ID ALA_ALAS-2013-257.NASL Type nessus Reporter This script is Copyright (C) 2013-2018 Tenable Network Security, Inc. Modified 2019-12-02T00:00:00
Description
It was discovered that dracut created initramfs images as world
readable. A local user could possibly use this flaw to obtain
sensitive information from these files, such as iSCSI authentication
passwords, encrypted root file system crypttab passwords, or other
information. (CVE-2012-4453)
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Amazon Linux AMI Security Advisory ALAS-2013-257.
#
include("compat.inc");
if (description)
{
script_id(71397);
script_version("1.4");
script_cvs_date("Date: 2018/04/18 15:09:35");
script_cve_id("CVE-2012-4453");
script_xref(name:"ALAS", value:"2013-257");
script_xref(name:"RHSA", value:"2013:1674");
script_name(english:"Amazon Linux AMI : dracut (ALAS-2013-257)");
script_summary(english:"Checks rpm output for the updated packages");
script_set_attribute(
attribute:"synopsis",
value:"The remote Amazon Linux AMI host is missing a security update."
);
script_set_attribute(
attribute:"description",
value:
"It was discovered that dracut created initramfs images as world
readable. A local user could possibly use this flaw to obtain
sensitive information from these files, such as iSCSI authentication
passwords, encrypted root file system crypttab passwords, or other
information. (CVE-2012-4453)"
);
script_set_attribute(
attribute:"see_also",
value:"https://alas.aws.amazon.com/ALAS-2013-257.html"
);
script_set_attribute(
attribute:"solution",
value:"Run 'yum update dracut' to update your system."
);
script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:dracut");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:dracut-caps");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:dracut-fips");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:dracut-fips-aesni");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:dracut-generic");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:dracut-kernel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:dracut-network");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:dracut-tools");
script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux");
script_set_attribute(attribute:"patch_publication_date", value:"2013/12/11");
script_set_attribute(attribute:"plugin_publication_date", value:"2013/12/14");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.");
script_family(english:"Amazon Linux Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/AmazonLinux/release");
if (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, "Amazon Linux");
os_ver = pregmatch(pattern: "^AL(A|\d)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux");
os_ver = os_ver[1];
if (os_ver != "A")
{
if (os_ver == 'A') os_ver = 'AMI';
audit(AUDIT_OS_NOT, "Amazon Linux AMI", "Amazon Linux " + os_ver);
}
if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
flag = 0;
if (rpm_check(release:"ALA", reference:"dracut-004-336.21.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"dracut-caps-004-336.21.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"dracut-fips-004-336.21.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"dracut-fips-aesni-004-336.21.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"dracut-generic-004-336.21.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"dracut-kernel-004-336.21.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"dracut-network-004-336.21.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"dracut-tools-004-336.21.amzn1")) flag++;
if (flag)
{
if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());
else security_note(0);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "dracut / dracut-caps / dracut-fips / dracut-fips-aesni / etc");
}
{"id": "ALA_ALAS-2013-257.NASL", "bulletinFamily": "scanner", "title": "Amazon Linux AMI : dracut (ALAS-2013-257)", "description": "It was discovered that dracut created initramfs images as world\nreadable. A local user could possibly use this flaw to obtain\nsensitive information from these files, such as iSCSI authentication\npasswords, encrypted root file system crypttab passwords, or other\ninformation. (CVE-2012-4453)", "published": "2013-12-14T00:00:00", "modified": "2019-12-02T00:00:00", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}, "href": "https://www.tenable.com/plugins/nessus/71397", "reporter": "This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.", "references": ["https://alas.aws.amazon.com/ALAS-2013-257.html"], "cvelist": ["CVE-2012-4453"], "type": "nessus", "lastseen": "2019-12-13T06:38:57", "history": [{"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:amazon:linux:dracut-fips-aesni", "p-cpe:/a:amazon:linux:dracut-fips", "p-cpe:/a:amazon:linux:dracut-tools", "p-cpe:/a:amazon:linux:dracut-caps", "p-cpe:/a:amazon:linux:dracut-network", "p-cpe:/a:amazon:linux:dracut-generic", "p-cpe:/a:amazon:linux:dracut-kernel", "p-cpe:/a:amazon:linux:dracut", "cpe:/o:amazon:linux"], "cvelist": ["CVE-2012-4453"], "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}, "description": "It was discovered that dracut created initramfs images as world\nreadable. A local user could possibly use this flaw to obtain\nsensitive information from these files, such as iSCSI authentication\npasswords, encrypted root file system crypttab passwords, or other\ninformation. (CVE-2012-4453)", "edition": 9, "enchantments": {"dependencies": {"modified": "2019-11-01T02:13:55", "references": [{"idList": ["REDHAT-RHSA-2013-1674.NASL", "FEDORA_2012-14959.NASL", "FEDORA_2012-14953.NASL", "REDHAT-RHSA-2013-1527.NASL", "FEDORA_2012-16448.NASL", "SL_20131121_DRACUT_ON_SL6_X.NASL", "ORACLELINUX_ELSA-2013-1674.NASL"], "type": "nessus"}, {"idList": ["ELSA-2013-1674"], "type": "oraclelinux"}, {"idList": ["CVE-2012-4453"], "type": "cve"}, {"idList": ["RHSA-2013:1674", "RHSA-2013:1527"], "type": "redhat"}, {"idList": ["ALAS-2013-257"], "type": "amazon"}, {"idList": ["OPENVAS:1361412562310871086", "OPENVAS:1361412562310864777", "OPENVAS:864777", "OPENVAS:1361412562310864774", "OPENVAS:871086", "OPENVAS:1361412562310123522", "OPENVAS:864774", "OPENVAS:1361412562310120550"], "type": "openvas"}]}, "score": {"modified": "2019-11-01T02:13:55", "value": 4.7, "vector": "NONE"}}, "hash": "c11b4f22dc1dfd326972a118bb6c2043dd40dfc873e7c91f95f74b4aab2c771c", "hashmap": [{"hash": "80a0e3f34c7648949beca9782fec99b5", "key": "references"}, {"hash": "abcf9266f425f12dda38f529cd4a94bc", "key": "modified"}, {"hash": "273e13a6008864019a0100ce7e5bfa07", "key": "sourceData"}, {"hash": "8c29e327ecae9940af88849fdeee038f", "key": "cvss"}, {"hash": "3b9756b764a6b5eab36657f700f8cb3a", "key": "published"}, {"hash": "4cbf9ada67e0da45d4f7be0f17d5bfaa", "key": "pluginID"}, {"hash": "a4b59e340e6db1b6a0e0941d7d7db47b", "key": "cvelist"}, {"hash": "7da4d3f102ffb56398ef0eda9eb7caae", "key": "href"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "df5cd238ab6ba820ee0b13c493f1bcd6", "key": "naslFamily"}, {"hash": "be8a8ab1232f48e8c45150063e9e8c47", "key": "cpe"}, {"hash": "528cea5b87bf77107bd9f05291bbffe5", "key": "reporter"}, {"hash": "7d461e02559c82772c223d0d8778bd20", "key": "title"}, {"hash": "c8115ba5b2dd9e86939775e1a277ac27", "key": "description"}], "history": [], "href": "https://www.tenable.com/plugins/nessus/71397", "id": "ALA_ALAS-2013-257.NASL", "lastseen": "2019-11-01T02:13:55", "modified": "2019-11-02T00:00:00", "naslFamily": "Amazon Linux Local Security Checks", "objectVersion": "1.3", "pluginID": "71397", "published": "2013-12-14T00:00:00", "references": ["https://alas.aws.amazon.com/ALAS-2013-257.html"], "reporter": "This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2013-257.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(71397);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2018/04/18 15:09:35\");\n\n script_cve_id(\"CVE-2012-4453\");\n script_xref(name:\"ALAS\", value:\"2013-257\");\n script_xref(name:\"RHSA\", value:\"2013:1674\");\n\n script_name(english:\"Amazon Linux AMI : dracut (ALAS-2013-257)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that dracut created initramfs images as world\nreadable. A local user could possibly use this flaw to obtain\nsensitive information from these files, such as iSCSI authentication\npasswords, encrypted root file system crypttab passwords, or other\ninformation. (CVE-2012-4453)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2013-257.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update dracut' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:dracut\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:dracut-caps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:dracut-fips\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:dracut-fips-aesni\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:dracut-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:dracut-kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:dracut-network\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:dracut-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/12/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/12/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"dracut-004-336.21.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"dracut-caps-004-336.21.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"dracut-fips-004-336.21.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"dracut-fips-aesni-004-336.21.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"dracut-generic-004-336.21.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"dracut-kernel-004-336.21.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"dracut-network-004-336.21.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"dracut-tools-004-336.21.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"dracut / dracut-caps / dracut-fips / dracut-fips-aesni / etc\");\n}\n", "title": "Amazon Linux AMI : dracut (ALAS-2013-257)", "type": "nessus", "viewCount": 1}, "differentElements": ["modified"], "edition": 9, "lastseen": "2019-11-01T02:13:55"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:amazon:linux:dracut-fips-aesni", "p-cpe:/a:amazon:linux:dracut-fips", "p-cpe:/a:amazon:linux:dracut-tools", "p-cpe:/a:amazon:linux:dracut-caps", "p-cpe:/a:amazon:linux:dracut-network", "p-cpe:/a:amazon:linux:dracut-generic", "p-cpe:/a:amazon:linux:dracut-kernel", "p-cpe:/a:amazon:linux:dracut", "cpe:/o:amazon:linux"], "cvelist": ["CVE-2012-4453"], "cvss": {"score": 2.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "description": "It was discovered that dracut created initramfs images as world readable. A local user could possibly use this flaw to obtain sensitive information from these files, such as iSCSI authentication passwords, encrypted root file system crypttab passwords, or other information. (CVE-2012-4453)", "edition": 3, "enchantments": {"score": {"value": 2.1, "vector": "NONE"}}, "hash": "e70d64db0cdbecd534cdb5d22dc73ea0623acd265dd11502a1b183cff8ffcb38", "hashmap": [{"hash": "80a0e3f34c7648949beca9782fec99b5", "key": "references"}, {"hash": "5ba3c9d875bfe1d4088cbfd233ef0c85", "key": "modified"}, {"hash": "635d7f080910dc81e99c0ca9b0d4203f", "key": "cvss"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "273e13a6008864019a0100ce7e5bfa07", "key": "sourceData"}, {"hash": "771af7b001b1863f6e41fda344449a41", "key": "href"}, {"hash": "3b9756b764a6b5eab36657f700f8cb3a", "key": "published"}, {"hash": "4cbf9ada67e0da45d4f7be0f17d5bfaa", "key": "pluginID"}, {"hash": "a4b59e340e6db1b6a0e0941d7d7db47b", "key": "cvelist"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "df5cd238ab6ba820ee0b13c493f1bcd6", "key": "naslFamily"}, {"hash": "3d4c9eee23e52eb9d0f55559eb98ed1b", "key": "description"}, {"hash": "be8a8ab1232f48e8c45150063e9e8c47", "key": "cpe"}, {"hash": "7d461e02559c82772c223d0d8778bd20", "key": "title"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=71397", "id": "ALA_ALAS-2013-257.NASL", "lastseen": "2018-04-19T07:35:08", "modified": "2018-04-18T00:00:00", "naslFamily": "Amazon Linux Local Security Checks", "objectVersion": "1.3", "pluginID": "71397", "published": "2013-12-14T00:00:00", "references": ["https://alas.aws.amazon.com/ALAS-2013-257.html"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2013-257.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(71397);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2018/04/18 15:09:35\");\n\n script_cve_id(\"CVE-2012-4453\");\n script_xref(name:\"ALAS\", value:\"2013-257\");\n script_xref(name:\"RHSA\", value:\"2013:1674\");\n\n script_name(english:\"Amazon Linux AMI : dracut (ALAS-2013-257)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that dracut created initramfs images as world\nreadable. A local user could possibly use this flaw to obtain\nsensitive information from these files, such as iSCSI authentication\npasswords, encrypted root file system crypttab passwords, or other\ninformation. (CVE-2012-4453)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2013-257.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update dracut' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:dracut\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:dracut-caps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:dracut-fips\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:dracut-fips-aesni\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:dracut-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:dracut-kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:dracut-network\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:dracut-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/12/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/12/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"dracut-004-336.21.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"dracut-caps-004-336.21.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"dracut-fips-004-336.21.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"dracut-fips-aesni-004-336.21.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"dracut-generic-004-336.21.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"dracut-kernel-004-336.21.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"dracut-network-004-336.21.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"dracut-tools-004-336.21.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"dracut / dracut-caps / dracut-fips / dracut-fips-aesni / etc\");\n}\n", "title": "Amazon Linux AMI : dracut (ALAS-2013-257)", "type": "nessus", "viewCount": 1}, "differentElements": ["cvss"], "edition": 3, "lastseen": "2018-04-19T07:35:08"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:amazon:linux:dracut-fips-aesni", "p-cpe:/a:amazon:linux:dracut-fips", "p-cpe:/a:amazon:linux:dracut-tools", "p-cpe:/a:amazon:linux:dracut-caps", "p-cpe:/a:amazon:linux:dracut-network", "p-cpe:/a:amazon:linux:dracut-generic", "p-cpe:/a:amazon:linux:dracut-kernel", "p-cpe:/a:amazon:linux:dracut", "cpe:/o:amazon:linux"], "cvelist": ["CVE-2012-4453"], "cvss": {"score": 2.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "description": "It was discovered that dracut created initramfs images as world\nreadable. A local user could possibly use this flaw to obtain\nsensitive information from these files, such as iSCSI authentication\npasswords, encrypted root file system crypttab passwords, or other\ninformation. (CVE-2012-4453)", "edition": 6, "enchantments": {"dependencies": {"modified": "2019-01-16T20:17:43", "references": [{"idList": ["ELSA-2013-1674"], "type": "oraclelinux"}, {"idList": ["CVE-2012-4453"], "type": "cve"}, {"idList": ["RHSA-2013:1674", "RHSA-2013:1527"], "type": "redhat"}, {"idList": ["ALAS-2013-257"], "type": "amazon"}, {"idList": ["REDHAT-RHSA-2013-1674.NASL", "FEDORA_2012-14959.NASL", "FEDORA_2012-14953.NASL", "FEDORA_2012-16448.NASL", "SL_20131121_DRACUT_ON_SL6_X.NASL", "ORACLELINUX_ELSA-2013-1674.NASL"], "type": "nessus"}, {"idList": ["OPENVAS:1361412562310871086", "OPENVAS:1361412562310864777", "OPENVAS:864777", "OPENVAS:1361412562310864774", "OPENVAS:871086", "OPENVAS:1361412562310123522", "OPENVAS:864774", "OPENVAS:1361412562310120550"], "type": "openvas"}]}, "score": {"value": 2.1, "vector": "NONE"}}, "hash": "56641bf920ea8bf1404d9fe4ab1a55f356d774e98484d050b60be2d82d64b6c5", "hashmap": [{"hash": "80a0e3f34c7648949beca9782fec99b5", "key": "references"}, {"hash": "5ba3c9d875bfe1d4088cbfd233ef0c85", "key": "modified"}, {"hash": "635d7f080910dc81e99c0ca9b0d4203f", "key": "cvss"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "273e13a6008864019a0100ce7e5bfa07", "key": "sourceData"}, {"hash": "771af7b001b1863f6e41fda344449a41", "key": "href"}, {"hash": "3b9756b764a6b5eab36657f700f8cb3a", "key": "published"}, {"hash": "4cbf9ada67e0da45d4f7be0f17d5bfaa", "key": "pluginID"}, {"hash": "a4b59e340e6db1b6a0e0941d7d7db47b", "key": "cvelist"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "df5cd238ab6ba820ee0b13c493f1bcd6", "key": "naslFamily"}, {"hash": "be8a8ab1232f48e8c45150063e9e8c47", "key": "cpe"}, {"hash": "7d461e02559c82772c223d0d8778bd20", "key": "title"}, {"hash": "c8115ba5b2dd9e86939775e1a277ac27", "key": "description"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=71397", "id": "ALA_ALAS-2013-257.NASL", "lastseen": "2019-01-16T20:17:43", "modified": "2018-04-18T00:00:00", "naslFamily": "Amazon Linux Local Security Checks", "objectVersion": "1.3", "pluginID": "71397", "published": "2013-12-14T00:00:00", "references": ["https://alas.aws.amazon.com/ALAS-2013-257.html"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2013-257.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(71397);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2018/04/18 15:09:35\");\n\n script_cve_id(\"CVE-2012-4453\");\n script_xref(name:\"ALAS\", value:\"2013-257\");\n script_xref(name:\"RHSA\", value:\"2013:1674\");\n\n script_name(english:\"Amazon Linux AMI : dracut (ALAS-2013-257)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that dracut created initramfs images as world\nreadable. A local user could possibly use this flaw to obtain\nsensitive information from these files, such as iSCSI authentication\npasswords, encrypted root file system crypttab passwords, or other\ninformation. (CVE-2012-4453)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2013-257.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update dracut' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:dracut\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:dracut-caps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:dracut-fips\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:dracut-fips-aesni\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:dracut-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:dracut-kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:dracut-network\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:dracut-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/12/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/12/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"dracut-004-336.21.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"dracut-caps-004-336.21.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"dracut-fips-004-336.21.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"dracut-fips-aesni-004-336.21.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"dracut-generic-004-336.21.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"dracut-kernel-004-336.21.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"dracut-network-004-336.21.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"dracut-tools-004-336.21.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"dracut / dracut-caps / dracut-fips / dracut-fips-aesni / etc\");\n}\n", "title": "Amazon Linux AMI : dracut (ALAS-2013-257)", "type": "nessus", "viewCount": 1}, "differentElements": ["description"], "edition": 6, "lastseen": "2019-01-16T20:17:43"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:amazon:linux:dracut-fips-aesni", "p-cpe:/a:amazon:linux:dracut-fips", "p-cpe:/a:amazon:linux:dracut-tools", "p-cpe:/a:amazon:linux:dracut-caps", "p-cpe:/a:amazon:linux:dracut-network", "p-cpe:/a:amazon:linux:dracut-generic", "p-cpe:/a:amazon:linux:dracut-kernel", "p-cpe:/a:amazon:linux:dracut", "cpe:/o:amazon:linux"], "cvelist": ["CVE-2012-4453"], "cvss": {"score": 2.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "description": "It was discovered that dracut created initramfs images as world readable. A local user could possibly use this flaw to obtain sensitive information from these files, such as iSCSI authentication passwords, encrypted root file system crypttab passwords, or other information. (CVE-2012-4453)", "edition": 5, "enchantments": {"score": {"value": 2.1, "vector": "NONE"}}, "hash": "e70d64db0cdbecd534cdb5d22dc73ea0623acd265dd11502a1b183cff8ffcb38", "hashmap": [{"hash": "80a0e3f34c7648949beca9782fec99b5", "key": "references"}, {"hash": "5ba3c9d875bfe1d4088cbfd233ef0c85", "key": "modified"}, {"hash": "635d7f080910dc81e99c0ca9b0d4203f", "key": "cvss"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "273e13a6008864019a0100ce7e5bfa07", "key": "sourceData"}, {"hash": "771af7b001b1863f6e41fda344449a41", "key": "href"}, {"hash": "3b9756b764a6b5eab36657f700f8cb3a", "key": "published"}, {"hash": "4cbf9ada67e0da45d4f7be0f17d5bfaa", "key": "pluginID"}, {"hash": "a4b59e340e6db1b6a0e0941d7d7db47b", "key": "cvelist"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "df5cd238ab6ba820ee0b13c493f1bcd6", "key": "naslFamily"}, {"hash": "3d4c9eee23e52eb9d0f55559eb98ed1b", "key": "description"}, {"hash": "be8a8ab1232f48e8c45150063e9e8c47", "key": "cpe"}, {"hash": "7d461e02559c82772c223d0d8778bd20", "key": "title"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=71397", "id": "ALA_ALAS-2013-257.NASL", "lastseen": "2018-09-01T23:39:59", "modified": "2018-04-18T00:00:00", "naslFamily": "Amazon Linux Local Security Checks", "objectVersion": "1.3", "pluginID": "71397", "published": "2013-12-14T00:00:00", "references": ["https://alas.aws.amazon.com/ALAS-2013-257.html"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2013-257.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(71397);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2018/04/18 15:09:35\");\n\n script_cve_id(\"CVE-2012-4453\");\n script_xref(name:\"ALAS\", value:\"2013-257\");\n script_xref(name:\"RHSA\", value:\"2013:1674\");\n\n script_name(english:\"Amazon Linux AMI : dracut (ALAS-2013-257)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that dracut created initramfs images as world\nreadable. A local user could possibly use this flaw to obtain\nsensitive information from these files, such as iSCSI authentication\npasswords, encrypted root file system crypttab passwords, or other\ninformation. (CVE-2012-4453)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2013-257.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update dracut' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:dracut\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:dracut-caps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:dracut-fips\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:dracut-fips-aesni\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:dracut-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:dracut-kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:dracut-network\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:dracut-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/12/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/12/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"dracut-004-336.21.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"dracut-caps-004-336.21.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"dracut-fips-004-336.21.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"dracut-fips-aesni-004-336.21.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"dracut-generic-004-336.21.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"dracut-kernel-004-336.21.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"dracut-network-004-336.21.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"dracut-tools-004-336.21.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"dracut / dracut-caps / dracut-fips / dracut-fips-aesni / etc\");\n}\n", "title": "Amazon Linux AMI : dracut (ALAS-2013-257)", "type": "nessus", "viewCount": 1}, "differentElements": ["description"], "edition": 5, "lastseen": "2018-09-01T23:39:59"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:amazon:linux:dracut-fips-aesni", "p-cpe:/a:amazon:linux:dracut-fips", "p-cpe:/a:amazon:linux:dracut-tools", "p-cpe:/a:amazon:linux:dracut-caps", "p-cpe:/a:amazon:linux:dracut-network", "p-cpe:/a:amazon:linux:dracut-generic", "p-cpe:/a:amazon:linux:dracut-kernel", "p-cpe:/a:amazon:linux:dracut", "cpe:/o:amazon:linux"], "cvelist": ["CVE-2012-4453"], "cvss": {"score": 2.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "description": "It was discovered that dracut created initramfs images as world readable. A local user could possibly use this flaw to obtain sensitive information from these files, such as iSCSI authentication passwords, encrypted root file system crypttab passwords, or other information. (CVE-2012-4453)", "edition": 7, "enchantments": {"dependencies": {"modified": "2019-02-21T01:20:31", "references": [{"idList": ["ELSA-2013-1674"], "type": "oraclelinux"}, {"idList": ["CVE-2012-4453"], "type": "cve"}, {"idList": ["RHSA-2013:1674", "RHSA-2013:1527"], "type": "redhat"}, {"idList": ["ALAS-2013-257"], "type": "amazon"}, {"idList": ["REDHAT-RHSA-2013-1674.NASL", "FEDORA_2012-14959.NASL", "FEDORA_2012-14953.NASL", "FEDORA_2012-16448.NASL", "SL_20131121_DRACUT_ON_SL6_X.NASL", "ORACLELINUX_ELSA-2013-1674.NASL"], "type": "nessus"}, {"idList": ["OPENVAS:1361412562310871086", "OPENVAS:1361412562310864777", "OPENVAS:864777", "OPENVAS:1361412562310864774", "OPENVAS:871086", "OPENVAS:1361412562310123522", "OPENVAS:864774", "OPENVAS:1361412562310120550"], "type": "openvas"}]}, "score": {"modified": "2019-02-21T01:20:31", "value": 4.7, "vector": "NONE"}}, "hash": "e70d64db0cdbecd534cdb5d22dc73ea0623acd265dd11502a1b183cff8ffcb38", "hashmap": [{"hash": "80a0e3f34c7648949beca9782fec99b5", "key": "references"}, {"hash": "5ba3c9d875bfe1d4088cbfd233ef0c85", "key": "modified"}, {"hash": "635d7f080910dc81e99c0ca9b0d4203f", "key": "cvss"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "273e13a6008864019a0100ce7e5bfa07", "key": "sourceData"}, {"hash": "771af7b001b1863f6e41fda344449a41", "key": "href"}, {"hash": "3b9756b764a6b5eab36657f700f8cb3a", "key": "published"}, {"hash": "4cbf9ada67e0da45d4f7be0f17d5bfaa", "key": "pluginID"}, {"hash": "a4b59e340e6db1b6a0e0941d7d7db47b", "key": "cvelist"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "df5cd238ab6ba820ee0b13c493f1bcd6", "key": "naslFamily"}, {"hash": "3d4c9eee23e52eb9d0f55559eb98ed1b", "key": "description"}, {"hash": "be8a8ab1232f48e8c45150063e9e8c47", "key": "cpe"}, {"hash": "7d461e02559c82772c223d0d8778bd20", "key": "title"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=71397", "id": "ALA_ALAS-2013-257.NASL", "lastseen": "2019-02-21T01:20:31", "modified": "2018-04-18T00:00:00", "naslFamily": "Amazon Linux Local Security Checks", "objectVersion": "1.3", "pluginID": "71397", "published": "2013-12-14T00:00:00", "references": ["https://alas.aws.amazon.com/ALAS-2013-257.html"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2013-257.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(71397);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2018/04/18 15:09:35\");\n\n script_cve_id(\"CVE-2012-4453\");\n script_xref(name:\"ALAS\", value:\"2013-257\");\n script_xref(name:\"RHSA\", value:\"2013:1674\");\n\n script_name(english:\"Amazon Linux AMI : dracut (ALAS-2013-257)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that dracut created initramfs images as world\nreadable. A local user could possibly use this flaw to obtain\nsensitive information from these files, such as iSCSI authentication\npasswords, encrypted root file system crypttab passwords, or other\ninformation. (CVE-2012-4453)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2013-257.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update dracut' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:dracut\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:dracut-caps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:dracut-fips\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:dracut-fips-aesni\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:dracut-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:dracut-kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:dracut-network\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:dracut-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/12/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/12/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"dracut-004-336.21.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"dracut-caps-004-336.21.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"dracut-fips-004-336.21.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"dracut-fips-aesni-004-336.21.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"dracut-generic-004-336.21.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"dracut-kernel-004-336.21.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"dracut-network-004-336.21.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"dracut-tools-004-336.21.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"dracut / dracut-caps / dracut-fips / dracut-fips-aesni / etc\");\n}\n", "title": "Amazon Linux AMI : dracut (ALAS-2013-257)", "type": "nessus", "viewCount": 1}, "differentElements": ["cvss", "description", "reporter", "modified", "href"], "edition": 7, "lastseen": "2019-02-21T01:20:31"}], "edition": 10, "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cpe", "hash": "be8a8ab1232f48e8c45150063e9e8c47"}, {"key": "cvelist", "hash": "a4b59e340e6db1b6a0e0941d7d7db47b"}, {"key": "cvss", "hash": "8c29e327ecae9940af88849fdeee038f"}, {"key": "description", "hash": "c8115ba5b2dd9e86939775e1a277ac27"}, {"key": "href", "hash": "7da4d3f102ffb56398ef0eda9eb7caae"}, {"key": "modified", "hash": "5a7504dfe859a7ccbaf560628f6442ad"}, {"key": "naslFamily", "hash": "df5cd238ab6ba820ee0b13c493f1bcd6"}, {"key": "pluginID", "hash": "4cbf9ada67e0da45d4f7be0f17d5bfaa"}, {"key": "published", "hash": "3b9756b764a6b5eab36657f700f8cb3a"}, {"key": "references", "hash": "80a0e3f34c7648949beca9782fec99b5"}, {"key": "reporter", "hash": "528cea5b87bf77107bd9f05291bbffe5"}, {"key": "sourceData", "hash": "273e13a6008864019a0100ce7e5bfa07"}, {"key": "title", "hash": "7d461e02559c82772c223d0d8778bd20"}, {"key": "type", "hash": "5e0bd03bec244039678f2b955a2595aa"}], "hash": "a084f65a0cf8ac32811747d498f70e5a67663615c3e3e7526eb89e2c91dd6d2f", "viewCount": 1, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2012-4453"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310120550", "OPENVAS:1361412562310864777", "OPENVAS:864777", "OPENVAS:864774", "OPENVAS:871086", "OPENVAS:1361412562310864774", "OPENVAS:1361412562310123522", "OPENVAS:1361412562310871086"]}, {"type": "amazon", "idList": ["ALAS-2013-257"]}, {"type": "oraclelinux", "idList": ["ELSA-2013-1674"]}, {"type": "redhat", "idList": ["RHSA-2013:1674", "RHSA-2013:1527"]}, {"type": "nessus", "idList": ["FEDORA_2012-14959.NASL", "FEDORA_2012-16448.NASL", "ORACLELINUX_ELSA-2013-1674.NASL", "FEDORA_2012-14953.NASL", "REDHAT-RHSA-2013-1674.NASL", "SL_20131121_DRACUT_ON_SL6_X.NASL", "REDHAT-RHSA-2013-1527.NASL"]}], "modified": "2019-12-13T06:38:57"}, "score": {"value": 4.7, "vector": "NONE", "modified": "2019-12-13T06:38:57"}, "vulnersScore": 4.7}, "objectVersion": "1.3", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2013-257.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(71397);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2018/04/18 15:09:35\");\n\n script_cve_id(\"CVE-2012-4453\");\n script_xref(name:\"ALAS\", value:\"2013-257\");\n script_xref(name:\"RHSA\", value:\"2013:1674\");\n\n script_name(english:\"Amazon Linux AMI : dracut (ALAS-2013-257)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that dracut created initramfs images as world\nreadable. A local user could possibly use this flaw to obtain\nsensitive information from these files, such as iSCSI authentication\npasswords, encrypted root file system crypttab passwords, or other\ninformation. (CVE-2012-4453)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2013-257.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update dracut' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:dracut\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:dracut-caps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:dracut-fips\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:dracut-fips-aesni\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:dracut-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:dracut-kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:dracut-network\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:dracut-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/12/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/12/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"dracut-004-336.21.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"dracut-caps-004-336.21.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"dracut-fips-004-336.21.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"dracut-fips-aesni-004-336.21.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"dracut-generic-004-336.21.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"dracut-kernel-004-336.21.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"dracut-network-004-336.21.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"dracut-tools-004-336.21.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"dracut / dracut-caps / dracut-fips / dracut-fips-aesni / etc\");\n}\n", "naslFamily": "Amazon Linux Local Security Checks", "pluginID": "71397", "cpe": ["p-cpe:/a:amazon:linux:dracut-fips-aesni", "p-cpe:/a:amazon:linux:dracut-fips", "p-cpe:/a:amazon:linux:dracut-tools", "p-cpe:/a:amazon:linux:dracut-caps", "p-cpe:/a:amazon:linux:dracut-network", "p-cpe:/a:amazon:linux:dracut-generic", "p-cpe:/a:amazon:linux:dracut-kernel", "p-cpe:/a:amazon:linux:dracut", "cpe:/o:amazon:linux"], "scheme": null}
{"cve": [{"lastseen": "2019-05-29T18:12:25", "bulletinFamily": "NVD", "description": "dracut.sh in dracut, as used in Red Hat Enterprise Linux 6, Fedora 16 and 17, and possibly other products, creates initramfs images with world-readable permissions, which might allow local users to obtain sensitive information.", "modified": "2019-04-22T17:48:00", "id": "CVE-2012-4453", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-4453", "published": "2012-10-09T23:55:00", "title": "CVE-2012-4453", "type": "cve", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}], "openvas": [{"lastseen": "2019-05-29T18:38:23", "bulletinFamily": "scanner", "description": "Amazon Linux Local Security Checks", "modified": "2018-10-01T00:00:00", "published": "2015-09-08T00:00:00", "id": "OPENVAS:1361412562310120550", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120550", "title": "Amazon Linux Local Check: ALAS-2013-257", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: alas-2013-257.nasl 6577 2017-07-06 13:43:46Z cfischer$\n#\n# Amazon Linux security check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@iki.fi>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://ping-viini.org\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.120550\");\n script_version(\"$Revision: 11703 $\");\n script_tag(name:\"creation_date\", value:\"2015-09-08 13:29:24 +0200 (Tue, 08 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-01 10:05:31 +0200 (Mon, 01 Oct 2018) $\");\n script_name(\"Amazon Linux Local Check: ALAS-2013-257\");\n script_tag(name:\"insight\", value:\"It was discovered that dracut created initramfs images as world readable. A local user could possibly use this flaw to obtain sensitive information from these files, such as iSCSI authentication passwords, encrypted root file system crypttab passwords, or other information. (CVE-2012-4453 )\");\n script_tag(name:\"solution\", value:\"Run yum update dracut to update your system.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://alas.aws.amazon.com/ALAS-2013-257.html\");\n script_cve_id(\"CVE-2012-4453\");\n script_tag(name:\"cvss_base\", value:\"2.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/amazon_linux\", \"ssh/login/release\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"Amazon Linux Local Security Checks\");\n script_copyright(\"Eero Volotinen\");\n script_family(\"Amazon Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"AMAZON\")\n{\nif ((res = isrpmvuln(pkg:\"dracut-tools\", rpm:\"dracut-tools~004~336.21.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"dracut\", rpm:\"dracut~004~336.21.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"dracut-caps\", rpm:\"dracut-caps~004~336.21.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"dracut-kernel\", rpm:\"dracut-kernel~004~336.21.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"dracut-fips\", rpm:\"dracut-fips~004~336.21.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"dracut-generic\", rpm:\"dracut-generic~004~336.21.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"dracut-fips-aesni\", rpm:\"dracut-fips-aesni~004~336.21.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"dracut-network\", rpm:\"dracut-network~004~336.21.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"dracut\", rpm:\"dracut~004~336.21.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-05-29T18:38:45", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2012-10-16T00:00:00", "id": "OPENVAS:1361412562310864777", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310864777", "title": "Fedora Update for dracut FEDORA-2012-14959", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for dracut FEDORA-2012-14959\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089830.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.864777\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-10-16 09:43:50 +0530 (Tue, 16 Oct 2012)\");\n script_cve_id(\"CVE-2012-4453\");\n script_tag(name:\"cvss_base\", value:\"2.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_xref(name:\"FEDORA\", value:\"2012-14959\");\n script_name(\"Fedora Update for dracut FEDORA-2012-14959\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'dracut'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC16\");\n script_tag(name:\"affected\", value:\"dracut on Fedora 16\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC16\")\n{\n\n if ((res = isrpmvuln(pkg:\"dracut\", rpm:\"dracut~018~60.git20120927.fc16\", rls:\"FC16\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2018-01-22T13:09:43", "bulletinFamily": "scanner", "description": "Check for the Version of dracut", "modified": "2018-01-22T00:00:00", "published": "2013-11-21T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=871086", "id": "OPENVAS:871086", "title": "RedHat Update for dracut RHSA-2013:1674-02", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for dracut RHSA-2013:1674-02\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(871086);\n script_version(\"$Revision: 8483 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-22 07:58:04 +0100 (Mon, 22 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-11-21 10:44:38 +0530 (Thu, 21 Nov 2013)\");\n script_cve_id(\"CVE-2012-4453\");\n script_tag(name:\"cvss_base\", value:\"2.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_name(\"RedHat Update for dracut RHSA-2013:1674-02\");\n\n tag_insight = \"The dracut packages include an event-driven initramfs generator\ninfrastructure based on the udev device manager. The virtual file system,\ninitramfs, is loaded together with the kernel at boot time and initializes\nthe system, so it can read and boot from the root partition.\n\nIt was discovered that dracut created initramfs images as world readable.\nA local user could possibly use this flaw to obtain sensitive information\nfrom these files, such as iSCSI authentication passwords, encrypted root\nfile system crypttab passwords, or other information. (CVE-2012-4453)\n\nThis issue was discovered by Peter Jones of the Red Hat Installer Team.\n\nThese updated dracut packages include numerous bug fixes and two\nenhancements. Space precludes documenting all of these changes in this\nadvisory. Users are directed to the Red Hat Enterprise Linux 6.5 Technical\nNotes, linked to in the References, for information on the most significant\nof these changes.\n\nAll dracut users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues and add these\nenhancements.\n\";\n\n tag_affected = \"dracut on Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"RHSA\", value: \"2013:1674-02\");\n script_xref(name: \"URL\" , value: \"https://www.redhat.com/archives/rhsa-announce/2013-November/msg00033.html\");\n script_tag(name: \"summary\" , value: \"Check for the Version of dracut\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2013 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"dracut\", rpm:\"dracut~004~336.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"dracut-fips\", rpm:\"dracut-fips~004~336.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"dracut-kernel\", rpm:\"dracut-kernel~004~336.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"dracut-network\", rpm:\"dracut-network~004~336.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 2.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-01-02T10:57:48", "bulletinFamily": "scanner", "description": "Check for the Version of dracut", "modified": "2018-01-01T00:00:00", "published": "2012-10-16T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=864774", "id": "OPENVAS:864774", "title": "Fedora Update for dracut FEDORA-2012-14953", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for dracut FEDORA-2012-14953\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"dracut on Fedora 17\";\ntag_insight = \"Dracut contains tools to create a bootable initramfs for 2.6 Linux kernels.\n Unlike existing implementations, dracut does hard-code as little as possible\n into the initramfs. Dracut contains various modules which are driven by the\n event-based udev. Having root on MD, DM, LVM2, LUKS is supported as well as\n NFS, iSCSI, NBD, FCoE with the dracut-network package.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089825.html\");\n script_id(864774);\n script_version(\"$Revision: 8265 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-01 07:29:23 +0100 (Mon, 01 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-10-16 09:43:49 +0530 (Tue, 16 Oct 2012)\");\n script_cve_id(\"CVE-2012-4453\");\n script_tag(name:\"cvss_base\", value:\"2.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_xref(name: \"FEDORA\", value: \"2012-14953\");\n script_name(\"Fedora Update for dracut FEDORA-2012-14953\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of dracut\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC17\")\n{\n\n if ((res = isrpmvuln(pkg:\"dracut\", rpm:\"dracut~018~105.git20120927.fc17\", rls:\"FC17\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 2.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-01-06T13:06:51", "bulletinFamily": "scanner", "description": "Check for the Version of dracut", "modified": "2018-01-05T00:00:00", "published": "2012-10-16T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=864777", "id": "OPENVAS:864777", "title": "Fedora Update for dracut FEDORA-2012-14959", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for dracut FEDORA-2012-14959\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"dracut on Fedora 16\";\ntag_insight = \"Dracut contains tools to create a bootable initramfs for 2.6 Linux kernels.\n Unlike existing implementations, dracut does hard-code as little as possible\n into the initramfs. Dracut contains various modules which are driven by the\n event-based udev. Having root on MD, DM, LVM2, LUKS is supported as well as\n NFS, iSCSI, NBD, FCoE with the dracut-network package.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089830.html\");\n script_id(864777);\n script_version(\"$Revision: 8295 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-05 07:29:18 +0100 (Fri, 05 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-10-16 09:43:50 +0530 (Tue, 16 Oct 2012)\");\n script_cve_id(\"CVE-2012-4453\");\n script_tag(name:\"cvss_base\", value:\"2.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_xref(name: \"FEDORA\", value: \"2012-14959\");\n script_name(\"Fedora Update for dracut FEDORA-2012-14959\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of dracut\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC16\")\n{\n\n if ((res = isrpmvuln(pkg:\"dracut\", rpm:\"dracut~018~60.git20120927.fc16\", rls:\"FC16\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 2.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2019-05-29T18:39:05", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2012-10-16T00:00:00", "id": "OPENVAS:1361412562310864774", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310864774", "title": "Fedora Update for dracut FEDORA-2012-14953", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for dracut FEDORA-2012-14953\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089825.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.864774\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-10-16 09:43:49 +0530 (Tue, 16 Oct 2012)\");\n script_cve_id(\"CVE-2012-4453\");\n script_tag(name:\"cvss_base\", value:\"2.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_xref(name:\"FEDORA\", value:\"2012-14953\");\n script_name(\"Fedora Update for dracut FEDORA-2012-14953\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'dracut'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC17\");\n script_tag(name:\"affected\", value:\"dracut on Fedora 17\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC17\")\n{\n\n if ((res = isrpmvuln(pkg:\"dracut\", rpm:\"dracut~018~105.git20120927.fc17\", rls:\"FC17\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-05-29T18:36:32", "bulletinFamily": "scanner", "description": "Oracle Linux Local Security Checks ELSA-2013-1674", "modified": "2018-09-28T00:00:00", "published": "2015-10-06T00:00:00", "id": "OPENVAS:1361412562310123522", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123522", "title": "Oracle Linux Local Check: ELSA-2013-1674", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2013-1674.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123522\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:05:01 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2013-1674\");\n script_tag(name:\"insight\", value:\"ELSA-2013-1674 - dracut security, bug fix, and enhancement update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2013-1674\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2013-1674.html\");\n script_cve_id(\"CVE-2012-4453\");\n script_tag(name:\"cvss_base\", value:\"2.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux6\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"dracut\", rpm:\"dracut~004~336.0.1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"dracut-caps\", rpm:\"dracut-caps~004~336.0.1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"dracut-fips\", rpm:\"dracut-fips~004~336.0.1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"dracut-fips-aesni\", rpm:\"dracut-fips-aesni~004~336.0.1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"dracut-generic\", rpm:\"dracut-generic~004~336.0.1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"dracut-kernel\", rpm:\"dracut-kernel~004~336.0.1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"dracut-network\", rpm:\"dracut-network~004~336.0.1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"dracut-tools\", rpm:\"dracut-tools~004~336.0.1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-05-29T18:38:19", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2018-11-23T00:00:00", "published": "2013-11-21T00:00:00", "id": "OPENVAS:1361412562310871086", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871086", "title": "RedHat Update for dracut RHSA-2013:1674-02", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for dracut RHSA-2013:1674-02\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871086\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-11-21 10:44:38 +0530 (Thu, 21 Nov 2013)\");\n script_cve_id(\"CVE-2012-4453\");\n script_tag(name:\"cvss_base\", value:\"2.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_name(\"RedHat Update for dracut RHSA-2013:1674-02\");\n\n\n script_tag(name:\"affected\", value:\"dracut on Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\");\n script_tag(name:\"insight\", value:\"The dracut packages include an event-driven initramfs generator\ninfrastructure based on the udev device manager. The virtual file system,\ninitramfs, is loaded together with the kernel at boot time and initializes\nthe system, so it can read and boot from the root partition.\n\nIt was discovered that dracut created initramfs images as world readable.\nA local user could possibly use this flaw to obtain sensitive information\nfrom these files, such as iSCSI authentication passwords, encrypted root\nfile system crypttab passwords, or other information. (CVE-2012-4453)\n\nThis issue was discovered by Peter Jones of the Red Hat Installer Team.\n\nThese updated dracut packages include numerous bug fixes and two\nenhancements. Space precludes documenting all of these changes in this\nadvisory. Users are directed to the Red Hat Enterprise Linux 6.5 Technical\nNotes, linked to in the References, for information on the most significant\nof these changes.\n\nAll dracut users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues and add these\nenhancements.\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"RHSA\", value:\"2013:1674-02\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2013-November/msg00033.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'dracut'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2013 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_6\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"dracut\", rpm:\"dracut~004~336.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"dracut-fips\", rpm:\"dracut-fips~004~336.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"dracut-kernel\", rpm:\"dracut-kernel~004~336.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"dracut-network\", rpm:\"dracut-network~004~336.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}], "amazon": [{"lastseen": "2019-05-29T17:22:57", "bulletinFamily": "unix", "description": "**Issue Overview:**\n\nIt was discovered that dracut created initramfs images as world readable. A local user could possibly use this flaw to obtain sensitive information from these files, such as iSCSI authentication passwords, encrypted root file system crypttab passwords, or other information. ([CVE-2012-4453 __](<https://access.redhat.com/security/cve/CVE-2012-4453>))\n\n \n**Affected Packages:** \n\n\ndracut\n\n \n**Issue Correction:** \nRun _yum update dracut_ to update your system.\n\n \n\n\n**New Packages:**\n \n \n noarch: \n dracut-tools-004-336.21.amzn1.noarch \n dracut-004-336.21.amzn1.noarch \n dracut-caps-004-336.21.amzn1.noarch \n dracut-kernel-004-336.21.amzn1.noarch \n dracut-fips-004-336.21.amzn1.noarch \n dracut-generic-004-336.21.amzn1.noarch \n dracut-fips-aesni-004-336.21.amzn1.noarch \n dracut-network-004-336.21.amzn1.noarch \n \n src: \n dracut-004-336.21.amzn1.src \n \n \n", "modified": "2014-09-16T22:09:00", "published": "2014-09-16T22:09:00", "id": "ALAS-2013-257", "href": "https://alas.aws.amazon.com/ALAS-2013-257.html", "title": "Medium: dracut", "type": "amazon", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:35:57", "bulletinFamily": "unix", "description": "[004-336.0.1]\r\n- do not strip modules with signatures. [orabug 17458249] (Jerry Snitselaar)\r\n- scsi_wait module removed in 3.8. Mute errors. [orabug 16977193] (Maxim Uvarov)\r\n find firmware in /lib/modules/firmware/2.6.32-400.1.1.el5uek first\r\n and /lib/modules/firmware second (\n Resolves: Orabug: 13351090\r\n- Fix btrfs discovery [orabug 13388545]\r\n \n[004-336]\r\n- install /etc/system-fips in the initramfs\r\nResolves: rhbz#1012626\r\n \n[004-335]\r\n- fixed interface renaming\r\nResolves: rhbz#1019104\r\n \n[004-334]\r\n- fcoe: add --link-retry=100 to fipvlan call\r\nResolves: rhbz#1012316\r\n- ldd: redirect error to /dev/null\r\n- do not turn off biosdevname, if not given on kernel cmdline\r\nResolves: rhbz#1011508\r\n- network: fixed ibft parsing\r\nResolves: rhbz#1011508\r\n \n[004-330]\r\n- changed /etc/redhat-fips to /etc/system-fips\r\nResolves: rhbz#1012626\r\n \n[004-329]\r\n- add /etc/redhat-fips\r\nResolves: rhbz#1012626\r\n \n[004-328]\r\n- fixed crypt: add support for keyfiles in the initramfs\r\nResolves: rhbz#886194\r\n \n[004-327]\r\n- fixed crypt: add support for keyfiles in the initramfs\r\nResolves: rhbz#886194\r\n- fixed booting with iSCSI and without network config\r\nResolves: rhbz#910605\r\n \n[004-322]\r\n- fixed crypt: add support for keyfiles in the initramfs\r\nResolves: rhbz#886194\r\n- fixed FIPS module checking\r\nResolves: rhbz#947729\r\n \n[004-316]\r\n- create the initramfs non-world readable\r\n- unset LD_LIBRARY_PATH and GREP_OPTIONS\r\nResolves: rhbz#912299\r\n- add mkinitrd man page\r\nResolves: rhbz#610462\r\n- add bonding\r\nResolves: rhbz#851666\r\n- lvm: add '--yes' to lvchange\r\nResolves: rhbz#720684\r\n- crypt: add support for keyfiles in the initramfs\r\nResolves: rhbz#886194\r\n- start iscsi regardless of network, if requested\r\nResolves: rhbz#813687\r\n- install multipath module only, when root is multipath in generic mode\r\nResolves: rhbz#916144\r\n- fips: handle checksum checks for RHEV kernels\r\nResolves: rhbz#947729\r\n- add xhci-hcd driver\r\nResolves: rhbz#960729", "modified": "2013-11-25T00:00:00", "published": "2013-11-25T00:00:00", "id": "ELSA-2013-1674", "href": "http://linux.oracle.com/errata/ELSA-2013-1674.html", "title": "dracut security, bug fix, and enhancement update", "type": "oraclelinux", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}], "redhat": [{"lastseen": "2019-08-13T18:46:17", "bulletinFamily": "unix", "description": "The dracut packages include an event-driven initramfs generator\ninfrastructure based on the udev device manager. The virtual file system,\ninitramfs, is loaded together with the kernel at boot time and initializes\nthe system, so it can read and boot from the root partition.\n\nIt was discovered that dracut created initramfs images as world readable.\nA local user could possibly use this flaw to obtain sensitive information\nfrom these files, such as iSCSI authentication passwords, encrypted root\nfile system crypttab passwords, or other information. (CVE-2012-4453)\n\nThis issue was discovered by Peter Jones of the Red Hat Installer Team.\n\nThese updated dracut packages include numerous bug fixes and two\nenhancements. Space precludes documenting all of these changes in this\nadvisory. Users are directed to the Red Hat Enterprise Linux 6.5 Technical\nNotes, linked to in the References, for information on the most significant\nof these changes.\n\nAll dracut users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues and add these\nenhancements.\n", "modified": "2018-06-06T20:24:12", "published": "2013-11-21T05:00:00", "id": "RHSA-2013:1674", "href": "https://access.redhat.com/errata/RHSA-2013:1674", "type": "redhat", "title": "(RHSA-2013:1674) Moderate: dracut security, bug fix, and enhancement update", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-08-13T18:47:10", "bulletinFamily": "unix", "description": "The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization\nHypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor\nis a dedicated Kernel-based Virtual Machine (KVM) hypervisor. It includes\neverything necessary to run and manage virtual machines: a subset of the\nRed Hat Enterprise Linux operating environment and the Red Hat Enterprise\nVirtualization Agent.\n\nNote: Red Hat Enterprise Virtualization Hypervisor is only available for\nthe Intel 64 and AMD64 architectures with virtualization extensions.\n\nUpgrade Note: If you upgrade the Red Hat Enterprise Virtualization\nHypervisor through the 3.2 Manager administration portal, the Host may\nappear with the status of \"Install Failed\". If this happens, place the host\ninto maintenance mode, then activate it again to get the host back to an\n\"Up\" state.\n\nA buffer overflow flaw was found in the way QEMU processed the SCSI \"REPORT\nLUNS\" command when more than 256 LUNs were specified for a single SCSI\ntarget. A privileged guest user could use this flaw to corrupt QEMU process\nmemory on the host, which could potentially result in arbitrary code\nexecution on the host with the privileges of the QEMU process.\n(CVE-2013-4344)\n\nMultiple flaws were found in the way Linux kernel handled HID (Human\nInterface Device) reports. An attacker with physical access to the system\ncould use this flaw to crash the system or, potentially, escalate their\nprivileges on the system. (CVE-2013-2888, CVE-2013-2889, CVE-2013-2892)\n\nA flaw was found in the way the Python SSL module handled X.509 certificate\nfields that contain a NULL byte. An attacker could potentially exploit this\nflaw to conduct man-in-the-middle attacks to spoof SSL servers. Note that\nto exploit this issue, an attacker would need to obtain a carefully crafted\ncertificate signed by an authority that the client trusts. (CVE-2013-4238)\n\nThe default OpenSSH configuration made it easy for remote attackers to\nexhaust unauthorized connection slots and prevent other users from being\nable to log in to a system. This flaw has been addressed by enabling random\nearly connection drops by setting MaxStartups to 10:30:100 by default.\nFor more information, refer to the sshd_config(5) man page. (CVE-2010-5107)\n\nThe CVE-2013-4344 issue was discovered by Asias He of Red Hat.\n\nThis updated package provides updated components that include fixes for\nvarious security issues. These issues have no security impact on Red Hat\nEnterprise Virtualization Hypervisor itself, however. The security fixes\nincluded in this update address the following CVE numbers:\n\nCVE-2012-0786 and CVE-2012-0787 (augeas issues)\n\nCVE-2013-1813 (busybox issue)\n\nCVE-2013-0221, CVE-2013-0222, and CVE-2013-0223 (coreutils issues)\n\nCVE-2012-4453 (dracut issue)\n\nCVE-2013-4332, CVE-2013-0242, and CVE-2013-1914 (glibc issues)\n\nCVE-2013-4387, CVE-2013-0343, CVE-2013-4345, CVE-2013-4591, CVE-2013-4592,\nCVE-2012-6542, CVE-2013-3231, CVE-2013-1929, CVE-2012-6545, CVE-2013-1928,\nCVE-2013-2164, CVE-2013-2234, and CVE-2013-2851 (kernel issues)\n\nCVE-2013-4242 (libgcrypt issue)\n\nCVE-2013-4419 (libguestfs issue)\n\nCVE-2013-1775, CVE-2013-2776, and CVE-2013-2777 (sudo issues)\n\nThis update also fixes the following bug:\n\n* A previous version of the rhev-hypervisor6 package did not contain the\nlatest vhostmd package, which provides a \"metrics communication channel\"\nbetween a host and its hosted virtual machines, allowing limited\nintrospection of host resource usage from within virtual machines. This has\nbeen fixed, and rhev-hypervisor6 now includes the latest vhostmd package.\n(BZ#1026703)\n\nThis update also contains the fixes from the following errata:\n\n* ovirt-node: https://rhn.redhat.com/errata/RHBA-2013-1528.html\n\nUsers of the Red Hat Enterprise Virtualization Hypervisor are advised to\nupgrade to this updated package, which corrects these issues.\n", "modified": "2018-06-07T08:59:39", "published": "2013-11-21T05:00:00", "id": "RHSA-2013:1527", "href": "https://access.redhat.com/errata/RHSA-2013:1527", "type": "redhat", "title": "(RHSA-2013:1527) Important: rhev-hypervisor6 security and bug fix update", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2019-12-13T07:03:36", "bulletinFamily": "scanner", "description": "dracut-018-60.git20120927\n\n - run dracut-shutdown.service before shutdown.target\n Resolves: rhbz#840120\n\n - do not create the initramfs world readable Resolves:\n rhbz#859448\n\n - mdraid: do the dracut shutdown, if a md raid is found\n\n - mdraid: handle nested md raids\n\n - mdraid: wait until devices are clean on shutdown\n Resolves: rhbz#732297 rhbz#840562\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2019-12-02T00:00:00", "id": "FEDORA_2012-14959.NASL", "href": "https://www.tenable.com/plugins/nessus/62526", "published": "2012-10-15T00:00:00", "title": "Fedora 16 : dracut-018-60.git20120927.fc16 (2012-14959)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2012-14959.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(62526);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2018/11/28 22:47:44\");\n\n script_cve_id(\"CVE-2012-4453\");\n script_bugtraq_id(55713);\n script_xref(name:\"FEDORA\", value:\"2012-14959\");\n\n script_name(english:\"Fedora 16 : dracut-018-60.git20120927.fc16 (2012-14959)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"dracut-018-60.git20120927\n\n - run dracut-shutdown.service before shutdown.target\n Resolves: rhbz#840120\n\n - do not create the initramfs world readable Resolves:\n rhbz#859448\n\n - mdraid: do the dracut shutdown, if a md raid is found\n\n - mdraid: handle nested md raids\n\n - mdraid: wait until devices are clean on shutdown\n Resolves: rhbz#732297 rhbz#840562\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=859448\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2012-October/089830.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?79e524d1\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected dracut package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:dracut\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:16\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/09/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/10/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^16([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 16.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC16\", reference:\"dracut-018-60.git20120927.fc16\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"dracut\");\n}\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-12-13T07:03:36", "bulletinFamily": "scanner", "description": " - fixed ifup exit code\n\n - fixed default ", "modified": "2019-12-02T00:00:00", "id": "FEDORA_2012-16448.NASL", "href": "https://www.tenable.com/plugins/nessus/62698", "published": "2012-10-25T00:00:00", "title": "Fedora 18 : dracut-024-5.git20121019.fc18 (2012-16448)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2012-16448.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(62698);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2018/11/28 22:47:44\");\n\n script_cve_id(\"CVE-2012-4453\");\n script_bugtraq_id(55713);\n script_xref(name:\"FEDORA\", value:\"2012-16448\");\n\n script_name(english:\"Fedora 18 : dracut-024-5.git20121019.fc18 (2012-16448)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - fixed ifup exit code\n\n - fixed default 'rd.auto' parameter setting\n\n - only 'warn' not 'error', if we don't strip the\n initramfs\n\n - do not overwrite ifcfg from anaconda\n\n - ssh-client module fixes\n\n - strip binaries in the initramfs by default now\n\n - fixes for systemd and crypto\n\n - new dracut kernel command line options 'rd.auto'\n\n - new dracut kernel command line options\n 'rd.noverifyssl'\n\n - new dracut option '--kernel-cmdline' and\n 'kernel_cmdline' option for default parameters\n\n - fix for kexec in shutdown, if not included in\n initramfs\n\n - no more iscsi_wait_scan\n\n - curl: give info what URL failed, support https\n\n - use findmnt\n\n - systemd: wait for crypto target\n\n - only install crypttab in host-only mode\n\n - add udev groups\n\n - fixed busybox install\n\n - fixed rd.luks.allow-discards manpage and handling\n\n - force install dm_mod\n\n - do not create the initramfs world reabable\n\n - add nameserver even for dhcp\n\n - fallback to reboot if shutdown was called without a\n parameter\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=859448\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2012-October/090769.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?8a8d407c\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected dracut package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:dracut\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:18\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/10/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/10/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^18([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 18.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC18\", reference:\"dracut-024-5.git20121019.fc18\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"dracut\");\n}\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-12-13T08:41:18", "bulletinFamily": "scanner", "description": "From Red Hat Security Advisory 2013:1674 :\n\nUpdated dracut packages that fix one security issue, several bugs, and\nadd two enhancements are now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from\nthe CVE link in the References section.\n\nThe dracut packages include an event-driven initramfs generator\ninfrastructure based on the udev device manager. The virtual file\nsystem, initramfs, is loaded together with the kernel at boot time and\ninitializes the system, so it can read and boot from the root\npartition.\n\nIt was discovered that dracut created initramfs images as world\nreadable. A local user could possibly use this flaw to obtain\nsensitive information from these files, such as iSCSI authentication\npasswords, encrypted root file system crypttab passwords, or other\ninformation. (CVE-2012-4453)\n\nThis issue was discovered by Peter Jones of the Red Hat Installer\nTeam.\n\nThese updated dracut packages include numerous bug fixes and two\nenhancements. Space precludes documenting all of these changes in this\nadvisory. Users are directed to the Red Hat Enterprise Linux 6.5\nTechnical Notes, linked to in the References, for information on the\nmost significant of these changes.\n\nAll dracut users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues and add these\nenhancements.", "modified": "2019-12-02T00:00:00", "id": "ORACLELINUX_ELSA-2013-1674.NASL", "href": "https://www.tenable.com/plugins/nessus/71111", "published": "2013-11-27T00:00:00", "title": "Oracle Linux 6 : dracut (ELSA-2013-1674)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2013:1674 and \n# Oracle Linux Security Advisory ELSA-2013-1674 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(71111);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2019/09/30 10:58:18\");\n\n script_cve_id(\"CVE-2012-4453\");\n script_bugtraq_id(55713);\n script_xref(name:\"RHSA\", value:\"2013:1674\");\n\n script_name(english:\"Oracle Linux 6 : dracut (ELSA-2013-1674)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2013:1674 :\n\nUpdated dracut packages that fix one security issue, several bugs, and\nadd two enhancements are now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from\nthe CVE link in the References section.\n\nThe dracut packages include an event-driven initramfs generator\ninfrastructure based on the udev device manager. The virtual file\nsystem, initramfs, is loaded together with the kernel at boot time and\ninitializes the system, so it can read and boot from the root\npartition.\n\nIt was discovered that dracut created initramfs images as world\nreadable. A local user could possibly use this flaw to obtain\nsensitive information from these files, such as iSCSI authentication\npasswords, encrypted root file system crypttab passwords, or other\ninformation. (CVE-2012-4453)\n\nThis issue was discovered by Peter Jones of the Red Hat Installer\nTeam.\n\nThese updated dracut packages include numerous bug fixes and two\nenhancements. Space precludes documenting all of these changes in this\nadvisory. Users are directed to the Red Hat Enterprise Linux 6.5\nTechnical Notes, linked to in the References, for information on the\nmost significant of these changes.\n\nAll dracut users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues and add these\nenhancements.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2013-November/003811.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected dracut packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:dracut\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:dracut-caps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:dracut-fips\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:dracut-fips-aesni\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:dracut-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:dracut-kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:dracut-network\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:dracut-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/10/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/11/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/11/27\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL6\", reference:\"dracut-004-336.0.1.el6\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"dracut-caps-004-336.0.1.el6\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"dracut-fips-004-336.0.1.el6\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"dracut-fips-aesni-004-336.0.1.el6\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"dracut-generic-004-336.0.1.el6\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"dracut-kernel-004-336.0.1.el6\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"dracut-network-004-336.0.1.el6\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"dracut-tools-004-336.0.1.el6\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"dracut / dracut-caps / dracut-fips / dracut-fips-aesni / etc\");\n}\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-12-13T09:13:19", "bulletinFamily": "scanner", "description": "It was discovered that dracut created initramfs images as world\nreadable. A local user could possibly use this flaw to obtain\nsensitive information from these files, such as iSCSI authentication\npasswords, encrypted root file system crypttab passwords, or other\ninformation. (CVE-2012-4453)", "modified": "2019-12-02T00:00:00", "id": "SL_20131121_DRACUT_ON_SL6_X.NASL", "href": "https://www.tenable.com/plugins/nessus/71297", "published": "2013-12-10T00:00:00", "title": "Scientific Linux Security Update : dracut on SL6.x (noarch)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(71297);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2018/12/31 11:35:01\");\n\n script_cve_id(\"CVE-2012-4453\");\n\n script_name(english:\"Scientific Linux Security Update : dracut on SL6.x (noarch)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that dracut created initramfs images as world\nreadable. A local user could possibly use this flaw to obtain\nsensitive information from these files, such as iSCSI authentication\npasswords, encrypted root file system crypttab passwords, or other\ninformation. (CVE-2012-4453)\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1312&L=scientific-linux-errata&T=0&P=3190\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?86777ec8\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/11/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/12/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL6\", reference:\"dracut-004-336.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"dracut-caps-004-336.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"dracut-fips-004-336.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"dracut-fips-aesni-004-336.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"dracut-generic-004-336.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"dracut-kernel-004-336.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"dracut-network-004-336.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"dracut-tools-004-336.el6\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-12-13T08:53:36", "bulletinFamily": "scanner", "description": "Updated dracut packages that fix one security issue, several bugs, and\nadd two enhancements are now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from\nthe CVE link in the References section.\n\nThe dracut packages include an event-driven initramfs generator\ninfrastructure based on the udev device manager. The virtual file\nsystem, initramfs, is loaded together with the kernel at boot time and\ninitializes the system, so it can read and boot from the root\npartition.\n\nIt was discovered that dracut created initramfs images as world\nreadable. A local user could possibly use this flaw to obtain\nsensitive information from these files, such as iSCSI authentication\npasswords, encrypted root file system crypttab passwords, or other\ninformation. (CVE-2012-4453)\n\nThis issue was discovered by Peter Jones of the Red Hat Installer\nTeam.\n\nThese updated dracut packages include numerous bug fixes and two\nenhancements. Space precludes documenting all of these changes in this\nadvisory. Users are directed to the Red Hat Enterprise Linux 6.5\nTechnical Notes, linked to in the References, for information on the\nmost significant of these changes.\n\nAll dracut users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues and add these\nenhancements.", "modified": "2019-12-02T00:00:00", "id": "REDHAT-RHSA-2013-1674.NASL", "href": "https://www.tenable.com/plugins/nessus/71016", "published": "2013-11-21T00:00:00", "title": "RHEL 6 : dracut (RHSA-2013:1674)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2013:1674. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(71016);\n script_version(\"1.13\");\n script_cvs_date(\"Date: 2019/10/24 15:35:37\");\n\n script_cve_id(\"CVE-2012-4453\");\n script_bugtraq_id(55713);\n script_xref(name:\"RHSA\", value:\"2013:1674\");\n\n script_name(english:\"RHEL 6 : dracut (RHSA-2013:1674)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated dracut packages that fix one security issue, several bugs, and\nadd two enhancements are now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from\nthe CVE link in the References section.\n\nThe dracut packages include an event-driven initramfs generator\ninfrastructure based on the udev device manager. The virtual file\nsystem, initramfs, is loaded together with the kernel at boot time and\ninitializes the system, so it can read and boot from the root\npartition.\n\nIt was discovered that dracut created initramfs images as world\nreadable. A local user could possibly use this flaw to obtain\nsensitive information from these files, such as iSCSI authentication\npasswords, encrypted root file system crypttab passwords, or other\ninformation. (CVE-2012-4453)\n\nThis issue was discovered by Peter Jones of the Red Hat Installer\nTeam.\n\nThese updated dracut packages include numerous bug fixes and two\nenhancements. Space precludes documenting all of these changes in this\nadvisory. Users are directed to the Red Hat Enterprise Linux 6.5\nTechnical Notes, linked to in the References, for information on the\nmost significant of these changes.\n\nAll dracut users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues and add these\nenhancements.\"\n );\n # https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c6b506c4\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2013:1674\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-4453\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:dracut\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:dracut-caps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:dracut-fips\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:dracut-fips-aesni\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:dracut-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:dracut-kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:dracut-network\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:dracut-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/10/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/11/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/11/21\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2013:1674\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", reference:\"dracut-004-336.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"dracut-caps-004-336.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"dracut-fips-004-336.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"dracut-fips-aesni-004-336.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"dracut-generic-004-336.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"dracut-kernel-004-336.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"dracut-network-004-336.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"dracut-tools-004-336.el6\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"dracut / dracut-caps / dracut-fips / dracut-fips-aesni / etc\");\n }\n}\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-12-13T07:03:36", "bulletinFamily": "scanner", "description": "dracut-018-105.git20120927\n\n - enable the use of the nbd port with e.g. ", "modified": "2019-12-02T00:00:00", "id": "FEDORA_2012-14953.NASL", "href": "https://www.tenable.com/plugins/nessus/62525", "published": "2012-10-15T00:00:00", "title": "Fedora 17 : dracut-018-105.git20120927.fc17 (2012-14953)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2012-14953.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(62525);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2018/11/28 22:47:44\");\n\n script_cve_id(\"CVE-2012-4453\");\n script_bugtraq_id(55713);\n script_xref(name:\"FEDORA\", value:\"2012-14953\");\n\n script_name(english:\"Fedora 17 : dracut-018-105.git20120927.fc17 (2012-14953)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"dracut-018-105.git20120927\n\n - enable the use of the nbd port with e.g. '-N ltsp'\n\n - actually make reset_overlay working for squash\n overlays\n\n - fixed FIPS\n\n - if any mdraid found, make dracut run on shutdown\n\n - make the initramfs non-world readable\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=859448\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2012-October/089825.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?90969712\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected dracut package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:dracut\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:17\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/09/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/10/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^17([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 17.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC17\", reference:\"dracut-018-105.git20120927.fc17\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"dracut\");\n}\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-12-13T08:53:35", "bulletinFamily": "scanner", "description": "An updated rhev-hypervisor6 package that fixes multiple security\nissues and one bug is now available.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe rhev-hypervisor6 package provides a Red Hat Enterprise\nVirtualization Hypervisor ISO disk image. The Red Hat Enterprise\nVirtualization Hypervisor is a dedicated Kernel-based Virtual Machine\n(KVM) hypervisor. It includes everything necessary to run and manage\nvirtual machines: a subset of the Red Hat Enterprise Linux operating\nenvironment and the Red Hat Enterprise Virtualization Agent.\n\nNote: Red Hat Enterprise Virtualization Hypervisor is only available\nfor the Intel 64 and AMD64 architectures with virtualization\nextensions.\n\nUpgrade Note: If you upgrade the Red Hat Enterprise Virtualization\nHypervisor through the 3.2 Manager administration portal, the Host may\nappear with the status of ", "modified": "2019-12-02T00:00:00", "id": "REDHAT-RHSA-2013-1527.NASL", "href": "https://www.tenable.com/plugins/nessus/78979", "published": "2014-11-08T00:00:00", "title": "RHEL 6 : rhev-hypervisor6 (RHSA-2013:1527)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2013:1527. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(78979);\n script_version(\"1.13\");\n script_cvs_date(\"Date: 2019/10/24 15:35:37\");\n\n script_cve_id(\"CVE-2010-5107\", \"CVE-2013-2888\", \"CVE-2013-2889\", \"CVE-2013-2892\", \"CVE-2013-4238\", \"CVE-2013-4344\");\n script_bugtraq_id(58162, 61738, 62042, 62043, 62049, 62773);\n script_xref(name:\"RHSA\", value:\"2013:1527\");\n\n script_name(english:\"RHEL 6 : rhev-hypervisor6 (RHSA-2013:1527)\");\n script_summary(english:\"Checks the rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An updated rhev-hypervisor6 package that fixes multiple security\nissues and one bug is now available.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe rhev-hypervisor6 package provides a Red Hat Enterprise\nVirtualization Hypervisor ISO disk image. The Red Hat Enterprise\nVirtualization Hypervisor is a dedicated Kernel-based Virtual Machine\n(KVM) hypervisor. It includes everything necessary to run and manage\nvirtual machines: a subset of the Red Hat Enterprise Linux operating\nenvironment and the Red Hat Enterprise Virtualization Agent.\n\nNote: Red Hat Enterprise Virtualization Hypervisor is only available\nfor the Intel 64 and AMD64 architectures with virtualization\nextensions.\n\nUpgrade Note: If you upgrade the Red Hat Enterprise Virtualization\nHypervisor through the 3.2 Manager administration portal, the Host may\nappear with the status of 'Install Failed'. If this happens, place the\nhost into maintenance mode, then activate it again to get the host\nback to an 'Up' state.\n\nA buffer overflow flaw was found in the way QEMU processed the SCSI\n'REPORT LUNS' command when more than 256 LUNs were specified for a\nsingle SCSI target. A privileged guest user could use this flaw to\ncorrupt QEMU process memory on the host, which could potentially\nresult in arbitrary code execution on the host with the privileges of\nthe QEMU process. (CVE-2013-4344)\n\nMultiple flaws were found in the way Linux kernel handled HID (Human\nInterface Device) reports. An attacker with physical access to the\nsystem could use this flaw to crash the system or, potentially,\nescalate their privileges on the system. (CVE-2013-2888,\nCVE-2013-2889, CVE-2013-2892)\n\nA flaw was found in the way the Python SSL module handled X.509\ncertificate fields that contain a NULL byte. An attacker could\npotentially exploit this flaw to conduct man-in-the-middle attacks to\nspoof SSL servers. Note that to exploit this issue, an attacker would\nneed to obtain a carefully crafted certificate signed by an authority\nthat the client trusts. (CVE-2013-4238)\n\nThe default OpenSSH configuration made it easy for remote attackers to\nexhaust unauthorized connection slots and prevent other users from\nbeing able to log in to a system. This flaw has been addressed by\nenabling random early connection drops by setting MaxStartups to\n10:30:100 by default. For more information, refer to the\nsshd_config(5) man page. (CVE-2010-5107)\n\nThe CVE-2013-4344 issue was discovered by Asias He of Red Hat.\n\nThis updated package provides updated components that include fixes\nfor various security issues. These issues have no security impact on\nRed Hat Enterprise Virtualization Hypervisor itself, however. The\nsecurity fixes included in this update address the following CVE\nnumbers :\n\nCVE-2012-0786 and CVE-2012-0787 (augeas issues)\n\nCVE-2013-1813 (busybox issue)\n\nCVE-2013-0221, CVE-2013-0222, and CVE-2013-0223 (coreutils issues)\n\nCVE-2012-4453 (dracut issue)\n\nCVE-2013-4332, CVE-2013-0242, and CVE-2013-1914 (glibc issues)\n\nCVE-2013-4387, CVE-2013-0343, CVE-2013-4345, CVE-2013-4591,\nCVE-2013-4592, CVE-2012-6542, CVE-2013-3231, CVE-2013-1929,\nCVE-2012-6545, CVE-2013-1928, CVE-2013-2164, CVE-2013-2234, and\nCVE-2013-2851 (kernel issues)\n\nCVE-2013-4242 (libgcrypt issue)\n\nCVE-2013-4419 (libguestfs issue)\n\nCVE-2013-1775, CVE-2013-2776, and CVE-2013-2777 (sudo issues)\n\nThis update also fixes the following bug :\n\n* A previous version of the rhev-hypervisor6 package did not contain\nthe latest vhostmd package, which provides a 'metrics communication\nchannel' between a host and its hosted virtual machines, allowing\nlimited introspection of host resource usage from within virtual\nmachines. This has been fixed, and rhev-hypervisor6 now includes the\nlatest vhostmd package. (BZ#1026703)\n\nThis update also contains the fixes from the following errata :\n\n* ovirt-node: https://rhn.redhat.com/errata/RHBA-2013-1528.html\n\nUsers of the Red Hat Enterprise Virtualization Hypervisor are advised\nto upgrade to this updated package, which corrects these issues.\"\n );\n # https://rhn.redhat.com/errata/RHBA-2013-1528.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHBA-2013:1528\"\n );\n # https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c6b506c4\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2013:1527\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-2888\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-2892\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-4344\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-5107\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-2889\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-4238\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected rhev-hypervisor6 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhev-hypervisor6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/03/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/11/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/11/08\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2013:1527\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", reference:\"rhev-hypervisor6-6.5-20131115.0.3.2.el6_5\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"rhev-hypervisor6\");\n }\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}]}