages");
script_set_attribute(
attribute:"synopsis",
value:"The remote Amazon Linux AMI host is missing a security update."
);
script_set_attribute(
attribute:"description",
value:
"Multiple flaws were found in the way Augeas handled configuration
files when updating them. An application using Augeas to update
configuration files in a directory that is writable to by a different
user (for example, an application running as root that is updating
files in a directory owned by a non-root service user) could have been
tricked into overwriting arbitrary files or leaking information via a
symbolic link or mount point attack. (CVE-2012-0786 , CVE-2012-0787)"
);
script_set_attribute(
attribute:"see_also",
value:"https://alas.aws.amazon.com/ALAS-2013-250.html"
);
script_set_attribute(
attribute:"solution",
value:"Run 'yum update augeas' to update your system."
);
script_set_cvss_base_vector("CVSS2#AV:L/AC:H/Au:N/C:P/I:P/A:P");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:augeas");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:augeas-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:augeas-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:augeas-libs");
script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux");
script_set_attribute(attribute:"patch_publication_date", value:"2013/12/02");
script_set_attribute(attribute:"plugin_publication_date", value:"2013/12/10");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.");
script_family(english:"Amazon Linux Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/AmazonLinux/release");
if (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, "Amazon Linux");
os_ver = pregmatch(pattern: "^AL(A|\d)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux");
os_ver = os_ver[1];
if (os_ver != "A")
{
if (os_ver == 'A') os_ver = 'AMI';
audit(AUDIT_OS_NOT, "Amazon Linux AMI", "Amazon Linux " + os_ver);
}
if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
flag = 0;
if (rpm_check(release:"ALA", reference:"augeas-1.0.0-5.5.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"augeas-debuginfo-1.0.0-5.5.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"augeas-devel-1.0.0-5.5.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"augeas-libs-1.0.0-5.5.amzn1")) flag++;
if (flag)
{
if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());
else security_note(0);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "augeas / augeas-debuginfo / augeas-devel / augeas-libs");
}
{"published": "2013-12-10T00:00:00", "id": "ALA_ALAS-2013-250.NASL", "cvss": {"score": 3.7, "vector": "AV:LOCAL/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "history": [{"differentElements": ["modified", "sourceData"], "edition": 2, "lastseen": "2017-10-29T13:37:48", "bulletin": {"enchantments": {"score": {"value": 2.7, "modified": "2017-10-29T13:37:48", "vector": "AV:L/AC:M/Au:M/C:P/I:P/A:N/"}}, "published": "2013-12-10T00:00:00", "id": "ALA_ALAS-2013-250.NASL", "cvss": {"score": 3.7, "vector": "AV:LOCAL/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "history": [], "cpe": ["p-cpe:/a:amazon:linux:augeas-devel", "p-cpe:/a:amazon:linux:augeas-debuginfo", "p-cpe:/a:amazon:linux:augeas", "p-cpe:/a:amazon:linux:augeas-libs", "cpe:/o:amazon:linux"], "hash": "c2b20fcf426db345f64bc730fe0244e7e2c01039f59aa12718174e646af2b79e", "description": "Multiple flaws were found in the way Augeas handled configuration files when updating them. An application using Augeas to update configuration files in a directory that is writable to by a different user (for example, an application running as root that is updating files in a directory owned by a non-root service user) could have been tricked into overwriting arbitrary files or leaking information via a symbolic link or mount point attack. (CVE-2012-0786 , CVE-2012-0787)", "type": "nessus", "pluginID": "71267", "lastseen": "2017-10-29T13:37:48", "edition": 2, "title": "Amazon Linux AMI : augeas (ALAS-2013-250)", "href": "https://www.tenable.com/plugins/index.php?view=single&id=71267", "modified": "2015-01-30T00:00:00", "bulletinFamily": "scanner", "viewCount": 0, "cvelist": ["CVE-2012-0787", "CVE-2012-0786"], "references": ["https://alas.aws.amazon.com/ALAS-2013-250.html"], "naslFamily": "Amazon Linux Local Security Checks", "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2013-250.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(71267);\n script_version(\"$Revision: 1.3 $\");\n script_cvs_date(\"$Date: 2015/01/30 14:48:47 $\");\n\n script_cve_id(\"CVE-2012-0786\", \"CVE-2012-0787\");\n script_xref(name:\"ALAS\", value:\"2013-250\");\n script_xref(name:\"RHSA\", value:\"2013:1537\");\n\n script_name(english:\"Amazon Linux AMI : augeas (ALAS-2013-250)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple flaws were found in the way Augeas handled configuration\nfiles when updating them. An application using Augeas to update\nconfiguration files in a directory that is writable to by a different\nuser (for example, an application running as root that is updating\nfiles in a directory owned by a non-root service user) could have been\ntricked into overwriting arbitrary files or leaking information via a\nsymbolic link or mount point attack. (CVE-2012-0786 , CVE-2012-0787)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2013-250.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update augeas' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:H/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:augeas\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:augeas-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:augeas-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:augeas-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/12/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/12/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2015 Tenable Network Security, Inc.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/AmazonLinux/release\")) audit(AUDIT_OS_NOT, \"Amazon Linux AMI\");\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"augeas-1.0.0-5.5.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"augeas-debuginfo-1.0.0-5.5.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"augeas-devel-1.0.0-5.5.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"augeas-libs-1.0.0-5.5.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"augeas / augeas-debuginfo / augeas-devel / augeas-libs\");\n}\n", "hashmap": [{"hash": "a1a51a3f50f25c29f823139f49eceeca", "key": "cpe"}, {"hash": "eb9fc9aa65037c0166525de33b9c38a9", "key": "published"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "79cc3da18f810f1d346720cf319a596e", "key": "pluginID"}, {"hash": "dec20086c84ddb93ee24665aba52253b", "key": "references"}, {"hash": "d777f76efaa9d3121e259283a3395a2c", "key": "title"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "df5cd238ab6ba820ee0b13c493f1bcd6", "key": "naslFamily"}, {"hash": "9002720e4d3f8bc517327ed9d187e5e7", "key": "href"}, {"hash": "e1ea69401573196143944423a8fb5ac3", "key": "sourceData"}, {"hash": "4d445541cac31f15c7878c3d1df5579a", "key": "cvelist"}, {"hash": "953188e6f812ff64dfbb546f22d3eaf8", "key": "modified"}, {"hash": "c306a62a6624d073fa0f285006558cae", "key": "cvss"}, {"hash": "c9fd39f9f2c4ab82d6f167239ba3541a", "key": "description"}], "objectVersion": "1.3"}}, {"differentElements": ["cpe"], "edition": 1, "lastseen": "2016-09-26T17:24:30", "bulletin": {"enchantments": {}, "published": "2013-12-10T00:00:00", "id": "ALA_ALAS-2013-250.NASL", "cvss": {"score": 3.7, "vector": "AV:LOCAL/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "history": [], "cpe": [], "hash": "915fa37a5241b94af21569d9fcc202e924441d305a03e7b930347a81372aac2b", "description": "Multiple flaws were found in the way Augeas handled configuration files when updating them. An application using Augeas to update configuration files in a directory that is writable to by a different user (for example, an application running as root that is updating files in a directory owned by a non-root service user) could have been tricked into overwriting arbitrary files or leaking information via a symbolic link or mount point attack. (CVE-2012-0786 , CVE-2012-0787)", "type": "nessus", "pluginID": "71267", "lastseen": "2016-09-26T17:24:30", "edition": 1, "title": "Amazon Linux AMI : augeas (ALAS-2013-250)", "href": "https://www.tenable.com/plugins/index.php?view=single&id=71267", "modified": "2015-01-30T00:00:00", "bulletinFamily": "scanner", "viewCount": 0, "cvelist": ["CVE-2012-0787", "CVE-2012-0786"], "references": ["https://alas.aws.amazon.com/ALAS-2013-250.html"], "naslFamily": "Amazon Linux Local Security Checks", "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2013-250.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(71267);\n script_version(\"$Revision: 1.3 $\");\n script_cvs_date(\"$Date: 2015/01/30 14:48:47 $\");\n\n script_cve_id(\"CVE-2012-0786\", \"CVE-2012-0787\");\n script_xref(name:\"ALAS\", value:\"2013-250\");\n script_xref(name:\"RHSA\", value:\"2013:1537\");\n\n script_name(english:\"Amazon Linux AMI : augeas (ALAS-2013-250)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple flaws were found in the way Augeas handled configuration\nfiles when updating them. An application using Augeas to update\nconfiguration files in a directory that is writable to by a different\nuser (for example, an application running as root that is updating\nfiles in a directory owned by a non-root service user) could have been\ntricked into overwriting arbitrary files or leaking information via a\nsymbolic link or mount point attack. (CVE-2012-0786 , CVE-2012-0787)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2013-250.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update augeas' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:H/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:augeas\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:augeas-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:augeas-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:augeas-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/12/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/12/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2015 Tenable Network Security, Inc.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/AmazonLinux/release\")) audit(AUDIT_OS_NOT, \"Amazon Linux AMI\");\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"augeas-1.0.0-5.5.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"augeas-debuginfo-1.0.0-5.5.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"augeas-devel-1.0.0-5.5.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"augeas-libs-1.0.0-5.5.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"augeas / augeas-debuginfo / augeas-devel / augeas-libs\");\n}\n", "hashmap": [{"hash": "eb9fc9aa65037c0166525de33b9c38a9", "key": "published"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "79cc3da18f810f1d346720cf319a596e", "key": "pluginID"}, {"hash": "dec20086c84ddb93ee24665aba52253b", "key": "references"}, {"hash": "d777f76efaa9d3121e259283a3395a2c", "key": "title"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "df5cd238ab6ba820ee0b13c493f1bcd6", "key": "naslFamily"}, {"hash": "9002720e4d3f8bc517327ed9d187e5e7", "key": "href"}, {"hash": "e1ea69401573196143944423a8fb5ac3", "key": "sourceData"}, {"hash": "4d445541cac31f15c7878c3d1df5579a", "key": "cvelist"}, {"hash": "953188e6f812ff64dfbb546f22d3eaf8", "key": "modified"}, {"hash": "c306a62a6624d073fa0f285006558cae", "key": "cvss"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}, {"hash": "c9fd39f9f2c4ab82d6f167239ba3541a", "key": "description"}], "objectVersion": "1.2"}}], "description": "Multiple flaws were found in the way Augeas handled configuration files when updating them. An application using Augeas to update configuration files in a directory that is writable to by a different user (for example, an application running as root that is updating files in a directory owned by a non-root service user) could have been tricked into overwriting arbitrary files or leaking information via a symbolic link or mount point attack. (CVE-2012-0786 , CVE-2012-0787)", "hash": "218e59a6e1f52e784831d00e22c316f5161d5c9b54d2acf08ca2213a42910e5c", "enchantments": {"vulnersScore": 5.0}, "type": "nessus", "pluginID": "71267", "lastseen": "2018-04-19T07:42:21", "edition": 3, "cpe": ["p-cpe:/a:amazon:linux:augeas-devel", "p-cpe:/a:amazon:linux:augeas-debuginfo", "p-cpe:/a:amazon:linux:augeas", "p-cpe:/a:amazon:linux:augeas-libs", "cpe:/o:amazon:linux"], "title": "Amazon Linux AMI : augeas (ALAS-2013-250)", "href": "https://www.tenable.com/plugins/index.php?view=single&id=71267", "modified": "2018-04-18T00:00:00", "bulletinFamily": "scanner", "viewCount": 0, "cvelist": ["CVE-2012-0787", "CVE-2012-0786"], "references": ["https://alas.aws.amazon.com/ALAS-2013-250.html"], "naslFamily": "Amazon Linux Local Security Checks", "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2013-250.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(71267);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2018/04/18 15:09:35\");\n\n script_cve_id(\"CVE-2012-0786\", \"CVE-2012-0787\");\n script_xref(name:\"ALAS\", value:\"2013-250\");\n script_xref(name:\"RHSA\", value:\"2013:1537\");\n\n script_name(english:\"Amazon Linux AMI : augeas (ALAS-2013-250)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple flaws were found in the way Augeas handled configuration\nfiles when updating them. An application using Augeas to update\nconfiguration files in a directory that is writable to by a different\nuser (for example, an application running as root that is updating\nfiles in a directory owned by a non-root service user) could have been\ntricked into overwriting arbitrary files or leaking information via a\nsymbolic link or mount point attack. (CVE-2012-0786 , CVE-2012-0787)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2013-250.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update augeas' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:H/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:augeas\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:augeas-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:augeas-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:augeas-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/12/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/12/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"augeas-1.0.0-5.5.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"augeas-debuginfo-1.0.0-5.5.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"augeas-devel-1.0.0-5.5.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"augeas-libs-1.0.0-5.5.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"augeas / augeas-debuginfo / augeas-devel / augeas-libs\");\n}\n", "hashmap": [{"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "a1a51a3f50f25c29f823139f49eceeca", "key": "cpe"}, {"hash": "4d445541cac31f15c7878c3d1df5579a", "key": "cvelist"}, {"hash": "c306a62a6624d073fa0f285006558cae", "key": "cvss"}, {"hash": "c9fd39f9f2c4ab82d6f167239ba3541a", "key": "description"}, {"hash": "9002720e4d3f8bc517327ed9d187e5e7", "key": "href"}, {"hash": "5ba3c9d875bfe1d4088cbfd233ef0c85", "key": "modified"}, {"hash": "df5cd238ab6ba820ee0b13c493f1bcd6", "key": "naslFamily"}, {"hash": "79cc3da18f810f1d346720cf319a596e", "key": "pluginID"}, {"hash": "eb9fc9aa65037c0166525de33b9c38a9", "key": "published"}, {"hash": "dec20086c84ddb93ee24665aba52253b", "key": "references"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "3d4082ed94ad06daa2ba6e4ff6257ca8", "key": "sourceData"}, {"hash": "d777f76efaa9d3121e259283a3395a2c", "key": "title"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}], "objectVersion": "1.3"}
{"result": {"cve": [{"id": "CVE-2012-0787", "type": "cve", "title": "CVE-2012-0787", "description": "The clone_file function in transfer.c in Augeas before 1.0.0, when copy_if_rename_fails is set and EXDEV or EBUSY is returned by the rename function, allows local users to overwrite arbitrary files and obtain sensitive information via a bind mount on the (1) .augsave or (2) destination file when using the backup save option, or (3) .augnew file when using the newfile save option.", "published": "2013-11-23T13:55:04", "cvss": {"score": 3.7, "vector": "AV:LOCAL/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0787", "cvelist": ["CVE-2012-0787"], "lastseen": "2016-09-03T16:15:44"}, {"id": "CVE-2012-0786", "type": "cve", "title": "CVE-2012-0786", "description": "The transform_save function in transform.c in Augeas before 1.0.0 allows local users to overwrite arbitrary files and obtain sensitive information via a symlink attack on a .augnew file.", "published": "2013-11-23T13:55:04", "cvss": {"score": 3.3, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0786", "cvelist": ["CVE-2012-0786"], "lastseen": "2016-09-03T16:15:42"}], "oraclelinux": [{"id": "ELSA-2013-1537", "type": "oraclelinux", "title": "augeas security, bug fix, and enhancement update", "description": "[1.0.0-5]\r\n- Don't package lenses in tests/ subdirectory.\r\n related: rhbz#817753\r\n \n[1.0.0-4]\r\n- Rebase to Augeas 1.0.0\r\n resolves: rhbz#817753\r\n- Add dependency on libxml2-devel.\r\n- Remove all patches (all upstream and included in 1.0.0).\r\n- Print tests/test-suite.log when the tests fail.\r\n- Add fix for regression added in 1.0.0 (RHBZ#920609).\r\n- Fix tests/test-run.", "published": "2013-11-25T00:00:00", "cvss": {"score": 3.7, "vector": "AV:LOCAL/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://linux.oracle.com/errata/ELSA-2013-1537.html", "cvelist": ["CVE-2012-0787", "CVE-2012-0786"], "lastseen": "2016-09-04T11:16:39"}], "openvas": [{"id": "OPENVAS:1361412562310123524", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2013-1537", "description": "Oracle Linux Local Security Checks ELSA-2013-1537", "published": "2015-10-06T00:00:00", "cvss": {"score": 3.7, "vector": "AV:LOCAL/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123524", "cvelist": ["CVE-2012-0787", "CVE-2012-0786"], "lastseen": "2017-07-24T12:53:26"}, {"id": "OPENVAS:1361412562310120545", "type": "openvas", "title": "Amazon Linux Local Check: ALAS-2013-250", "description": "Amazon Linux Local Security Checks", "published": "2015-09-08T00:00:00", "cvss": {"score": 3.7, "vector": "AV:LOCAL/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120545", "cvelist": ["CVE-2012-0787", "CVE-2012-0786"], "lastseen": "2017-07-24T12:51:34"}, {"id": "OPENVAS:871079", "type": "openvas", "title": "RedHat Update for augeas RHSA-2013:1537-02", "description": "Check for the Version of augeas", "published": "2013-11-21T00:00:00", "cvss": {"score": 3.7, "vector": "AV:LOCAL/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=871079", "cvelist": ["CVE-2012-0787", "CVE-2012-0786"], "lastseen": "2018-01-23T13:09:40"}, {"id": "OPENVAS:1361412562310871079", "type": "openvas", "title": "RedHat Update for augeas RHSA-2013:1537-02", "description": "Check for the Version of augeas", "published": "2013-11-21T00:00:00", "cvss": {"score": 3.7, "vector": "AV:LOCAL/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871079", "cvelist": ["CVE-2012-0787", "CVE-2012-0786"], "lastseen": "2018-04-06T11:21:26"}], "nessus": [{"id": "SL_20131121_AUGEAS_ON_SL6_X.NASL", "type": "nessus", "title": "Scientific Linux Security Update : augeas on SL6.x i386/x86_64", "description": "Multiple flaws were found in the way Augeas handled configuration files when updating them. An application using Augeas to update configuration files in a directory that is writable to by a different user (for example, an application running as root that is updating files in a directory owned by a non-root service user) could have been tricked into overwriting arbitrary files or leaking information via a symbolic link or mount point attack. (CVE-2012-0786, CVE-2012-0787)\n\nThe augeas package has been upgraded to upstream version 1.0.0, which provides a number of bug fixes and enhancements over the previous version.\n\nThis update also fixes the following bugs :\n\n - Previously, when single quotes were used in an XML attribute, Augeas was unable to parse the file with the XML lens. An upstream patch has been provided ensuring that single quotes are handled as valid characters and parsing no longer fails.\n\n - Prior to this update, Augeas was unable to set up the 'require_ssl_reuse' option in the vsftpd.conf file. The updated patch fixes the vsftpd lens to properly recognize this option, thus fixing this bug.\n\n - Previously, the XML lens did not support non-Unix line endings. Consequently, Augeas was unable to load any files containing such line endings. The XML lens has been fixed to handle files with CRLF line endings, thus fixing this bug.\n\n - Previously, Augeas was unable to parse modprobe.conf files with spaces around '=' characters in option directives. The modprobe lens has been updated and parsing no longer fails.", "published": "2013-12-04T00:00:00", "cvss": {"score": 3.7, "vector": "AV:LOCAL/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=71192", "cvelist": ["CVE-2012-0787", "CVE-2012-0786"], "lastseen": "2017-10-29T13:40:35"}, {"id": "DEBIAN_DLA-28.NASL", "type": "nessus", "title": "Debian DLA-28-1 : augeas security update", "description": "Multiple race conditions were discovered in augeas when saving configuration files which expose it to symlink attacks. Write access to the directory where the configuration file is located is required by the attacker.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2015-03-26T00:00:00", "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=82176", "cvelist": ["CVE-2013-6412", "CVE-2012-0787", "CVE-2012-0786"], "lastseen": "2017-10-29T13:39:38"}, {"id": "MANDRIVA_MDVSA-2014-022.NASL", "type": "nessus", "title": "Mandriva Linux Security Advisory : augeas (MDVSA-2014:022)", "description": "Updated augeas packages fix security vulnerabilities :\n\nMultiple flaws were found in the way Augeas handled configuration files when updating them. An application using Augeas to update configuration files in a directory that is writable to by a different user (for example, an application running as root that is updating files in a directory owned by a non-root service user) could have been tricked into overwriting arbitrary files or leaking information via a symbolic link or mount point attack (CVE-2012-0786, CVE-2012-0787).\n\nA flaw was found in the way Augeas handled certain umask settings when creating new configuration files. This flaw could result in configuration files being created as world-writable, allowing unprivileged local users to modify their content (CVE-2013-6412).", "published": "2014-01-27T00:00:00", "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=72134", "cvelist": ["CVE-2013-6412", "CVE-2012-0787", "CVE-2012-0786"], "lastseen": "2017-10-29T13:34:34"}, {"id": "REDHAT-RHSA-2013-1537.NASL", "type": "nessus", "title": "RHEL 6 : augeas (RHSA-2013:1537)", "description": "Updated augeas packages that fix two security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nAugeas is a utility for editing configuration. Augeas parses configuration files in their native formats and transforms them into a tree. Configuration changes are made by manipulating this tree and saving it back into native configuration files. Augeas also uses 'lenses' as basic building blocks for establishing the mapping from files into the Augeas tree and back.\n\nMultiple flaws were found in the way Augeas handled configuration files when updating them. An application using Augeas to update configuration files in a directory that is writable to by a different user (for example, an application running as root that is updating files in a directory owned by a non-root service user) could have been tricked into overwriting arbitrary files or leaking information via a symbolic link or mount point attack. (CVE-2012-0786, CVE-2012-0787)\n\nThe augeas package has been upgraded to upstream version 1.0.0, which provides a number of bug fixes and enhancements over the previous version. (BZ#817753)\n\nThis update also fixes the following bugs :\n\n* Previously, when single quotes were used in an XML attribute, Augeas was unable to parse the file with the XML lens. An upstream patch has been provided ensuring that single quotes are handled as valid characters and parsing no longer fails. (BZ#799885)\n\n* Prior to this update, Augeas was unable to set up the 'require_ssl_reuse' option in the vsftpd.conf file. The updated patch fixes the vsftpd lens to properly recognize this option, thus fixing this bug. (BZ#855022)\n\n* Previously, the XML lens did not support non-Unix line endings.\nConsequently, Augeas was unable to load any files containing such line endings. The XML lens has been fixed to handle files with CRLF line endings, thus fixing this bug. (BZ#799879)\n\n* Previously, Augeas was unable to parse modprobe.conf files with spaces around '=' characters in option directives. The modprobe lens has been updated and parsing no longer fails. (BZ#826752)\n\nAll Augeas users are advised to upgrade to these updated packages, which contain backported patches to correct these issues and add these enhancements.", "published": "2013-11-21T00:00:00", "cvss": {"score": 3.7, "vector": "AV:LOCAL/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=71000", "cvelist": ["CVE-2012-6607", "CVE-2012-0787", "CVE-2012-0786"], "lastseen": "2017-10-29T13:42:36"}, {"id": "CENTOS_RHSA-2013-1537.NASL", "type": "nessus", "title": "CentOS 6 : augeas (CESA-2013:1537)", "description": "Updated augeas packages that fix two security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nAugeas is a utility for editing configuration. Augeas parses configuration files in their native formats and transforms them into a tree. Configuration changes are made by manipulating this tree and saving it back into native configuration files. Augeas also uses 'lenses' as basic building blocks for establishing the mapping from files into the Augeas tree and back.\n\nMultiple flaws were found in the way Augeas handled configuration files when updating them. An application using Augeas to update configuration files in a directory that is writable to by a different user (for example, an application running as root that is updating files in a directory owned by a non-root service user) could have been tricked into overwriting arbitrary files or leaking information via a symbolic link or mount point attack. (CVE-2012-0786, CVE-2012-0787)\n\nThe augeas package has been upgraded to upstream version 1.0.0, which provides a number of bug fixes and enhancements over the previous version. (BZ#817753)\n\nThis update also fixes the following bugs :\n\n* Previously, when single quotes were used in an XML attribute, Augeas was unable to parse the file with the XML lens. An upstream patch has been provided ensuring that single quotes are handled as valid characters and parsing no longer fails. (BZ#799885)\n\n* Prior to this update, Augeas was unable to set up the 'require_ssl_reuse' option in the vsftpd.conf file. The updated patch fixes the vsftpd lens to properly recognize this option, thus fixing this bug. (BZ#855022)\n\n* Previously, the XML lens did not support non-Unix line endings.\nConsequently, Augeas was unable to load any files containing such line endings. The XML lens has been fixed to handle files with CRLF line endings, thus fixing this bug. (BZ#799879)\n\n* Previously, Augeas was unable to parse modprobe.conf files with spaces around '=' characters in option directives. The modprobe lens has been updated and parsing no longer fails. (BZ#826752)\n\nAll Augeas users are advised to upgrade to these updated packages, which contain backported patches to correct these issues and add these enhancements.", "published": "2014-11-12T00:00:00", "cvss": {"score": 3.7, "vector": "AV:LOCAL/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=79157", "cvelist": ["CVE-2012-6607", "CVE-2012-0787", "CVE-2012-0786"], "lastseen": "2017-10-29T13:37:32"}, {"id": "ORACLELINUX_ELSA-2013-1537.NASL", "type": "nessus", "title": "Oracle Linux 6 : augeas (ELSA-2013-1537)", "description": "From Red Hat Security Advisory 2013:1537 :\n\nUpdated augeas packages that fix two security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nAugeas is a utility for editing configuration. Augeas parses configuration files in their native formats and transforms them into a tree. Configuration changes are made by manipulating this tree and saving it back into native configuration files. Augeas also uses 'lenses' as basic building blocks for establishing the mapping from files into the Augeas tree and back.\n\nMultiple flaws were found in the way Augeas handled configuration files when updating them. An application using Augeas to update configuration files in a directory that is writable to by a different user (for example, an application running as root that is updating files in a directory owned by a non-root service user) could have been tricked into overwriting arbitrary files or leaking information via a symbolic link or mount point attack. (CVE-2012-0786, CVE-2012-0787)\n\nThe augeas package has been upgraded to upstream version 1.0.0, which provides a number of bug fixes and enhancements over the previous version. (BZ#817753)\n\nThis update also fixes the following bugs :\n\n* Previously, when single quotes were used in an XML attribute, Augeas was unable to parse the file with the XML lens. An upstream patch has been provided ensuring that single quotes are handled as valid characters and parsing no longer fails. (BZ#799885)\n\n* Prior to this update, Augeas was unable to set up the 'require_ssl_reuse' option in the vsftpd.conf file. The updated patch fixes the vsftpd lens to properly recognize this option, thus fixing this bug. (BZ#855022)\n\n* Previously, the XML lens did not support non-Unix line endings.\nConsequently, Augeas was unable to load any files containing such line endings. The XML lens has been fixed to handle files with CRLF line endings, thus fixing this bug. (BZ#799879)\n\n* Previously, Augeas was unable to parse modprobe.conf files with spaces around '=' characters in option directives. The modprobe lens has been updated and parsing no longer fails. (BZ#826752)\n\nAll Augeas users are advised to upgrade to these updated packages, which contain backported patches to correct these issues and add these enhancements.", "published": "2013-11-27T00:00:00", "cvss": {"score": 3.7, "vector": "AV:LOCAL/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=71102", "cvelist": ["CVE-2012-6607", "CVE-2012-0787", "CVE-2012-0786"], "lastseen": "2017-10-29T13:42:07"}, {"id": "SUSE_11_AUGEAS-140730.NASL", "type": "nessus", "title": "SuSE 11.3 Security Update : augeas (SAT Patch Number 9574)", "description": "Augeas has been updated to fix a symlink overwrite problem.\n(CVE-2012-0786 / CVE-2013-6412)\n\nAlso a bug has been fixed where 'augtool -s set was failing'.\n(bnc#876044)\n\nAdditionally parsing the multipath configuration has been fixed.\nbnc#871323", "published": "2014-08-14T00:00:00", "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=77196", "cvelist": ["CVE-2013-6412", "CVE-2012-0786"], "lastseen": "2017-10-29T13:35:58"}], "redhat": [{"id": "RHSA-2013:1537", "type": "redhat", "title": "(RHSA-2013:1537) Low: augeas security, bug fix, and enhancement update", "description": "Augeas is a utility for editing configuration. Augeas parses configuration\nfiles in their native formats and transforms them into a tree.\nConfiguration changes are made by manipulating this tree and saving it back\ninto native configuration files. Augeas also uses \"lenses\" as basic\nbuilding blocks for establishing the mapping from files into the Augeas\ntree and back.\n\nMultiple flaws were found in the way Augeas handled configuration files\nwhen updating them. An application using Augeas to update configuration\nfiles in a directory that is writable to by a different user (for example,\nan application running as root that is updating files in a directory owned\nby a non-root service user) could have been tricked into overwriting\narbitrary files or leaking information via a symbolic link or mount point\nattack. (CVE-2012-0786, CVE-2012-0787)\n\nThe augeas package has been upgraded to upstream version 1.0.0, which\nprovides a number of bug fixes and enhancements over the previous version.\n(BZ#817753)\n\nThis update also fixes the following bugs:\n\n* Previously, when single quotes were used in an XML attribute, Augeas was\nunable to parse the file with the XML lens. An upstream patch has been\nprovided ensuring that single quotes are handled as valid characters and\nparsing no longer fails. (BZ#799885)\n\n* Prior to this update, Augeas was unable to set up the \"require_ssl_reuse\"\noption in the vsftpd.conf file. The updated patch fixes the vsftpd lens to\nproperly recognize this option, thus fixing this bug. (BZ#855022)\n\n* Previously, the XML lens did not support non-Unix line endings.\nConsequently, Augeas was unable to load any files containing such line\nendings. The XML lens has been fixed to handle files with CRLF line\nendings, thus fixing this bug. (BZ#799879)\n\n* Previously, Augeas was unable to parse modprobe.conf files with spaces\naround \"=\" characters in option directives. The modprobe lens has been\nupdated and parsing no longer fails. (BZ#826752)\n\nAll Augeas users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues and add these\nenhancements.\n", "published": "2013-11-21T05:00:00", "cvss": {"score": 3.7, "vector": "AV:LOCAL/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://access.redhat.com/errata/RHSA-2013:1537", "cvelist": ["CVE-2012-0787", "CVE-2012-0786"], "lastseen": "2017-03-06T11:18:34"}, {"id": "RHSA-2013:1527", "type": "redhat", "title": "(RHSA-2013:1527) Important: rhev-hypervisor6 security and bug fix update", "description": "The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization\nHypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor\nis a dedicated Kernel-based Virtual Machine (KVM) hypervisor. It includes\neverything necessary to run and manage virtual machines: a subset of the\nRed Hat Enterprise Linux operating environment and the Red Hat Enterprise\nVirtualization Agent.\n\nNote: Red Hat Enterprise Virtualization Hypervisor is only available for\nthe Intel 64 and AMD64 architectures with virtualization extensions.\n\nUpgrade Note: If you upgrade the Red Hat Enterprise Virtualization\nHypervisor through the 3.2 Manager administration portal, the Host may\nappear with the status of \"Install Failed\". If this happens, place the host\ninto maintenance mode, then activate it again to get the host back to an\n\"Up\" state.\n\nA buffer overflow flaw was found in the way QEMU processed the SCSI \"REPORT\nLUNS\" command when more than 256 LUNs were specified for a single SCSI\ntarget. A privileged guest user could use this flaw to corrupt QEMU process\nmemory on the host, which could potentially result in arbitrary code\nexecution on the host with the privileges of the QEMU process.\n(CVE-2013-4344)\n\nMultiple flaws were found in the way Linux kernel handled HID (Human\nInterface Device) reports. An attacker with physical access to the system\ncould use this flaw to crash the system or, potentially, escalate their\nprivileges on the system. (CVE-2013-2888, CVE-2013-2889, CVE-2013-2892)\n\nA flaw was found in the way the Python SSL module handled X.509 certificate\nfields that contain a NULL byte. An attacker could potentially exploit this\nflaw to conduct man-in-the-middle attacks to spoof SSL servers. Note that\nto exploit this issue, an attacker would need to obtain a carefully crafted\ncertificate signed by an authority that the client trusts. (CVE-2013-4238)\n\nThe default OpenSSH configuration made it easy for remote attackers to\nexhaust unauthorized connection slots and prevent other users from being\nable to log in to a system. This flaw has been addressed by enabling random\nearly connection drops by setting MaxStartups to 10:30:100 by default.\nFor more information, refer to the sshd_config(5) man page. (CVE-2010-5107)\n\nThe CVE-2013-4344 issue was discovered by Asias He of Red Hat.\n\nThis updated package provides updated components that include fixes for\nvarious security issues. These issues have no security impact on Red Hat\nEnterprise Virtualization Hypervisor itself, however. The security fixes\nincluded in this update address the following CVE numbers:\n\nCVE-2012-0786 and CVE-2012-0787 (augeas issues)\n\nCVE-2013-1813 (busybox issue)\n\nCVE-2013-0221, CVE-2013-0222, and CVE-2013-0223 (coreutils issues)\n\nCVE-2012-4453 (dracut issue)\n\nCVE-2013-4332, CVE-2013-0242, and CVE-2013-1914 (glibc issues)\n\nCVE-2013-4387, CVE-2013-0343, CVE-2013-4345, CVE-2013-4591, CVE-2013-4592,\nCVE-2012-6542, CVE-2013-3231, CVE-2013-1929, CVE-2012-6545, CVE-2013-1928,\nCVE-2013-2164, CVE-2013-2234, and CVE-2013-2851 (kernel issues)\n\nCVE-2013-4242 (libgcrypt issue)\n\nCVE-2013-4419 (libguestfs issue)\n\nCVE-2013-1775, CVE-2013-2776, and CVE-2013-2777 (sudo issues)\n\nThis update also fixes the following bug:\n\n* A previous version of the rhev-hypervisor6 package did not contain the\nlatest vhostmd package, which provides a \"metrics communication channel\"\nbetween a host and its hosted virtual machines, allowing limited\nintrospection of host resource usage from within virtual machines. This has\nbeen fixed, and rhev-hypervisor6 now includes the latest vhostmd package.\n(BZ#1026703)\n\nThis update also contains the fixes from the following errata:\n\n* ovirt-node: https://rhn.redhat.com/errata/RHBA-2013-1528.html\n\nUsers of the Red Hat Enterprise Virtualization Hypervisor are advised to\nupgrade to this updated package, which corrects these issues.\n", "published": "2013-11-21T05:00:00", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2013:1527", "cvelist": ["CVE-2013-2234", "CVE-2013-1775", "CVE-2013-4345", "CVE-2013-0242", "CVE-2012-4453", "CVE-2013-4238", "CVE-2013-0223", "CVE-2013-1813", "CVE-2013-3231", "CVE-2013-2892", "CVE-2013-4592", "CVE-2013-4242", "CVE-2013-4419", "CVE-2012-6545", "CVE-2012-6542", "CVE-2013-0222", "CVE-2012-0787", "CVE-2013-1929", "CVE-2013-2777", "CVE-2013-4332", "CVE-2010-5107", "CVE-2013-2851", "CVE-2013-1914", "CVE-2012-0786", "CVE-2013-2776", "CVE-2013-4387", "CVE-2013-0343", "CVE-2013-1928", "CVE-2013-0221", "CVE-2013-2888", "CVE-2013-2164", "CVE-2013-2889", "CVE-2013-4591", "CVE-2013-4344"], "lastseen": "2017-03-10T07:18:24"}], "centos": [{"id": "CESA-2013:1537", "type": "centos", "title": "augeas security update", "description": "**CentOS Errata and Security Advisory** CESA-2013:1537\n\n\nAugeas is a utility for editing configuration. Augeas parses configuration\nfiles in their native formats and transforms them into a tree.\nConfiguration changes are made by manipulating this tree and saving it back\ninto native configuration files. Augeas also uses \"lenses\" as basic\nbuilding blocks for establishing the mapping from files into the Augeas\ntree and back.\n\nMultiple flaws were found in the way Augeas handled configuration files\nwhen updating them. An application using Augeas to update configuration\nfiles in a directory that is writable to by a different user (for example,\nan application running as root that is updating files in a directory owned\nby a non-root service user) could have been tricked into overwriting\narbitrary files or leaking information via a symbolic link or mount point\nattack. (CVE-2012-0786, CVE-2012-0787)\n\nThe augeas package has been upgraded to upstream version 1.0.0, which\nprovides a number of bug fixes and enhancements over the previous version.\n(BZ#817753)\n\nThis update also fixes the following bugs:\n\n* Previously, when single quotes were used in an XML attribute, Augeas was\nunable to parse the file with the XML lens. An upstream patch has been\nprovided ensuring that single quotes are handled as valid characters and\nparsing no longer fails. (BZ#799885)\n\n* Prior to this update, Augeas was unable to set up the \"require_ssl_reuse\"\noption in the vsftpd.conf file. The updated patch fixes the vsftpd lens to\nproperly recognize this option, thus fixing this bug. (BZ#855022)\n\n* Previously, the XML lens did not support non-Unix line endings.\nConsequently, Augeas was unable to load any files containing such line\nendings. The XML lens has been fixed to handle files with CRLF line\nendings, thus fixing this bug. (BZ#799879)\n\n* Previously, Augeas was unable to parse modprobe.conf files with spaces\naround \"=\" characters in option directives. The modprobe lens has been\nupdated and parsing no longer fails. (BZ#826752)\n\nAll Augeas users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues and add these\nenhancements.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-cr-announce/2013-November/000897.html\n\n**Affected packages:**\naugeas\naugeas-devel\naugeas-libs\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2013-1537.html", "published": "2013-11-26T13:31:08", "cvss": {"score": 3.7, "vector": "AV:LOCAL/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://lists.centos.org/pipermail/centos-cr-announce/2013-November/000897.html", "cvelist": ["CVE-2012-0787", "CVE-2012-0786"], "lastseen": "2017-10-03T18:26:42"}], "amazon": [{"id": "ALAS-2013-250", "type": "amazon", "title": "Low: augeas", "description": "**Issue Overview:**\n\nMultiple flaws were found in the way Augeas handled configuration files when updating them. An application using Augeas to update configuration files in a directory that is writable to by a different user (for example, an application running as root that is updating files in a directory owned by a non-root service user) could have been tricked into overwriting arbitrary files or leaking information via a symbolic link or mount point attack. ([CVE-2012-0786 __](<https://access.redhat.com/security/cve/CVE-2012-0786>), [CVE-2012-0787 __](<https://access.redhat.com/security/cve/CVE-2012-0787>))\n\n \n**Affected Packages:** \n\n\naugeas\n\n \n**Issue Correction:** \nRun _yum update augeas_ to update your system. \n\n \n**New Packages:**\n \n \n i686: \n augeas-libs-1.0.0-5.5.amzn1.i686 \n augeas-debuginfo-1.0.0-5.5.amzn1.i686 \n augeas-1.0.0-5.5.amzn1.i686 \n augeas-devel-1.0.0-5.5.amzn1.i686 \n \n src: \n augeas-1.0.0-5.5.amzn1.src \n \n x86_64: \n augeas-devel-1.0.0-5.5.amzn1.x86_64 \n augeas-1.0.0-5.5.amzn1.x86_64 \n augeas-debuginfo-1.0.0-5.5.amzn1.x86_64 \n augeas-libs-1.0.0-5.5.amzn1.x86_64 \n \n \n", "published": "2013-12-02T20:28:00", "cvss": {"score": 3.7, "vector": "AV:LOCAL/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://alas.aws.amazon.com/ALAS-2013-250.html", "cvelist": ["CVE-2012-0787", "CVE-2012-0786"], "lastseen": "2016-09-28T21:04:15"}]}}
