gPS is a graphical application to watch system processes. In release 1.1.0 of the gps package, several security vulnerabilities were fixed, as detailed in the changelog :
bug fix on rgpsp connection source acceptation policy (it was allowing any host to connect even when the /etc/rgpsp.conf file told otherwise). It is working now, but on any real (‘production’) network I suggest you use IP filtering to enforce the policy (like ipchains or iptables).
Several possibilities of buffer overflows have been fixed. Thanks to Stanislav Ievlev from ALT-Linux for pointing a lot of them.
fixed misformatting of command line parameters in rgpsp protocol (command lines with newlines would break the protocol).
fixed buffer overflow bug that caused rgpsp to SIGSEGV when stating processes with large command lines (>128 chars) [Linux only].
All of these problems affect Debian’s gps package version 0.9.4-1 in Debian woody. Debian potato also contains a gps package (version 0.4.1-2), but it is not affected by these problems, as the relevant functionality is not implemented in that version.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Debian Security Advisory DSA-307. The text
# itself is copyright (C) Software in the Public Interest, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(15144);
script_version("1.24");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/04");
script_cve_id("CVE-2003-0360", "CVE-2003-0361", "CVE-2003-0362");
script_bugtraq_id(7736);
script_xref(name:"DSA", value:"307");
script_name(english:"Debian DSA-307-1 : gps - multiple vulnerabilities");
script_summary(english:"Checks dpkg output for the updated package");
script_set_attribute(
attribute:"synopsis",
value:"The remote Debian host is missing a security-related update."
);
script_set_attribute(
attribute:"description",
value:
"gPS is a graphical application to watch system processes. In release
1.1.0 of the gps package, several security vulnerabilities were fixed,
as detailed in the changelog :
- bug fix on rgpsp connection source acceptation policy
(it was allowing any host to connect even when the
/etc/rgpsp.conf file told otherwise). It is working now,
but on any real ('production') network I suggest you use
IP filtering to enforce the policy (like ipchains or
iptables).
- Several possibilities of buffer overflows have been
fixed. Thanks to Stanislav Ievlev from ALT-Linux for
pointing a lot of them.
- fixed misformatting of command line parameters in rgpsp
protocol (command lines with newlines would break the
protocol).
- fixed buffer overflow bug that caused rgpsp to SIGSEGV
when stating processes with large command lines (>128
chars) [Linux only].
All of these problems affect Debian's gps package version 0.9.4-1 in
Debian woody. Debian potato also contains a gps package (version
0.4.1-2), but it is not affected by these problems, as the relevant
functionality is not implemented in that version."
);
script_set_attribute(
attribute:"see_also",
value:"http://www.debian.org/security/2003/dsa-307"
);
script_set_attribute(
attribute:"solution",
value:
"For the stable distribution (woody) these problems have been fixed in
version 0.9.4-1woody1.
The old stable distribution (potato) is not affected by these
problems.
We recommend that you update your gps package."
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:gps");
script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:3.0");
script_set_attribute(attribute:"patch_publication_date", value:"2003/05/27");
script_set_attribute(attribute:"plugin_publication_date", value:"2004/09/29");
script_set_attribute(attribute:"vuln_publication_date", value:"2001/03/26");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2004-2021 Tenable Network Security, Inc.");
script_family(english:"Debian Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
exit(0);
}
include("audit.inc");
include("debian_package.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
flag = 0;
if (deb_check(release:"3.0", prefix:"gps", reference:"0.9.4-1woody1")) flag++;
if (deb_check(release:"3.0", prefix:"rgpsp", reference:"0.9.4-1woody1")) flag++;
if (flag)
{
if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
else security_hole(0);
exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
Vendor | Product | Version | CPE |
---|---|---|---|
debian | debian_linux | gps | p-cpe:/a:debian:debian_linux:gps |
debian | debian_linux | 3.0 | cpe:/o:debian:debian_linux:3.0 |