Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2015-2021 Tenable Network Security, Inc.DEBIAN_DLA-60.NASL
HistoryMar 26, 2015 - 12:00 a.m.

Debian DLA-60-1 : icinga security update

2015-03-2600:00:00
This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.
www.tenable.com
12
JSON

Two fixes for the Classic UI :

  • fix off-by-one memory access in process_cgivars() (CVE-2013-7108)

  • prevent possible buffer overflows in cmd.cgi (CVE-2014-1878)

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Debian Security Advisory DLA-60-1. The text
# itself is copyright (C) Software in the Public Interest, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(82205);
  script_version("1.6");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/11");

  script_cve_id("CVE-2013-7108", "CVE-2014-1878");
  script_bugtraq_id(64363, 65605);

  script_name(english:"Debian DLA-60-1 : icinga security update");
  script_summary(english:"Checks dpkg output for the updated packages.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Debian host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Two fixes for the Classic UI :

  - fix off-by-one memory access in process_cgivars()
    (CVE-2013-7108)

  - prevent possible buffer overflows in cmd.cgi
    (CVE-2014-1878)

NOTE: Tenable Network Security has extracted the preceding description
block directly from the DLA security advisory. Tenable has attempted
to automatically clean and format it as much as possible without
introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://lists.debian.org/debian-lts-announce/2014/09/msg00017.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://packages.debian.org/source/squeeze-lts/icinga"
  );
  script_set_attribute(attribute:"solution", value:"Upgrade the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:N/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:icinga");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:icinga-cgi");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:icinga-common");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:icinga-core");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:icinga-dbg");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:icinga-doc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:icinga-idoutils");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:icinga-phpapi");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:6.0");

  script_set_attribute(attribute:"patch_publication_date", value:"2014/09/24");
  script_set_attribute(attribute:"plugin_publication_date", value:"2015/03/26");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.");
  script_family(english:"Debian Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("debian_package.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;
if (deb_check(release:"6.0", prefix:"icinga", reference:"1.0.2-2+squeeze2")) flag++;
if (deb_check(release:"6.0", prefix:"icinga-cgi", reference:"1.0.2-2+squeeze2")) flag++;
if (deb_check(release:"6.0", prefix:"icinga-common", reference:"1.0.2-2+squeeze2")) flag++;
if (deb_check(release:"6.0", prefix:"icinga-core", reference:"1.0.2-2+squeeze2")) flag++;
if (deb_check(release:"6.0", prefix:"icinga-dbg", reference:"1.0.2-2+squeeze2")) flag++;
if (deb_check(release:"6.0", prefix:"icinga-doc", reference:"1.0.2-2+squeeze2")) flag++;
if (deb_check(release:"6.0", prefix:"icinga-idoutils", reference:"1.0.2-2+squeeze2")) flag++;
if (deb_check(release:"6.0", prefix:"icinga-phpapi", reference:"1.0.2-2+squeeze2")) flag++;

if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());
  else security_warning(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
VendorProductVersionCPE
debiandebian_linuxicingap-cpe:/a:debian:debian_linux:icinga
debiandebian_linuxicinga-cgip-cpe:/a:debian:debian_linux:icinga-cgi
debiandebian_linuxicinga-commonp-cpe:/a:debian:debian_linux:icinga-common
debiandebian_linuxicinga-corep-cpe:/a:debian:debian_linux:icinga-core
debiandebian_linuxicinga-dbgp-cpe:/a:debian:debian_linux:icinga-dbg
debiandebian_linuxicinga-docp-cpe:/a:debian:debian_linux:icinga-doc
debiandebian_linuxicinga-idoutilsp-cpe:/a:debian:debian_linux:icinga-idoutils
debiandebian_linuxicinga-phpapip-cpe:/a:debian:debian_linux:icinga-phpapi
debiandebian_linux6.0cpe:/o:debian:debian_linux:6.0

Related

debian 4
openvas 13
osv 4
ubuntu 2
nessus 16
securityvulns 7
checkpoint_advisories 1
alpinelinux 2
ubuntucve 3
debiancve 2
prion 2
cve 2
mageia 2
freebsd 1
ibm 2
amazon 1
gentoo 1
debian
debian
[SECURITY] [DLA 60-1] icinga security update
2014-09-24 16:15:08
[SECURITY] [DLA 1615-1] nagios3 security update
2018-12-24 18:11:14
[SECURITY] [DSA 2956-1] icinga security update
2014-06-11 14:34:43
openvas
openvas
Debian: Security Advisory (DLA-60-1)
2023-03-08 00:00:00
Ubuntu: Security Advisory (USN-3253-1)
2017-04-04 00:00:00
Ubuntu: Security Advisory (USN-3253-2)
2017-06-08 00:00:00
osv
osv
icinga - security update
2014-09-24 00:00:00
icinga - security update
2014-06-11 00:00:00
nagios3 - security update
2018-12-24 00:00:00
ubuntu
ubuntu
Nagios regression
2017-06-07 00:00:00
Nagios vulnerabilities
2017-04-03 00:00:00
nessus
nessus
Ubuntu 14.04 LTS / 16.04 LTS : Nagios regression (USN-3253-2)
2017-06-08 00:00:00
Ubuntu 14.04 LTS / 16.04 LTS : Nagios vulnerabilities (USN-3253-1)
2017-04-04 00:00:00
Debian DLA-1615-1 : nagios3 security update
2018-12-27 00:00:00
securityvulns
securityvulns
[SECURITY] [DSA 2956-1] icinga security update
2014-06-14 00:00:00
Deutsche Telekom CERT Advisory [DTC-A-20140324-004] nagios vulnerability
2014-05-05 00:00:00
[ MDVSA-2014:004 ] nagios
2014-01-19 00:00:00
checkpoint_advisories
checkpoint_advisories
Nagios core CGI Process_cgivars Off-By-One (CVE-2013-7108)
2014-03-16 00:00:00
alpinelinux
alpinelinux
CVE-2013-7108
2014-01-15 16:08:00
CVE-2014-1878
2014-02-28 15:13:00
ubuntucve
ubuntucve
CVE-2013-7108
2014-01-15 00:00:00
CVE-2014-1878
2014-02-28 00:00:00
CVE-2013-7205
2014-01-15 00:00:00
debiancve
debiancve
CVE-2013-7108
2014-01-15 16:08:00
CVE-2014-1878
2014-02-28 15:13:00
prion
prion
Heap overflow
2014-01-15 16:08:00
Stack overflow
2014-02-28 15:13:00
cve
cve
CVE-2013-7108
2014-01-15 16:08:00
CVE-2014-1878
2014-02-28 15:13:00
mageia
mageia
Updated nagios packages fix CVE-2014-1878
2014-04-23 20:01:02
Updated nagios package fixes security vulnerability
2014-01-17 04:22:05
freebsd
freebsd
nagios -- denial of service vulnerability
2013-12-20 00:00:00
ibm
ibm
Security Bulletin: Vulnerabilities in nagios affect PowerKVM
2018-06-18 01:33:23
Security Bulletin: Vulnerabilities in nagios affect PowerKVM
2018-06-18 01:38:44
amazon
amazon
Important: nagios
2017-10-03 11:00:00
gentoo
gentoo
Nagios: Multiple vulnerabilities
2014-12-13 00:00:00
JSON
Related for DEBIAN_DLA-60.NASL
debian4openvas13osv4ubuntu2nessus16securityvulns7checkpoint_advisories1alpinelinux2ubuntucve3debiancve2prion2cve2mageia2freebsd1ibm2amazon1gentoo1