Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.CENTOS_RHSA-2008-0486.NASL
HistoryJan 06, 2010 - 12:00 a.m.

CentOS 5 : nfs-utils (CESA-2008:0486)

2010-01-0600:00:00
This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
18

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.014 Low

EPSS

Percentile

86.5%

JSON

An updated nfs-utils package that fixes a security issue is now available for Red Hat Enterprise Linux 5.

This update has been rated as having moderate security impact by the Red Hat Security Response Team.

The nfs-utils package provides a daemon for the kernel NFS server and related tools.

A flaw was found in the nfs-utils package build. The nfs-utils package was missing TCP wrappers support, which could result in an administrator believing they had access restrictions enabled when they did not. (CVE-2008-1376)

Users of nfs-utils are advised to upgrade to these updated packages, which contain a backported patch to resolve this issue.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Red Hat Security Advisory RHSA-2008:0486 and 
# CentOS Errata and Security Advisory 2008:0486 respectively.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(43687);
  script_version("1.12");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/04");

  script_cve_id("CVE-2008-1376");
  script_xref(name:"RHSA", value:"2008:0486");

  script_name(english:"CentOS 5 : nfs-utils (CESA-2008:0486)");
  script_summary(english:"Checks rpm output for the updated package");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote CentOS host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"An updated nfs-utils package that fixes a security issue is now
available for Red Hat Enterprise Linux 5.

This update has been rated as having moderate security impact by the
Red Hat Security Response Team.

The nfs-utils package provides a daemon for the kernel NFS server and
related tools.

A flaw was found in the nfs-utils package build. The nfs-utils package
was missing TCP wrappers support, which could result in an
administrator believing they had access restrictions enabled when they
did not. (CVE-2008-1376)

Users of nfs-utils are advised to upgrade to these updated packages,
which contain a backported patch to resolve this issue."
  );
  # https://lists.centos.org/pipermail/centos-announce/2008-July/015179.html
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?121a121b"
  );
  # https://lists.centos.org/pipermail/centos-announce/2008-July/015180.html
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?4a51e083"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected nfs-utils package."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_cwe_id(264);

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:nfs-utils");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:5");

  script_set_attribute(attribute:"vuln_publication_date", value:"2008/08/01");
  script_set_attribute(attribute:"patch_publication_date", value:"2008/07/31");
  script_set_attribute(attribute:"plugin_publication_date", value:"2010/01/06");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"CentOS Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/CentOS/release");
if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS");
os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS");
os_ver = os_ver[1];
if (! preg(pattern:"^5([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 5.x", "CentOS " + os_ver);

if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);


cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu);


flag = 0;
if (rpm_check(release:"CentOS-5", reference:"nfs-utils-1.0.9-35z.el5_2")) flag++;


if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "nfs-utils");
}
VendorProductVersionCPE
centoscentosnfs-utilsp-cpe:/a:centos:centos:nfs-utils
centoscentos5cpe:/o:centos:centos:5

Related

centos 2
openvas 5
nvd 2
redhat 2
nessus 5
prion 2
cvelist 2
cve 2
oraclelinux 2
veracode 1
centos
centos
nfs security update
2009-05-21 14:45:10
nfs security update
2008-07-31 22:00:24
openvas
openvas
RedHat Update for nfs-utils RHSA-2008:0486-01
2009-03-06 00:00:00
RedHat Security Advisory RHSA-2009:0955
2009-05-20 00:00:00
RedHat Update for nfs-utils RHSA-2008:0486-01
2009-03-06 00:00:00
nvd
nvd
CVE-2008-1376
2008-08-01 14:41:00
CVE-2009-0180
2009-01-20 16:30:00
redhat
redhat
(RHSA-2008:0486) Moderate: nfs-utils security update
2008-07-31 00:00:00
(RHSA-2009:0955) Moderate: nfs-utils security and bug fix update
2009-05-18 00:00:00
nessus
nessus
Oracle Linux 5 : nfs-utils (ELSA-2008-0486)
2013-07-12 00:00:00
RHEL 5 : nfs-utils (RHSA-2008:0486)
2008-08-01 00:00:00
RHEL 4 : nfs-utils (RHSA-2009:0955)
2009-05-19 00:00:00
prion
prion
Design/Logic Flaw
2008-08-01 14:41:00
Design/Logic Flaw
2009-01-20 16:30:00
cvelist
cvelist
CVE-2008-1376
2008-08-01 14:00:00
CVE-2009-0180
2009-01-20 16:00:00
cve
cve
CVE-2008-1376
2008-08-01 14:41:00
CVE-2009-0180
2009-01-20 16:30:00
oraclelinux
oraclelinux
nfs-utils security and bug fix update
2009-05-26 00:00:00
nfs-utils security update
2008-07-31 00:00:00
veracode
veracode
Privilege Escalation
2020-04-10 00:28:58

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.014 Low

EPSS

Percentile

86.5%

JSON
Related for CENTOS_RHSA-2008-0486.NASL
centos2openvas5nvd2redhat2nessus5prion2cvelist2cve2oraclelinux2veracode1