Search...

Amazon Linux AMI : readline (ALAS-2014-357)

2014-10-12T00:00:00

ID ALA_ALAS-2014-357.NASL
Type nessus
Reporter This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.
Modified 2021-01-02T00:00:00

Description

The _rl_tropen function in util.c in GNU readline before 6.3 patch 3 allows local users to create or overwrite arbitrary files via a symlink attack on a /var/tmp/rltrace.[PID] file.

                                        
                                            #
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Amazon Linux AMI Security Advisory ALAS-2014-357.
#

include("compat.inc");

if (description)
{
  script_id(78300);
  script_version("1.3");
  script_cvs_date("Date: 2018/04/18 15:09:35");

  script_cve_id("CVE-2014-2524");
  script_xref(name:"ALAS", value:"2014-357");

  script_name(english:"Amazon Linux AMI : readline (ALAS-2014-357)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Amazon Linux AMI host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"The _rl_tropen function in util.c in GNU readline before 6.3 patch 3
allows local users to create or overwrite arbitrary files via a
symlink attack on a /var/tmp/rltrace.[PID] file."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://alas.aws.amazon.com/ALAS-2014-357.html"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Run 'yum update readline' to update your system."
  );
  script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:N/I:P/A:P");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:readline");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:readline-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:readline-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:readline-static");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux");

  script_set_attribute(attribute:"patch_publication_date", value:"2014/06/15");
  script_set_attribute(attribute:"plugin_publication_date", value:"2014/10/12");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.");
  script_family(english:"Amazon Linux Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

release = get_kb_item("Host/AmazonLinux/release");
if (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, "Amazon Linux");
os_ver = pregmatch(pattern: "^AL(A|\d)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux");
os_ver = os_ver[1];
if (os_ver != "A")
{
  if (os_ver == 'A') os_ver = 'AMI';
  audit(AUDIT_OS_NOT, "Amazon Linux AMI", "Amazon Linux " + os_ver);
}

if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;
if (rpm_check(release:"ALA", reference:"readline-6.2-9.14.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"readline-debuginfo-6.2-9.14.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"readline-devel-6.2-9.14.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"readline-static-6.2-9.14.amzn1")) flag++;

if (flag)
{
  if (report_verbosity &gt; 0) security_note(port:0, extra:rpm_report_get());
  else security_note(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "readline / readline-debuginfo / readline-devel / readline-static");
}

JSON Vulners Source

Initial Source

{"id": "ALA_ALAS-2014-357.NASL", "bulletinFamily": "scanner", "title": "Amazon Linux AMI : readline (ALAS-2014-357)", "description": "The _rl_tropen function in util.c in GNU readline before 6.3 patch 3\nallows local users to create or overwrite arbitrary files via a\nsymlink attack on a /var/tmp/rltrace.[PID] file.", "published": "2014-10-12T00:00:00", "modified": "2021-01-02T00:00:00", "cvss": {"score": 3.3, "vector": "AV:L/AC:M/Au:N/C:N/I:P/A:P"}, "href": "https://www.tenable.com/plugins/nessus/78300", "reporter": "This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.", "references": ["https://alas.aws.amazon.com/ALAS-2014-357.html"], "cvelist": ["CVE-2014-2524"], "type": "nessus", "lastseen": "2021-01-01T01:18:50", "edition": 23, "viewCount": 3, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2014-2524"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310120312", "OPENVAS:1361412562310867873", "OPENVAS:1361412562310867868", "OPENVAS:1361412562310850618"]}, {"type": "nessus", "idList": ["FEDORA_2014-7523.NASL", "MANDRIVA_MDVSA-2015-132.NASL", "FEDORA_2014-6866.NASL", "OPENSUSE-2014-559.NASL", "MANDRIVA_MDVSA-2014-154.NASL", "FEDORA_2014-6820.NASL"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:13916", "SECURITYVULNS:DOC:30995"]}, {"type": "amazon", "idList": ["ALAS-2014-357"]}, {"type": "fedora", "idList": ["FEDORA:14B042183A", "FEDORA:9102721A55"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2014:1226-1"]}], "modified": "2021-01-01T01:18:50", "rev": 2}, "score": {"value": 4.6, "vector": "NONE", "modified": "2021-01-01T01:18:50", "rev": 2}, "vulnersScore": 4.6}, "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2014-357.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(78300);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2018/04/18 15:09:35\");\n\n script_cve_id(\"CVE-2014-2524\");\n script_xref(name:\"ALAS\", value:\"2014-357\");\n\n script_name(english:\"Amazon Linux AMI : readline (ALAS-2014-357)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The _rl_tropen function in util.c in GNU readline before 6.3 patch 3\nallows local users to create or overwrite arbitrary files via a\nsymlink attack on a /var/tmp/rltrace.[PID] file.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2014-357.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update readline' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:N/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:readline\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:readline-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:readline-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:readline-static\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/06/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/10/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"readline-6.2-9.14.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"readline-debuginfo-6.2-9.14.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"readline-devel-6.2-9.14.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"readline-static-6.2-9.14.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"readline / readline-debuginfo / readline-devel / readline-static\");\n}\n", "naslFamily": "Amazon Linux Local Security Checks", "pluginID": "78300", "cpe": ["p-cpe:/a:amazon:linux:readline", "p-cpe:/a:amazon:linux:readline-debuginfo", "p-cpe:/a:amazon:linux:readline-devel", "p-cpe:/a:amazon:linux:readline-static", "cpe:/o:amazon:linux"], "scheme": null}

{"cve": [{"lastseen": "2020-12-09T19:58:22", "description": "The _rl_tropen function in util.c in GNU readline before 6.3 patch 3 allows local users to create or overwrite arbitrary files via a symlink attack on a /var/tmp/rltrace.[PID] file.", "edition": 5, "cvss3": {}, "published": "2014-08-20T14:55:00", "title": "CVE-2014-2524", "type": "cve", "cwe": ["CWE-59"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 3.3, "vectorString": "AV:L/AC:M/Au:N/C:N/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-2524"], "modified": "2018-10-30T16:27:00", "cpe": ["cpe:/a:gnu:readline:4.3", "cpe:/a:gnu:readline:5.0", "cpe:/a:gnu:readline:4.2", "cpe:/a:gnu:readline:4.1", "cpe:/a:gnu:readline:2.1", "cpe:/o:opensuse:opensuse:13.1", "cpe:/a:gnu:readline:2.2", "cpe:/a:gnu:readline:6.1", "cpe:/a:gnu:readline:4.0", "cpe:/a:gnu:readline:6.2", "cpe:/a:gnu:readline:6.0", "cpe:/o:fedoraproject:fedora:20", "cpe:/a:gnu:readline:5.2", "cpe:/o:mageia:mageia:4.0", "cpe:/a:gnu:readline:5.1", "cpe:/o:mageia:mageia:3.0", "cpe:/a:gnu:readline:6.3", "cpe:/o:opensuse:opensuse:12.3"], "id": "CVE-2014-2524", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2524", "cvss": {"score": 3.3, "vector": "AV:L/AC:M/Au:N/C:N/I:P/A:P"}, "cpe23": ["cpe:2.3:a:gnu:readline:4.1:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:readline:5.2:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:readline:4.0:*:*:*:*:*:*:*", "cpe:2.3:o:mageia:mageia:4.0:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:readline:4.3:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:readline:5.1:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:readline:6.3:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:readline:6.2:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:readline:6.1:*:*:*:*:*:*:*", "cpe:2.3:o:mageia:mageia:3.0:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:readline:5.0:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:readline:4.2:a:*:*:*:*:*:*", "cpe:2.3:a:gnu:readline:6.0:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:readline:4.2:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:readline:2.2:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:readline:2.1:*:*:*:*:*:*:*"]}], "openvas": [{"lastseen": "2020-03-17T23:00:39", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-2524"], "description": "The remote host is missing an update announced via the referenced Security Advisory.", "modified": "2020-03-13T00:00:00", "published": "2015-09-08T00:00:00", "id": "OPENVAS:1361412562310120312", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120312", "type": "openvas", "title": "Amazon Linux: Security Advisory (ALAS-2014-357)", "sourceData": "# Copyright (C) 2015 Eero Volotinen\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.120312\");\n script_version(\"2020-03-13T13:19:50+0000\");\n script_tag(name:\"creation_date\", value:\"2015-09-08 13:23:20 +0200 (Tue, 08 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"2020-03-13 13:19:50 +0000 (Fri, 13 Mar 2020)\");\n script_name(\"Amazon Linux: Security Advisory (ALAS-2014-357)\");\n script_tag(name:\"insight\", value:\"The _rl_tropen function in util.c in GNU readline before 6.3 patch 3 allows local users to create or overwrite arbitrary files via a symlink attack on a /var/tmp/rltrace.[PID] file.\");\n script_tag(name:\"solution\", value:\"Run yum update readline to update your system.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://alas.aws.amazon.com/ALAS-2014-357.html\");\n script_cve_id(\"CVE-2014-2524\");\n script_tag(name:\"cvss_base\", value:\"3.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:N/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/amazon_linux\", \"ssh/login/release\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"The remote host is missing an update announced via the referenced Security Advisory.\");\n script_copyright(\"Copyright (C) 2015 Eero Volotinen\");\n script_family(\"Amazon Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"AMAZON\") {\n if(!isnull(res = isrpmvuln(pkg:\"readline-debuginfo\", rpm:\"readline-debuginfo~6.2~9.14.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"readline\", rpm:\"readline~6.2~9.14.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"readline-devel\", rpm:\"readline-devel~6.2~9.14.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"readline-static\", rpm:\"readline-static~6.2~9.14.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 3.3, "vector": "AV:L/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2019-05-29T18:37:27", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-2524"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2014-06-17T00:00:00", "id": "OPENVAS:1361412562310867868", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310867868", "type": "openvas", "title": "Fedora Update for mingw-readline FEDORA-2014-6820", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for mingw-readline FEDORA-2014-6820\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.867868\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-06-17 09:54:31 +0530 (Tue, 17 Jun 2014)\");\n script_cve_id(\"CVE-2014-2524\");\n script_tag(name:\"cvss_base\", value:\"3.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:N/I:P/A:P\");\n script_name(\"Fedora Update for mingw-readline FEDORA-2014-6820\");\n script_tag(name:\"affected\", value:\"mingw-readline on Fedora 20\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"FEDORA\", value:\"2014-6820\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2014-June/134114.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'mingw-readline'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC20\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC20\")\n{\n\n if ((res = isrpmvuln(pkg:\"mingw-readline\", rpm:\"mingw-readline~6.2~4.fc20\", rls:\"FC20\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 3.3, "vector": "AV:L/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2019-05-29T18:37:25", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-2524"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2014-06-17T00:00:00", "id": "OPENVAS:1361412562310867873", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310867873", "type": "openvas", "title": "Fedora Update for mingw-readline FEDORA-2014-6866", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for mingw-readline FEDORA-2014-6866\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.867873\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-06-17 09:54:55 +0530 (Tue, 17 Jun 2014)\");\n script_cve_id(\"CVE-2014-2524\");\n script_tag(name:\"cvss_base\", value:\"3.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:N/I:P/A:P\");\n script_name(\"Fedora Update for mingw-readline FEDORA-2014-6866\");\n script_tag(name:\"affected\", value:\"mingw-readline on Fedora 19\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"FEDORA\", value:\"2014-6866\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2014-June/134069.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'mingw-readline'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC19\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC19\")\n{\n\n if ((res = isrpmvuln(pkg:\"mingw-readline\", rpm:\"mingw-readline~6.2~4.fc19\", rls:\"FC19\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 3.3, "vector": "AV:L/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2020-01-31T18:39:24", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-2524", "CVE-2014-6271"], "description": "The remote host is missing an update for the ", "modified": "2020-01-31T00:00:00", "published": "2014-10-01T00:00:00", "id": "OPENVAS:1361412562310850618", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310850618", "type": "openvas", "title": "openSUSE: Security Advisory for bash (openSUSE-SU-2014:1226-1)", "sourceData": "# Copyright (C) 2014 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.850618\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2014-10-01 16:57:33 +0530 (Wed, 01 Oct 2014)\");\n script_cve_id(\"CVE-2014-2524\", \"CVE-2014-6271\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"openSUSE: Security Advisory for bash (openSUSE-SU-2014:1226-1)\");\n\n script_tag(name:\"insight\", value:\"bash was updated to fix a critical security issue, a minor security issue\n and bugs:\n\n In some circumstances, the shell would evaluate shellcode in environment\n variables passed at startup time. This allowed code execution by local or\n remote attackers who could pass environment variables to bash scripts.\n (CVE-2014-6271)\n\n Fixed a temporary file misuse in _rl_tropen (bnc#868822) Even if used only\n by developers to debug readline library do not\n open temporary files from public location without O_EXCL (CVE-2014-2524)\n\n Additional bugfixes:\n\n - Backported corrected german error message for a failing getpwd\n (bnc#895475)\n\n - Add bash upstream patch 47 to fix a problem where the function that\n shortens pathnames for $PS1 according to the value of $PROMPT_DIRTRIM\n uses memcpy on potentially-overlapping regions\n of memory, when it should use memmove. The result is garbled pathnames\n in prompt strings.\n\n - Add bash upstream patch 46 to fix a problem introduced by patch 32 a\n problem with '$@' and arrays expanding empty positional parameters or\n array elements when using substring expansion, pattern substitution, or\n case modfication. The empty parameters\n or array elements are removed instead of expanding to empty strings ('').\n\n - Add bash-4.2-strcpy.patch from upstream mailing list to patch collection\n tar ball to avoid when using \\w in the prompt and changing the directory\n outside of HOME the a strcpy work on\n overlapping memory areas.\");\n\n script_tag(name:\"affected\", value:\"bash on openSUSE 13.1, openSUSE 12.3\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2014:1226-1\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'bash'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=(openSUSE12\\.3|openSUSE13\\.1)\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSE12.3\") {\n if(!isnull(res = isrpmvuln(pkg:\"bash\", rpm:\"bash~4.2~61.9.1\", rls:\"openSUSE12.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bash-debuginfo\", rpm:\"bash-debuginfo~4.2~61.9.1\", rls:\"openSUSE12.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bash-debugsource\", rpm:\"bash-debugsource~4.2~61.9.1\", rls:\"openSUSE12.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bash-devel\", rpm:\"bash-devel~4.2~61.9.1\", rls:\"openSUSE12.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bash-loadables\", rpm:\"bash-loadables~4.2~61.9.1\", rls:\"openSUSE12.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bash-loadables-debuginfo\", rpm:\"bash-loadables-debuginfo~4.2~61.9.1\", rls:\"openSUSE12.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libreadline6\", rpm:\"libreadline6~6.2~61.9.1\", rls:\"openSUSE12.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libreadline6-debuginfo\", rpm:\"libreadline6-debuginfo~6.2~61.9.1\", rls:\"openSUSE12.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"readline-devel\", rpm:\"readline-devel~6.2~61.9.1\", rls:\"openSUSE12.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bash-debuginfo-32bit\", rpm:\"bash-debuginfo-32bit~4.2~61.9.1\", rls:\"openSUSE12.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libreadline6-32bit\", rpm:\"libreadline6-32bit~6.2~61.9.1\", rls:\"openSUSE12.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libreadline6-debuginfo-32bit\", rpm:\"libreadline6-debuginfo-32bit~6.2~61.9.1\", rls:\"openSUSE12.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"readline-devel-32bit\", rpm:\"readline-devel-32bit~6.2~61.9.1\", rls:\"openSUSE12.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bash-doc\", rpm:\"bash-doc~4.2~61.9.1\", rls:\"openSUSE12.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bash-lang\", rpm:\"bash-lang~4.2~61.9.1\", rls:\"openSUSE12.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"eadline-doc\", rpm:\"eadline-doc~6.2~61.9.1\", rls:\"openSUSE12.3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nif(release == \"openSUSE13.1\") {\n if(!isnull(res = isrpmvuln(pkg:\"bash\", rpm:\"bash~4.2~68.4.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bash-debuginfo\", rpm:\"bash-debuginfo~4.2~68.4.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bash-debugsource\", rpm:\"bash-debugsource~4.2~68.4.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bash-devel\", rpm:\"bash-devel~4.2~68.4.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bash-loadables\", rpm:\"bash-loadables~4.2~68.4.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bash-loadables-debuginfo\", rpm:\"bash-loadables-debuginfo~4.2~68.4.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libreadline6\", rpm:\"libreadline6~6.2~68.4.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libreadline6-debuginfo\", rpm:\"libreadline6-debuginfo~6.2~68.4.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"readline-devel\", rpm:\"readline-devel~6.2~68.4.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bash-debuginfo-32bit\", rpm:\"bash-debuginfo-32bit~4.2~68.4.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libreadline6-32bit\", rpm:\"libreadline6-32bit~6.2~68.4.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libreadline6-debuginfo-32bit\", rpm:\"libreadline6-debuginfo-32bit~6.2~68.4.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"readline-devel-32bit\", rpm:\"readline-devel-32bit~6.2~68.4.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bash-doc\", rpm:\"bash-doc~4.2~68.4.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bash-lang\", rpm:\"bash-lang~4.2~68.4.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"readline-doc\", rpm:\"readline-doc~6.2~68.4.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:53", "bulletinFamily": "software", "cvelist": ["CVE-2014-2524"], "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n _______________________________________________________________________\r\n\r\n Mandriva Linux Security Advisory MDVSA-2014:154\r\n http://www.mandriva.com/en/support/security/\r\n _______________________________________________________________________\r\n\r\n Package : readline\r\n Date : August 6, 2014\r\n Affected: Business Server 1.0\r\n _______________________________________________________________________\r\n\r\n Problem Description:\r\n\r\n Updated readline packages fix security vulnerability:\r\n \r\n Steve Kemp discovered the _rl_tropen() function in readline insecurely\r\n handled a temporary file. This could allow a local attacker to perform\r\n symbolic link attacks (CVE-2014-2524).\r\n \r\n Also, upstream patches have been added to fix an infinite loop in vi\r\n input mode, and to fix an issue with slowness when pasting text.\r\n _______________________________________________________________________\r\n\r\n References:\r\n\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2524\r\n http://advisories.mageia.org/MGASA-2014-0319.html\r\n _______________________________________________________________________\r\n\r\n Updated Packages:\r\n\r\n Mandriva Business Server 1/X86_64:\r\n e0ba1cb317b53753b13983780d48b7bd mbs1/x86_64/lib64readline6-6.2-5.1.mbs1.x86_64.rpm\r\n eabe4398528494c5e3c071e8a5270e71 mbs1/x86_64/lib64readline-devel-6.2-5.1.mbs1.x86_64.rpm\r\n 0b5f1cffb7f32ad4135562136a8ae9d1 mbs1/x86_64/readline-doc-6.2-5.1.mbs1.x86_64.rpm \r\n 63dab1fc10878cf7b3aa57a2e04d6a95 mbs1/SRPMS/readline-6.2-5.1.mbs1.src.rpm\r\n _______________________________________________________________________\r\n\r\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\r\n of md5 checksums and GPG signatures is performed automatically for you.\r\n\r\n All packages are signed by Mandriva for security. You can obtain the\r\n GPG public key of the Mandriva Security Team by executing:\r\n\r\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\r\n\r\n You can view other update advisories for Mandriva Linux at:\r\n\r\n http://www.mandriva.com/en/support/security/advisories/\r\n\r\n If you want to report vulnerabilities, please contact\r\n\r\n security_(at)_mandriva.com\r\n _______________________________________________________________________\r\n\r\n Type Bits/KeyID Date User ID\r\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\r\n <security*mandriva.com>\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.12 (GNU/Linux)\r\n\r\niD8DBQFT4j3nmqjQ0CJFipgRAgDCAJ93VHFRofmV5fztMcj9FzRYthF2CgCgjgQt\r\nzzNo23HpB3Nx/KnVm6fYuZI=\r\n=9fzZ\r\n-----END PGP SIGNATURE-----\r\n\r\n", "edition": 1, "modified": "2014-08-11T00:00:00", "published": "2014-08-11T00:00:00", "id": "SECURITYVULNS:DOC:30995", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:30995", "title": "[ MDVSA-2014:154 ] readline", "type": "securityvulns", "cvss": {"score": 3.3, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:09:56", "bulletinFamily": "software", "cvelist": ["CVE-2014-2524"], "description": "Symbolic links vulnerability in _rl_tropen()", "edition": 1, "modified": "2014-08-11T00:00:00", "published": "2014-08-11T00:00:00", "id": "SECURITYVULNS:VULN:13916", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:13916", "title": "readline library symbolic links vulnerability", "type": "securityvulns", "cvss": {"score": 3.3, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}], "amazon": [{"lastseen": "2020-11-10T12:36:02", "bulletinFamily": "unix", "cvelist": ["CVE-2014-2524"], "description": "**Issue Overview:**\n\nThe _rl_tropen function in util.c in GNU readline before 6.3 patch 3 allows local users to create or overwrite arbitrary files via a symlink attack on a /var/tmp/rltrace.[PID] file. \n\n \n**Affected Packages:** \n\n\nreadline\n\n \n**Issue Correction:** \nRun _yum update readline_ to update your system.\n\n \n\n\n**New Packages:**\n \n \n i686: \n readline-debuginfo-6.2-9.14.amzn1.i686 \n readline-6.2-9.14.amzn1.i686 \n readline-devel-6.2-9.14.amzn1.i686 \n readline-static-6.2-9.14.amzn1.i686 \n \n src: \n readline-6.2-9.14.amzn1.src \n \n x86_64: \n readline-debuginfo-6.2-9.14.amzn1.x86_64 \n readline-static-6.2-9.14.amzn1.x86_64 \n readline-6.2-9.14.amzn1.x86_64 \n readline-devel-6.2-9.14.amzn1.x86_64 \n \n \n", "edition": 4, "modified": "2014-06-15T16:20:00", "published": "2014-06-15T16:20:00", "id": "ALAS-2014-357", "href": "https://alas.aws.amazon.com/ALAS-2014-357.html", "title": "Low: readline", "type": "amazon", "cvss": {"score": 3.3, "vector": "AV:L/AC:M/Au:N/C:N/I:P/A:P"}}], "fedora": [{"lastseen": "2020-12-21T08:17:52", "bulletinFamily": "unix", "cvelist": ["CVE-2014-2524"], "description": "The Readline library provides a set of functions that allow users to edit command lines. Both Emacs and vi editing modes are available. The Readline library includes additional functions for maintaining a list of previously-entered command lines for recalling or editing those lines, and for performing csh-like history expansion on previous commands. This is a port of the library and development tools to Windows. ", "modified": "2014-06-10T02:58:16", "published": "2014-06-10T02:58:16", "id": "FEDORA:14B042183A", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 19 Update: mingw-readline-6.2-4.fc19", "cvss": {"score": 3.3, "vector": "AV:L/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:52", "bulletinFamily": "unix", "cvelist": ["CVE-2014-2524"], "description": "The Readline library provides a set of functions that allow users to edit command lines. Both Emacs and vi editing modes are available. The Readline library includes additional functions for maintaining a list of previously-entered command lines for recalling or editing those lines, and for performing csh-like history expansion on previous commands. This is a port of the library and development tools to Windows. ", "modified": "2014-06-10T03:01:46", "published": "2014-06-10T03:01:46", "id": "FEDORA:9102721A55", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 20 Update: mingw-readline-6.2-4.fc20", "cvss": {"score": 3.3, "vector": "AV:L/AC:M/Au:N/C:N/I:P/A:P"}}], "nessus": [{"lastseen": "2021-01-07T11:54:41", "description": "Updated readline packages fix security vulnerability :\n\nSteve Kemp discovered the _rl_tropen() function in readline insecurely\nhandled a temporary file. This could allow a local attacker to perform\nsymbolic link attacks (CVE-2014-2524).\n\nAlso, upstream patches have been added to fix an infinite loop in vi\ninput mode, and to fix an issue with slowness when pasting text.", "edition": 25, "published": "2014-08-07T00:00:00", "title": "Mandriva Linux Security Advisory : readline (MDVSA-2014:154)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-2524"], "modified": "2014-08-07T00:00:00", "cpe": ["cpe:/o:mandriva:business_server:1", "p-cpe:/a:mandriva:linux:lib64readline6", "p-cpe:/a:mandriva:linux:lib64readline-devel", "p-cpe:/a:mandriva:linux:readline-doc"], "id": "MANDRIVA_MDVSA-2014-154.NASL", "href": "https://www.tenable.com/plugins/nessus/77042", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2014:154. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(77042);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2014-2524\");\n script_bugtraq_id(66369);\n script_xref(name:\"MDVSA\", value:\"2014:154\");\n\n script_name(english:\"Mandriva Linux Security Advisory : readline (MDVSA-2014:154)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated readline packages fix security vulnerability :\n\nSteve Kemp discovered the _rl_tropen() function in readline insecurely\nhandled a temporary file. This could allow a local attacker to perform\nsymbolic link attacks (CVE-2014-2524).\n\nAlso, upstream patches have been added to fix an infinite loop in vi\ninput mode, and to fix an issue with slowness when pasting text.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://advisories.mageia.org/MGASA-2014-0319.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected lib64readline-devel, lib64readline6 and / or\nreadline-doc packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:ND\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64readline-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64readline6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:readline-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:business_server:1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/08/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/08/07\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"lib64readline-devel-6.2-5.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"lib64readline6-6.2-5.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"readline-doc-6.2-5.1.mbs1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 3.3, "vector": "AV:L/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2021-01-12T10:12:52", "description": "Fix CVE-2014-2524 (RHBZ #1077035)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 11, "published": "2014-06-10T00:00:00", "title": "Fedora 20 : mingw-readline-6.2-4.fc20 (2014-6820)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-2524"], "modified": "2014-06-10T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:mingw-readline", "cpe:/o:fedoraproject:fedora:20"], "id": "FEDORA_2014-6820.NASL", "href": "https://www.tenable.com/plugins/nessus/74390", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2014-6820.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(74390);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_xref(name:\"FEDORA\", value:\"2014-6820\");\n\n script_name(english:\"Fedora 20 : mingw-readline-6.2-4.fc20 (2014-6820)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Fix CVE-2014-2524 (RHBZ #1077035)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1077035\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2014-June/134114.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?024193aa\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected mingw-readline package.\"\n );\n script_set_attribute(attribute:\"risk_factor\", value:\"High\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mingw-readline\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:20\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/05/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^20([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 20.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC20\", reference:\"mingw-readline-6.2-4.fc20\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mingw-readline\");\n}\n", "cvss": {"score": 3.3, "vector": "AV:L/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2021-01-12T10:12:56", "description": "readline in Fedora is very slow when rl_event_hook is used, this\nupdate fix it. Security patch for debug functions\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 14, "published": "2014-07-23T00:00:00", "title": "Fedora 20 : readline-6.2-10.fc20 (2014-7523)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-2524"], "modified": "2014-07-23T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:20", "p-cpe:/a:fedoraproject:fedora:readline"], "id": "FEDORA_2014-7523.NASL", "href": "https://www.tenable.com/plugins/nessus/76691", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2014-7523.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(76691);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2014-2524\");\n script_bugtraq_id(66369);\n script_xref(name:\"FEDORA\", value:\"2014-7523\");\n\n script_name(english:\"Fedora 20 : readline-6.2-10.fc20 (2014-7523)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"readline in Fedora is very slow when rl_event_hook is used, this\nupdate fix it. Security patch for debug functions\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1077026\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1109946\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2014-July/135686.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f09b9369\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected readline package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:ND\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:readline\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:20\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/06/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/07/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^20([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 20.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC20\", reference:\"readline-6.2-10.fc20\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"readline\");\n}\n", "cvss": {"score": 3.3, "vector": "AV:L/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2021-01-12T10:12:53", "description": "Fix CVE-2014-2524 (RHBZ #1077035)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 12, "published": "2014-06-10T00:00:00", "title": "Fedora 19 : mingw-readline-6.2-4.fc19 (2014-6866)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-2524"], "modified": "2014-06-10T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:mingw-readline", "cpe:/o:fedoraproject:fedora:19"], "id": "FEDORA_2014-6866.NASL", "href": "https://www.tenable.com/plugins/nessus/74401", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2014-6866.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(74401);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_bugtraq_id(66369);\n script_xref(name:\"FEDORA\", value:\"2014-6866\");\n\n script_name(english:\"Fedora 19 : mingw-readline-6.2-4.fc19 (2014-6866)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Fix CVE-2014-2524 (RHBZ #1077035)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1077035\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2014-June/134069.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c6fa484a\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected mingw-readline package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:ND\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mingw-readline\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:19\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/05/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^19([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 19.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC19\", reference:\"mingw-readline-6.2-4.fc19\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mingw-readline\");\n}\n", "cvss": {"score": 3.3, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2021-01-17T11:51:44", "description": "Updated readline packages fix security vulnerability :\n\nSteve Kemp discovered the _rl_tropen() function in readline insecurely\nhandled a temporary file. This could allow a local attacker to perform\nsymbolic link attacks (CVE-2014-2524).\n\nAlso, upstream patches have been added to fix an infinite loop in vi\ninput mode, and to fix an issue with slowness when pasting text.", "edition": 24, "published": "2015-03-30T00:00:00", "title": "Mandriva Linux Security Advisory : readline (MDVSA-2015:132)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-2524"], "modified": "2015-03-30T00:00:00", "cpe": ["cpe:/o:mandriva:business_server:2", "p-cpe:/a:mandriva:linux:lib64readline6", "p-cpe:/a:mandriva:linux:lib64readline-devel", "p-cpe:/a:mandriva:linux:readline-doc"], "id": "MANDRIVA_MDVSA-2015-132.NASL", "href": "https://www.tenable.com/plugins/nessus/82385", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2015:132. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(82385);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2014-2524\");\n script_xref(name:\"MDVSA\", value:\"2015:132\");\n\n script_name(english:\"Mandriva Linux Security Advisory : readline (MDVSA-2015:132)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated readline packages fix security vulnerability :\n\nSteve Kemp discovered the _rl_tropen() function in readline insecurely\nhandled a temporary file. This could allow a local attacker to perform\nsymbolic link attacks (CVE-2014-2524).\n\nAlso, upstream patches have been added to fix an infinite loop in vi\ninput mode, and to fix an issue with slowness when pasting text.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://advisories.mageia.org/MGASA-2014-0319.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected lib64readline-devel, lib64readline6 and / or\nreadline-doc packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:N/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64readline-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64readline6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:readline-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:business_server:2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/03/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/03/30\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"lib64readline-devel-6.2-10.1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"lib64readline6-6.2-10.1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"readline-doc-6.2-10.1.mbs2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 3.3, "vector": "AV:L/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2021-01-20T12:27:57", "description": "bash was updated to fix a critical security issue, a minor security\nissue and bugs :\n\nIn some circumstances, the shell would evaluate shellcode in\nenvironment variables passed at startup time. This allowed code\nexecution by local or remote attackers who could pass environment\nvariables to bash scripts. (CVE-2014-6271)\n\nFixed a temporary file misuse in _rl_tropen (bnc#868822) Even if used\nonly by developers to debug readline library do not open temporary\nfiles from public location without O_EXCL (CVE-2014-2524)\n\nAdditional bugfixes :\n\n - Backported corrected german error message for a failing\n getpwd (bnc#895475)\n\n - Add bash upstream patch 47 to fix a problem where the\n function that shortens pathnames for $PS1 according to\n the value of $PROMPT_DIRTRIM uses memcpy on\n potentially-overlapping regions of memory, when it\n should use memmove. The result is garbled pathnames in\n prompt strings.\n\n - Add bash upstream patch 46 to fix a problem introduced\n by patch 32 a problem with '$@' and arrays expanding\n empty positional parameters or array elements when using\n substring expansion, pattern substitution, or case\n modfication. The empty parameters or array elements are\n removed instead of expanding to empty strings ('').\n\n - Add bash-4.2-strcpy.patch from upstream mailing list to\n patch collection tar ball to avoid when using \\w in the\n prompt and changing the directory outside of HOME the a\n strcpy work on overlapping memory areas.", "edition": 19, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2014-09-25T00:00:00", "title": "openSUSE Security Update : bash (openSUSE-SU-2014:1226-1) (Shellshock)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-2524", "CVE-2014-6271"], "modified": "2014-09-25T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:bash-devel", "p-cpe:/a:novell:opensuse:bash", "cpe:/o:novell:opensuse:12.3", "p-cpe:/a:novell:opensuse:readline-devel-32bit", "p-cpe:/a:novell:opensuse:libreadline6-32bit", "p-cpe:/a:novell:opensuse:bash-debuginfo", "p-cpe:/a:novell:opensuse:bash-loadables", "p-cpe:/a:novell:opensuse:libreadline6-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libreadline6", "p-cpe:/a:novell:opensuse:bash-lang", "p-cpe:/a:novell:opensuse:readline-devel", "p-cpe:/a:novell:opensuse:libreadline6-debuginfo", "p-cpe:/a:novell:opensuse:bash-loadables-debuginfo", "p-cpe:/a:novell:opensuse:bash-debugsource", "cpe:/o:novell:opensuse:13.1", "p-cpe:/a:novell:opensuse:bash-debuginfo-32bit"], "id": "OPENSUSE-2014-559.NASL", "href": "https://www.tenable.com/plugins/nessus/77846", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2014-559.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(77846);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2014-2524\", \"CVE-2014-6271\");\n script_xref(name:\"IAVA\", value:\"2014-A-0142\");\n\n script_name(english:\"openSUSE Security Update : bash (openSUSE-SU-2014:1226-1) (Shellshock)\");\n script_summary(english:\"Check for the openSUSE-2014-559 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"bash was updated to fix a critical security issue, a minor security\nissue and bugs :\n\nIn some circumstances, the shell would evaluate shellcode in\nenvironment variables passed at startup time. This allowed code\nexecution by local or remote attackers who could pass environment\nvariables to bash scripts. (CVE-2014-6271)\n\nFixed a temporary file misuse in _rl_tropen (bnc#868822) Even if used\nonly by developers to debug readline library do not open temporary\nfiles from public location without O_EXCL (CVE-2014-2524)\n\nAdditional bugfixes :\n\n - Backported corrected german error message for a failing\n getpwd (bnc#895475)\n\n - Add bash upstream patch 47 to fix a problem where the\n function that shortens pathnames for $PS1 according to\n the value of $PROMPT_DIRTRIM uses memcpy on\n potentially-overlapping regions of memory, when it\n should use memmove. The result is garbled pathnames in\n prompt strings.\n\n - Add bash upstream patch 46 to fix a problem introduced\n by patch 32 a problem with '$@' and arrays expanding\n empty positional parameters or array elements when using\n substring expansion, pattern substitution, or case\n modfication. The empty parameters or array elements are\n removed instead of expanding to empty strings ('').\n\n - Add bash-4.2-strcpy.patch from upstream mailing list to\n patch collection tar ball to avoid when using \\w in the\n prompt and changing the directory outside of HOME the a\n strcpy work on overlapping memory areas.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=868822\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=895475\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=896776\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2014-09/msg00036.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected bash packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Qmail SMTP Bash Environment Variable Injection (Shellshock)');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bash\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bash-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bash-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bash-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bash-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bash-lang\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bash-loadables\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bash-loadables-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libreadline6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libreadline6-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libreadline6-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libreadline6-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:readline-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:readline-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/08/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/09/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/09/25\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE12\\.3|SUSE13\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"12.3 / 13.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE12.3\", reference:\"bash-4.2-61.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"bash-debuginfo-4.2-61.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"bash-debugsource-4.2-61.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"bash-devel-4.2-61.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"bash-lang-4.2-61.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"bash-loadables-4.2-61.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"bash-loadables-debuginfo-4.2-61.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"libreadline6-6.2-61.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"libreadline6-debuginfo-6.2-61.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"readline-devel-6.2-61.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"x86_64\", reference:\"bash-debuginfo-32bit-4.2-61.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"x86_64\", reference:\"libreadline6-32bit-6.2-61.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"x86_64\", reference:\"libreadline6-debuginfo-32bit-6.2-61.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"x86_64\", reference:\"readline-devel-32bit-6.2-61.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"bash-4.2-68.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"bash-debuginfo-4.2-68.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"bash-debugsource-4.2-68.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"bash-devel-4.2-68.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"bash-lang-4.2-68.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"bash-loadables-4.2-68.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"bash-loadables-debuginfo-4.2-68.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libreadline6-6.2-68.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libreadline6-debuginfo-6.2-68.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"readline-devel-6.2-68.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"bash-debuginfo-32bit-4.2-68.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libreadline6-32bit-6.2-68.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libreadline6-debuginfo-32bit-6.2-68.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"readline-devel-32bit-6.2-68.4.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bash\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "suse": [{"lastseen": "2016-09-04T12:22:47", "bulletinFamily": "unix", "cvelist": ["CVE-2014-2524", "CVE-2014-6271"], "description": "bash was updated to fix a critical security issue, a minor security issue\n and bugs:\n\n In some circumstances, the shell would evaluate shellcode in environment\n variables passed at startup time. This allowed code execution by local or\n remote attackers who could pass environment variables to bash scripts.\n (CVE-2014-6271)\n\n Fixed a temporary file misuse in _rl_tropen (bnc#868822) Even if used only\n by developers to debug readline library do not\n open temporary files from public location without O_EXCL (CVE-2014-2524)\n\n Additional bugfixes:\n - Backported corrected german error message for a failing getpwd\n (bnc#895475)\n\n - Add bash upstream patch 47 to fix a problem where the function that\n shortens pathnames for $PS1 according to the value of $PROMPT_DIRTRIM\n uses memcpy on potentially-overlapping regions\n of memory, when it should use memmove. The result is garbled pathnames\n in prompt strings.\n\n - Add bash upstream patch 46 to fix a problem introduced by patch 32 a\n problem with "$@" and arrays expanding empty positional parameters or\n array elements when using substring expansion, pattern substitution, or\n case modfication. The empty parameters\n or array elements are removed instead of expanding to empty strings ("").\n\n - Add bash-4.2-strcpy.patch from upstream mailing list to patch collection\n tar ball to avoid when using \\w in the prompt and changing the directory\n outside of HOME the a strcpy work on\n overlapping memory areas.\n\n", "edition": 1, "modified": "2014-09-28T12:04:47", "published": "2014-09-28T12:04:47", "id": "OPENSUSE-SU-2014:1226-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00037.html", "title": "bash: security and bugfix update (critical)", "type": "suse", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}