Lucene search

K
nessusThis script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.DEBIAN_DSA-2737.NASL
HistoryAug 15, 2013 - 12:00 a.m.

Debian DSA-2737-1 : swift - several vulnerabilities

2013-08-1500:00:00
This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
18

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

EPSS

0.004

Percentile

72.8%

Several vulnerabilities have been discovered in Swift, the Openstack object storage. The Common Vulnerabilities and Exposures project identifies the following problems :

  • CVE-2013-2161 Alex Gaynor from Rackspace reported a vulnerability in XML handling within Swift account servers. Account strings were unescaped in xml listings, and an attacker could potentially generate unparsable or arbitrary XML responses which may be used to leverage other vulnerabilities in the calling software.

  • CVE-2013-4155 Peter Portante from Red Hat reported a vulnerability in Swift. By issuing requests with an old X-Timestamp value, an authenticated attacker can fill an object server with superfluous object tombstones, which may significantly slow down subsequent requests to that object server, facilitating a Denial of Service attack against Swift clusters.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Debian Security Advisory DSA-2737. The text 
# itself is copyright (C) Software in the Public Interest, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(69354);
  script_version("1.8");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/11");

  script_cve_id("CVE-2013-2161", "CVE-2013-4155");
  script_bugtraq_id(60543, 61690);
  script_xref(name:"DSA", value:"2737");

  script_name(english:"Debian DSA-2737-1 : swift - several vulnerabilities");
  script_summary(english:"Checks dpkg output for the updated package");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Debian host is missing a security-related update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Several vulnerabilities have been discovered in Swift, the Openstack
object storage. The Common Vulnerabilities and Exposures project
identifies the following problems :

  - CVE-2013-2161
    Alex Gaynor from Rackspace reported a vulnerability in
    XML handling within Swift account servers. Account
    strings were unescaped in xml listings, and an attacker
    could potentially generate unparsable or arbitrary XML
    responses which may be used to leverage other
    vulnerabilities in the calling software.

  - CVE-2013-4155
    Peter Portante from Red Hat reported a vulnerability in
    Swift. By issuing requests with an old X-Timestamp
    value, an authenticated attacker can fill an object
    server with superfluous object tombstones, which may
    significantly slow down subsequent requests to that
    object server, facilitating a Denial of Service attack
    against Swift clusters."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2013-2161"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2013-4155"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://packages.debian.org/source/wheezy/swift"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.debian.org/security/2013/dsa-2737"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"Upgrade the swift packages.

For the stable distribution (wheezy), these problems have been fixed
in version 1.4.8-2+deb7u1."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:swift");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:7.0");

  script_set_attribute(attribute:"patch_publication_date", value:"2013/08/12");
  script_set_attribute(attribute:"plugin_publication_date", value:"2013/08/15");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Debian Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("debian_package.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;
if (deb_check(release:"7.0", prefix:"python-swift", reference:"1.4.8-2+deb7u1")) flag++;
if (deb_check(release:"7.0", prefix:"swift", reference:"1.4.8-2+deb7u1")) flag++;
if (deb_check(release:"7.0", prefix:"swift-account", reference:"1.4.8-2+deb7u1")) flag++;
if (deb_check(release:"7.0", prefix:"swift-container", reference:"1.4.8-2+deb7u1")) flag++;
if (deb_check(release:"7.0", prefix:"swift-doc", reference:"1.4.8-2+deb7u1")) flag++;
if (deb_check(release:"7.0", prefix:"swift-object", reference:"1.4.8-2+deb7u1")) flag++;
if (deb_check(release:"7.0", prefix:"swift-proxy", reference:"1.4.8-2+deb7u1")) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
  else security_hole(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

EPSS

0.004

Percentile

72.8%