ID EULEROS_SA-2018-1024.NASL Type nessus Reporter Tenable Modified 2018-11-13T00:00:00
Description
According to the version of the xdg-user-dirs package installed, the EulerOS installation on the remote host is affected by the following vulnerability :
It was found that the system umask policy is not being honored when creating XDG user directories (~/Desktop etc) on first login. This could lead to user's files being inadvertently exposed to other local users.(CVE-2017-15131)
Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
#
# (C) Tenable Network Security, Inc.
#
include("compat.inc");
if (description)
{
script_id(106165);
script_version("3.9");
script_cvs_date("Date: 2018/11/13 12:30:47");
script_cve_id(
"CVE-2017-15131"
);
script_name(english:"EulerOS 2.0 SP1 : xdg-user-dirs (EulerOS-SA-2018-1024)");
script_summary(english:"Checks the rpm output for the updated package.");
script_set_attribute(attribute:"synopsis", value:
"The remote EulerOS host is missing a security update.");
script_set_attribute(attribute:"description", value:
"According to the version of the xdg-user-dirs package installed, the
EulerOS installation on the remote host is affected by the following
vulnerability :
- It was found that the system umask policy is not being
honored when creating XDG user directories (~/Desktop
etc) on first login. This could lead to user's files
being inadvertently exposed to other local
users.(CVE-2017-15131)
Note that Tenable Network Security has extracted the preceding
description block directly from the EulerOS security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.");
# https://developer.huawei.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2018-1024
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?ba8fd837");
script_set_attribute(attribute:"solution", value:
"Update the affected xdg-user-dirs package.");
script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"patch_publication_date", value:"2018/01/17");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:xdg-user-dirs");
script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0");
script_set_attribute(attribute:"plugin_publication_date", value:"2018/01/19");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Huawei Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp");
script_exclude_keys("Host/EulerOS/uvp_version");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/EulerOS/release");
if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0");
sp = get_kb_item("Host/EulerOS/sp");
if (isnull(sp) || sp !~ "^(1)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP1");
uvp = get_kb_item("Host/EulerOS/uvp_version");
if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP1", "EulerOS UVP " + uvp);
if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
flag = 0;
pkgs = ["xdg-user-dirs-0.15-4.h1"];
foreach (pkg in pkgs)
if (rpm_check(release:"EulerOS-2.0", sp:"1", reference:pkg)) flag++;
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : rpm_report_get()
);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "xdg-user-dirs");
}
{"id": "EULEROS_SA-2018-1024.NASL", "bulletinFamily": "scanner", "title": "EulerOS 2.0 SP1 : xdg-user-dirs (EulerOS-SA-2018-1024)", "description": "According to the version of the xdg-user-dirs package installed, the EulerOS installation on the remote host is affected by the following vulnerability :\n\n - It was found that the system umask policy is not being honored when creating XDG user directories (~/Desktop etc) on first login. This could lead to user's files being inadvertently exposed to other local users.(CVE-2017-15131)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2018-01-19T00:00:00", "modified": "2018-11-13T00:00:00", "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=106165", "reporter": "Tenable", "references": ["http://www.nessus.org/u?ba8fd837"], "cvelist": ["CVE-2017-15131"], "type": "nessus", "lastseen": "2019-02-21T01:35:48", "history": [{"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:huawei:euleros:xdg-user-dirs", "cpe:/o:huawei:euleros:2.0"], "cvelist": ["CVE-2017-15131"], "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "According to the version of the xdg-user-dirs package installed, the EulerOS installation on the remote host is affected by the following vulnerability :\n\n - It was found that the system umask policy is not being honored when creating XDG user directories (~/Desktop etc) on first login. This could lead to user's files being inadvertently exposed to other local users.(CVE-2017-15131)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 3, "enchantments": {"score": {"value": 7.2, "vector": "NONE"}}, "hash": "986bed40ce0887d41e60442ef5368e7dca286221af706ba0abc581fb915e7fec", "hashmap": [{"hash": "7802a0c565901f489a8f5f8225f8127d", "key": "modified"}, {"hash": "a81f098be1c188ba4c295426f661bba7", "key": "cvelist"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "c9573c7a3031dd9ef2fc86c6a65d690d", "key": "title"}, {"hash": "8acef1c33f73aafdb7cffe84eda8c2b1", "key": "published"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "292f2e293571b0e70e3182b615982dad", "key": "cvss"}, {"hash": "cd48dab648812b7d5056e96cef7a607f", "key": "description"}, {"hash": "67933a273737791ab6f71e29a2605c31", "key": "naslFamily"}, {"hash": "554754603497580ed444c19ca2f3f90c", "key": "href"}, {"hash": "839423d5d809969e303f401e6888f62f", "key": "references"}, {"hash": "641c9522d174829ea7e12b235db1ae6c", "key": "cpe"}, {"hash": "4bf555a622c5def722ea81e24c7080e6", "key": "pluginID"}, {"hash": "823fad1e705fee64acdccf79e2b9b60a", "key": "sourceData"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=106165", "id": "EULEROS_SA-2018-1024.NASL", "lastseen": "2018-02-06T23:18:33", "modified": "2018-02-06T00:00:00", "naslFamily": "Huawei Local Security Checks", "objectVersion": "1.3", "pluginID": "106165", "published": "2018-01-19T00:00:00", "references": ["http://www.nessus.org/u?0ff27e1c"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(106165);\n script_version(\"$Revision: 3.2 $\");\n script_cvs_date(\"$Date: 2018/02/06 15:04:18 $\");\n\n script_cve_id(\n \"CVE-2017-15131\"\n );\n script_osvdb_id(\n 172311\n );\n\n script_name(english:\"EulerOS 2.0 SP1 : xdg-user-dirs (EulerOS-SA-2018-1024)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the xdg-user-dirs package installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerability :\n\n - It was found that the system umask policy is not being\n honored when creating XDG user directories (~/Desktop\n etc) on first login. This could lead to user's files\n being inadvertently exposed to other local\n users.(CVE-2017-15131)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # http://developer.huawei.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2018-1024\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?0ff27e1c\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected xdg-user-dirs package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/01/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:xdg-user-dirs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(1)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP1\");\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\n\nflag = 0;\n\npkgs = [\"xdg-user-dirs-0.15-4.h1\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"1\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xdg-user-dirs\");\n}\n", "title": "EulerOS 2.0 SP1 : xdg-user-dirs (EulerOS-SA-2018-1024)", "type": "nessus", "viewCount": 0}, "differentElements": ["modified", "sourceData"], "edition": 3, "lastseen": "2018-02-06T23:18:33"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:huawei:euleros:xdg-user-dirs", "cpe:/o:huawei:euleros:2.0"], "cvelist": ["CVE-2017-15131"], "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "According to the version of the xdg-user-dirs package installed, the EulerOS installation on the remote host is affected by the following vulnerability :\n\n - It was found that the system umask policy is not being honored when creating XDG user directories (~/Desktop etc) on first login. This could lead to user's files being inadvertently exposed to other local users.(CVE-2017-15131)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 6, "enchantments": {"score": {"value": 7.2, "vector": "NONE"}}, "hash": "06742385c3dfa21d156532899df1a613c55ab77fc7e684a424a8abae93c7463e", "hashmap": [{"hash": "a81f098be1c188ba4c295426f661bba7", "key": "cvelist"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "4867c03e6d12c34bfe39d32c38729b6e", "key": "modified"}, {"hash": "c9573c7a3031dd9ef2fc86c6a65d690d", "key": "title"}, {"hash": "8acef1c33f73aafdb7cffe84eda8c2b1", "key": "published"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "292f2e293571b0e70e3182b615982dad", "key": "cvss"}, {"hash": "cd48dab648812b7d5056e96cef7a607f", "key": "description"}, {"hash": "67933a273737791ab6f71e29a2605c31", "key": "naslFamily"}, {"hash": "554754603497580ed444c19ca2f3f90c", "key": "href"}, {"hash": "839423d5d809969e303f401e6888f62f", "key": "references"}, {"hash": "641c9522d174829ea7e12b235db1ae6c", "key": "cpe"}, {"hash": "2e08e499a3e52d08da795428efbf3492", "key": "sourceData"}, {"hash": "4bf555a622c5def722ea81e24c7080e6", "key": "pluginID"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=106165", "id": "EULEROS_SA-2018-1024.NASL", "lastseen": "2018-07-01T14:23:41", "modified": "2018-06-29T00:00:00", "naslFamily": "Huawei Local Security Checks", "objectVersion": "1.3", "pluginID": "106165", "published": "2018-01-19T00:00:00", "references": ["http://www.nessus.org/u?0ff27e1c"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(106165);\n script_version(\"3.5\");\n script_cvs_date(\"Date: 2018/06/29 12:01:01\");\n\n script_cve_id(\n \"CVE-2017-15131\"\n );\n\n script_name(english:\"EulerOS 2.0 SP1 : xdg-user-dirs (EulerOS-SA-2018-1024)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the xdg-user-dirs package installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerability :\n\n - It was found that the system umask policy is not being\n honored when creating XDG user directories (~/Desktop\n etc) on first login. This could lead to user's files\n being inadvertently exposed to other local\n users.(CVE-2017-15131)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # http://developer.huawei.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2018-1024\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?0ff27e1c\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected xdg-user-dirs package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/01/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:xdg-user-dirs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(1)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP1\");\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\n\nflag = 0;\n\npkgs = [\"xdg-user-dirs-0.15-4.h1\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"1\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xdg-user-dirs\");\n}\n", "title": "EulerOS 2.0 SP1 : xdg-user-dirs (EulerOS-SA-2018-1024)", "type": "nessus", "viewCount": 0}, "differentElements": ["modified", "sourceData"], "edition": 6, "lastseen": "2018-07-01T14:23:41"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:huawei:euleros:xdg-user-dirs", "cpe:/o:huawei:euleros:2.0"], "cvelist": ["CVE-2017-15131"], "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "According to the version of the xdg-user-dirs package installed, the EulerOS installation on the remote host is affected by the following vulnerability :\n\n - It was found that the system umask policy is not being honored when creating XDG user directories (~/Desktop etc) on first login. This could lead to user's files being inadvertently exposed to other local users.(CVE-2017-15131)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 10, "enchantments": {"score": {"value": 7.2, "vector": "NONE"}}, "hash": "6ff249b7b5451bcfcbf6407d042843907c6f7af9ee42e783cfb34c5d8b40b26f", "hashmap": [{"hash": "9c6fe61712654f56360b12011e3de300", "key": "modified"}, {"hash": "a81f098be1c188ba4c295426f661bba7", "key": "cvelist"}, {"hash": "c3321c0232cad7909d10184b7573dd71", "key": "sourceData"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "c9573c7a3031dd9ef2fc86c6a65d690d", "key": "title"}, {"hash": "8acef1c33f73aafdb7cffe84eda8c2b1", "key": "published"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "292f2e293571b0e70e3182b615982dad", "key": "cvss"}, {"hash": "cd48dab648812b7d5056e96cef7a607f", "key": "description"}, {"hash": "67933a273737791ab6f71e29a2605c31", "key": "naslFamily"}, {"hash": "554754603497580ed444c19ca2f3f90c", "key": "href"}, {"hash": "839423d5d809969e303f401e6888f62f", "key": "references"}, {"hash": "641c9522d174829ea7e12b235db1ae6c", "key": "cpe"}, {"hash": "4bf555a622c5def722ea81e24c7080e6", "key": "pluginID"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=106165", "id": "EULEROS_SA-2018-1024.NASL", "lastseen": "2018-08-11T05:35:38", "modified": "2018-08-10T00:00:00", "naslFamily": "Huawei Local Security Checks", "objectVersion": "1.3", "pluginID": "106165", "published": "2018-01-19T00:00:00", "references": ["http://www.nessus.org/u?0ff27e1c"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(106165);\n script_version(\"3.7\");\n script_cvs_date(\"Date: 2018/08/10 15:55:08\");\n\n script_cve_id(\n \"CVE-2017-15131\"\n );\n\n script_name(english:\"EulerOS 2.0 SP1 : xdg-user-dirs (EulerOS-SA-2018-1024)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the xdg-user-dirs package installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerability :\n\n - It was found that the system umask policy is not being\n honored when creating XDG user directories (~/Desktop\n etc) on first login. This could lead to user's files\n being inadvertently exposed to other local\n users.(CVE-2017-15131)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # http://developer.huawei.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2018-1024\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?0ff27e1c\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected xdg-user-dirs package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/01/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:xdg-user-dirs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(1)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP1\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP1\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\n\nflag = 0;\n\npkgs = [\"xdg-user-dirs-0.15-4.h1\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"1\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xdg-user-dirs\");\n}\n", "title": "EulerOS 2.0 SP1 : xdg-user-dirs (EulerOS-SA-2018-1024)", "type": "nessus", "viewCount": 0}, "differentElements": ["modified", "sourceData"], "edition": 10, "lastseen": "2018-08-11T05:35:38"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:huawei:euleros:xdg-user-dirs", "cpe:/o:huawei:euleros:2.0"], "cvelist": ["CVE-2017-15131"], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "According to the version of the xdg-user-dirs package installed, the EulerOS installation on the remote host is affected by the following vulnerability :\n\n - It was found that the system umask policy is not being honored when creating XDG user directories (~/Desktop etc) on first login. This could lead to user's files being inadvertently exposed to other local users.(CVE-2017-15131)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 12, "enchantments": {"score": {"value": 7.2, "vector": "NONE"}}, "hash": "dd5383896947619979f014f8cbe18f55a4b1999e8014e6e130599186fa4f1840", "hashmap": [{"hash": "a81f098be1c188ba4c295426f661bba7", "key": "cvelist"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "c9573c7a3031dd9ef2fc86c6a65d690d", "key": "title"}, {"hash": "8acef1c33f73aafdb7cffe84eda8c2b1", "key": "published"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "e0cf19c0280a82d2093ffdbdac409b9a", "key": "sourceData"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "cd48dab648812b7d5056e96cef7a607f", "key": "description"}, {"hash": "67933a273737791ab6f71e29a2605c31", "key": "naslFamily"}, {"hash": "554754603497580ed444c19ca2f3f90c", "key": "href"}, {"hash": "839423d5d809969e303f401e6888f62f", "key": "references"}, {"hash": "641c9522d174829ea7e12b235db1ae6c", "key": "cpe"}, {"hash": "9149a22260fc1d53e70d45431375b806", "key": "modified"}, {"hash": "4bf555a622c5def722ea81e24c7080e6", "key": "pluginID"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=106165", "id": "EULEROS_SA-2018-1024.NASL", "lastseen": "2018-08-30T19:56:19", "modified": "2018-08-29T00:00:00", "naslFamily": "Huawei Local Security Checks", "objectVersion": "1.3", "pluginID": "106165", "published": "2018-01-19T00:00:00", "references": ["http://www.nessus.org/u?0ff27e1c"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(106165);\n script_version(\"3.8\");\n script_cvs_date(\"Date: 2018/08/29 12:45:30\");\n\n script_cve_id(\n \"CVE-2017-15131\"\n );\n\n script_name(english:\"EulerOS 2.0 SP1 : xdg-user-dirs (EulerOS-SA-2018-1024)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the xdg-user-dirs package installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerability :\n\n - It was found that the system umask policy is not being\n honored when creating XDG user directories (~/Desktop\n etc) on first login. This could lead to user's files\n being inadvertently exposed to other local\n users.(CVE-2017-15131)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # http://developer.huawei.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2018-1024\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?0ff27e1c\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected xdg-user-dirs package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/01/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:xdg-user-dirs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(1)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP1\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP1\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\n\nflag = 0;\n\npkgs = [\"xdg-user-dirs-0.15-4.h1\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"1\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xdg-user-dirs\");\n}\n", "title": "EulerOS 2.0 SP1 : xdg-user-dirs (EulerOS-SA-2018-1024)", "type": "nessus", "viewCount": 0}, "differentElements": ["cvss"], "edition": 12, "lastseen": "2018-08-30T19:56:19"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:huawei:euleros:xdg-user-dirs", "cpe:/o:huawei:euleros:2.0"], "cvelist": ["CVE-2017-15131"], "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "According to the version of the xdg-user-dirs package installed, the EulerOS installation on the remote host is affected by the following vulnerability :\n\n - It was found that the system umask policy is not being honored when creating XDG user directories (~/Desktop etc) on first login. This could lead to user's files being inadvertently exposed to other local users.(CVE-2017-15131)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 7, "enchantments": {"score": {"value": 7.2, "vector": "NONE"}}, "hash": "e1728931f8d7ab997e0cb1f735529f634027b241f601a3ae8a019b1c9c9901bd", "hashmap": [{"hash": "a81f098be1c188ba4c295426f661bba7", "key": "cvelist"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "ac27afcbd9b6ee9f8372397b6703c03c", "key": "modified"}, {"hash": "40062323ce30bb4d2d1441e8a501ec94", "key": "sourceData"}, {"hash": "c9573c7a3031dd9ef2fc86c6a65d690d", "key": "title"}, {"hash": "8acef1c33f73aafdb7cffe84eda8c2b1", "key": "published"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "292f2e293571b0e70e3182b615982dad", "key": "cvss"}, {"hash": "cd48dab648812b7d5056e96cef7a607f", "key": "description"}, {"hash": "67933a273737791ab6f71e29a2605c31", "key": "naslFamily"}, {"hash": "554754603497580ed444c19ca2f3f90c", "key": "href"}, {"hash": "839423d5d809969e303f401e6888f62f", "key": "references"}, {"hash": "641c9522d174829ea7e12b235db1ae6c", "key": "cpe"}, {"hash": "4bf555a622c5def722ea81e24c7080e6", "key": "pluginID"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=106165", "id": "EULEROS_SA-2018-1024.NASL", "lastseen": "2018-07-18T14:25:36", "modified": "2018-07-17T00:00:00", "naslFamily": "Huawei Local Security Checks", "objectVersion": "1.3", "pluginID": "106165", "published": "2018-01-19T00:00:00", "references": ["http://www.nessus.org/u?0ff27e1c"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(106165);\n script_version(\"3.6\");\n script_cvs_date(\"Date: 2018/07/17 12:00:07\");\n\n script_cve_id(\n \"CVE-2017-15131\"\n );\n\n script_name(english:\"EulerOS 2.0 SP1 : xdg-user-dirs (EulerOS-SA-2018-1024)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the xdg-user-dirs package installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerability :\n\n - It was found that the system umask policy is not being\n honored when creating XDG user directories (~/Desktop\n etc) on first login. This could lead to user's files\n being inadvertently exposed to other local\n users.(CVE-2017-15131)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # http://developer.huawei.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2018-1024\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?0ff27e1c\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected xdg-user-dirs package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/01/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:xdg-user-dirs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(1)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP1\");\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\n\nflag = 0;\n\npkgs = [\"xdg-user-dirs-0.15-4.h1\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"1\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xdg-user-dirs\");\n}\n", "title": "EulerOS 2.0 SP1 : xdg-user-dirs (EulerOS-SA-2018-1024)", "type": "nessus", "viewCount": 0}, "differentElements": ["modified", "sourceData"], "edition": 7, "lastseen": "2018-07-18T14:25:36"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:huawei:euleros:xdg-user-dirs", "cpe:/o:huawei:euleros:2.0"], "cvelist": ["CVE-2017-15131"], "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "According to the version of the xdg-user-dirs package installed, the EulerOS installation on the remote host is affected by the following vulnerability :\n\n - It was found that the system umask policy is not being honored when creating XDG user directories (~/Desktop etc) on first login. This could lead to user's files being inadvertently exposed to other local users.(CVE-2017-15131)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 8, "enchantments": {"score": {"value": 7.2, "vector": "NONE"}}, "hash": "06742385c3dfa21d156532899df1a613c55ab77fc7e684a424a8abae93c7463e", "hashmap": [{"hash": "a81f098be1c188ba4c295426f661bba7", "key": "cvelist"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "4867c03e6d12c34bfe39d32c38729b6e", "key": "modified"}, {"hash": "c9573c7a3031dd9ef2fc86c6a65d690d", "key": "title"}, {"hash": "8acef1c33f73aafdb7cffe84eda8c2b1", "key": "published"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "292f2e293571b0e70e3182b615982dad", "key": "cvss"}, {"hash": "cd48dab648812b7d5056e96cef7a607f", "key": "description"}, {"hash": "67933a273737791ab6f71e29a2605c31", "key": "naslFamily"}, {"hash": "554754603497580ed444c19ca2f3f90c", "key": "href"}, {"hash": "839423d5d809969e303f401e6888f62f", "key": "references"}, {"hash": "641c9522d174829ea7e12b235db1ae6c", "key": "cpe"}, {"hash": "2e08e499a3e52d08da795428efbf3492", "key": "sourceData"}, {"hash": "4bf555a622c5def722ea81e24c7080e6", "key": "pluginID"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=106165", "id": "EULEROS_SA-2018-1024.NASL", "lastseen": "2018-07-19T06:39:17", "modified": "2018-06-29T00:00:00", "naslFamily": "Huawei Local Security Checks", "objectVersion": "1.3", "pluginID": "106165", "published": "2018-01-19T00:00:00", "references": ["http://www.nessus.org/u?0ff27e1c"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(106165);\n script_version(\"3.5\");\n script_cvs_date(\"Date: 2018/06/29 12:01:01\");\n\n script_cve_id(\n \"CVE-2017-15131\"\n );\n\n script_name(english:\"EulerOS 2.0 SP1 : xdg-user-dirs (EulerOS-SA-2018-1024)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the xdg-user-dirs package installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerability :\n\n - It was found that the system umask policy is not being\n honored when creating XDG user directories (~/Desktop\n etc) on first login. This could lead to user's files\n being inadvertently exposed to other local\n users.(CVE-2017-15131)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # http://developer.huawei.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2018-1024\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?0ff27e1c\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected xdg-user-dirs package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/01/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:xdg-user-dirs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(1)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP1\");\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\n\nflag = 0;\n\npkgs = [\"xdg-user-dirs-0.15-4.h1\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"1\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xdg-user-dirs\");\n}\n", "title": "EulerOS 2.0 SP1 : xdg-user-dirs (EulerOS-SA-2018-1024)", "type": "nessus", "viewCount": 0}, "differentElements": ["modified", "sourceData"], "edition": 8, "lastseen": "2018-07-19T06:39:17"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:huawei:euleros:xdg-user-dirs", "cpe:/o:huawei:euleros:2.0"], "cvelist": ["CVE-2017-15131"], "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "According to the version of the xdg-user-dirs package installed, the EulerOS installation on the remote host is affected by the following vulnerability :\n\n - It was found that the system umask policy is not being honored when creating XDG user directories (~/Desktop etc) on first login. This could lead to user's files being inadvertently exposed to other local users.(CVE-2017-15131)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 4, "enchantments": {"score": {"value": 7.2, "vector": "NONE"}}, "hash": "fcf0d2abf639f4396b790a5192c2cd42c28ba784f2eab785d7e0162d437ce62b", "hashmap": [{"hash": "e27d139a5b511fc7575e69493e937298", "key": "modified"}, {"hash": "a81f098be1c188ba4c295426f661bba7", "key": "cvelist"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "c9573c7a3031dd9ef2fc86c6a65d690d", "key": "title"}, {"hash": "8acef1c33f73aafdb7cffe84eda8c2b1", "key": "published"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "292f2e293571b0e70e3182b615982dad", "key": "cvss"}, {"hash": "cd48dab648812b7d5056e96cef7a607f", "key": "description"}, {"hash": "816b3f07d5ec89f14c249e51f1e9e82b", "key": "sourceData"}, {"hash": "67933a273737791ab6f71e29a2605c31", "key": "naslFamily"}, {"hash": "554754603497580ed444c19ca2f3f90c", "key": "href"}, {"hash": "839423d5d809969e303f401e6888f62f", "key": "references"}, {"hash": "641c9522d174829ea7e12b235db1ae6c", "key": "cpe"}, {"hash": "4bf555a622c5def722ea81e24c7080e6", "key": "pluginID"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=106165", "id": "EULEROS_SA-2018-1024.NASL", "lastseen": "2018-06-12T18:23:04", "modified": "2018-06-11T00:00:00", "naslFamily": "Huawei Local Security Checks", "objectVersion": "1.3", "pluginID": "106165", "published": "2018-01-19T00:00:00", "references": ["http://www.nessus.org/u?0ff27e1c"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(106165);\n script_version(\"3.3\");\n script_cvs_date(\"Date: 2018/06/11 20:44:36\");\n\n script_cve_id(\n \"CVE-2017-15131\"\n );\n\n script_name(english:\"EulerOS 2.0 SP1 : xdg-user-dirs (EulerOS-SA-2018-1024)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the xdg-user-dirs package installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerability :\n\n - It was found that the system umask policy is not being\n honored when creating XDG user directories (~/Desktop\n etc) on first login. This could lead to user's files\n being inadvertently exposed to other local\n users.(CVE-2017-15131)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # http://developer.huawei.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2018-1024\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?0ff27e1c\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected xdg-user-dirs package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/01/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:xdg-user-dirs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(1)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP1\");\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\n\nflag = 0;\n\npkgs = [\"xdg-user-dirs-0.15-4.h1\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"1\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xdg-user-dirs\");\n}\n", "title": "EulerOS 2.0 SP1 : xdg-user-dirs (EulerOS-SA-2018-1024)", "type": "nessus", "viewCount": 0}, "differentElements": ["modified", "sourceData"], "edition": 4, "lastseen": "2018-06-12T18:23:04"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:huawei:euleros:xdg-user-dirs", "cpe:/o:huawei:euleros:2.0"], "cvelist": ["CVE-2017-15131"], "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "According to the version of the xdg-user-dirs package installed, the EulerOS installation on the remote host is affected by the following vulnerability :\n\n - It was found that the system umask policy is not being honored when creating XDG user directories (~/Desktop etc) on first login. This could lead to user's files being inadvertently exposed to other local users.(CVE-2017-15131)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 9, "enchantments": {"score": {"value": 7.2, "vector": "NONE"}}, "hash": "e1728931f8d7ab997e0cb1f735529f634027b241f601a3ae8a019b1c9c9901bd", "hashmap": [{"hash": "a81f098be1c188ba4c295426f661bba7", "key": "cvelist"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "ac27afcbd9b6ee9f8372397b6703c03c", "key": "modified"}, {"hash": "40062323ce30bb4d2d1441e8a501ec94", "key": "sourceData"}, {"hash": "c9573c7a3031dd9ef2fc86c6a65d690d", "key": "title"}, {"hash": "8acef1c33f73aafdb7cffe84eda8c2b1", "key": "published"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "292f2e293571b0e70e3182b615982dad", "key": "cvss"}, {"hash": "cd48dab648812b7d5056e96cef7a607f", "key": "description"}, {"hash": "67933a273737791ab6f71e29a2605c31", "key": "naslFamily"}, {"hash": "554754603497580ed444c19ca2f3f90c", "key": "href"}, {"hash": "839423d5d809969e303f401e6888f62f", "key": "references"}, {"hash": "641c9522d174829ea7e12b235db1ae6c", "key": "cpe"}, {"hash": "4bf555a622c5def722ea81e24c7080e6", "key": "pluginID"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=106165", "id": "EULEROS_SA-2018-1024.NASL", "lastseen": "2018-07-21T08:33:56", "modified": "2018-07-17T00:00:00", "naslFamily": "Huawei Local Security Checks", "objectVersion": "1.3", "pluginID": "106165", "published": "2018-01-19T00:00:00", "references": ["http://www.nessus.org/u?0ff27e1c"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(106165);\n script_version(\"3.6\");\n script_cvs_date(\"Date: 2018/07/17 12:00:07\");\n\n script_cve_id(\n \"CVE-2017-15131\"\n );\n\n script_name(english:\"EulerOS 2.0 SP1 : xdg-user-dirs (EulerOS-SA-2018-1024)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the xdg-user-dirs package installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerability :\n\n - It was found that the system umask policy is not being\n honored when creating XDG user directories (~/Desktop\n etc) on first login. This could lead to user's files\n being inadvertently exposed to other local\n users.(CVE-2017-15131)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # http://developer.huawei.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2018-1024\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?0ff27e1c\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected xdg-user-dirs package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/01/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:xdg-user-dirs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(1)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP1\");\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\n\nflag = 0;\n\npkgs = [\"xdg-user-dirs-0.15-4.h1\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"1\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xdg-user-dirs\");\n}\n", "title": "EulerOS 2.0 SP1 : xdg-user-dirs (EulerOS-SA-2018-1024)", "type": "nessus", "viewCount": 0}, "differentElements": ["modified", "sourceData"], "edition": 9, "lastseen": "2018-07-21T08:33:56"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:huawei:euleros:xdg-user-dirs", "cpe:/o:huawei:euleros:2.0"], "cvelist": ["CVE-2017-15131"], "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "According to the version of the xdg-user-dirs package installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerability :\n\n - It was found that the system umask policy is not being\n honored when creating XDG user directories (~/Desktop\n etc) on first login. This could lead to user's files\n being inadvertently exposed to other local\n users.(CVE-2017-15131)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 15, "enchantments": {"dependencies": {"modified": "2019-01-16T20:31:45", "references": [{"idList": ["CVE-2017-15131"], "type": "cve"}, {"idList": ["ORACLELINUX_ELSA-2018-0842.NASL", "EULEROS_SA-2018-1025.NASL", "CENTOS_RHSA-2018-0842.NASL", "REDHAT-RHSA-2018-0842.NASL", "EULEROS_SA-2018-1181.NASL", "AL2_ALAS-2018-1030.NASL", "SL_20180410_XDG_USER_DIRS_ON_SL7_X.NASL"], "type": "nessus"}, {"idList": ["RHSA-2018:0842"], "type": "redhat"}, {"idList": ["ELSA-2018-0842"], "type": "oraclelinux"}]}, "score": {"value": 7.2, "vector": "NONE"}}, "hash": "0ea9508c0a0f633bbde37c4d19a5e49053f491fdc916d84ab9d930bab53a7e4d", "hashmap": [{"hash": "a81f098be1c188ba4c295426f661bba7", "key": "cvelist"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "37f2f11b4131823c521e8223abdd4e70", "key": "references"}, {"hash": "93952fca99b4cc8c6e3fff6d34c67792", "key": "description"}, {"hash": "c9573c7a3031dd9ef2fc86c6a65d690d", "key": "title"}, {"hash": "8acef1c33f73aafdb7cffe84eda8c2b1", "key": "published"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "292f2e293571b0e70e3182b615982dad", "key": "cvss"}, {"hash": "900a490efd6e1d04fe0780aba8408eb9", "key": "modified"}, {"hash": "67933a273737791ab6f71e29a2605c31", "key": "naslFamily"}, {"hash": "554754603497580ed444c19ca2f3f90c", "key": "href"}, {"hash": "641c9522d174829ea7e12b235db1ae6c", "key": "cpe"}, {"hash": "4bf555a622c5def722ea81e24c7080e6", "key": "pluginID"}, {"hash": "b0d37824139f6cc04601d4e75829eef1", "key": "sourceData"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=106165", "id": "EULEROS_SA-2018-1024.NASL", "lastseen": "2019-01-16T20:31:45", "modified": "2018-11-13T00:00:00", "naslFamily": "Huawei Local Security Checks", "objectVersion": "1.3", "pluginID": "106165", "published": "2018-01-19T00:00:00", "references": ["http://www.nessus.org/u?ba8fd837"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(106165);\n script_version(\"3.9\");\n script_cvs_date(\"Date: 2018/11/13 12:30:47\");\n\n script_cve_id(\n \"CVE-2017-15131\"\n );\n\n script_name(english:\"EulerOS 2.0 SP1 : xdg-user-dirs (EulerOS-SA-2018-1024)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the xdg-user-dirs package installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerability :\n\n - It was found that the system umask policy is not being\n honored when creating XDG user directories (~/Desktop\n etc) on first login. This could lead to user's files\n being inadvertently exposed to other local\n users.(CVE-2017-15131)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huawei.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2018-1024\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?ba8fd837\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected xdg-user-dirs package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/01/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:xdg-user-dirs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(1)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP1\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP1\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\n\nflag = 0;\n\npkgs = [\"xdg-user-dirs-0.15-4.h1\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"1\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xdg-user-dirs\");\n}\n", "title": "EulerOS 2.0 SP1 : xdg-user-dirs (EulerOS-SA-2018-1024)", "type": "nessus", "viewCount": 0}, "differentElements": ["description"], "edition": 15, "lastseen": "2019-01-16T20:31:45"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:huawei:euleros:xdg-user-dirs", "cpe:/o:huawei:euleros:2.0"], "cvelist": ["CVE-2017-15131"], "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "According to the version of the xdg-user-dirs package installed, the EulerOS installation on the remote host is affected by the following vulnerability :\n\n - It was found that the system umask policy is not being honored when creating XDG user directories (~/Desktop etc) on first login. This could lead to user's files being inadvertently exposed to other local users.(CVE-2017-15131)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 11, "enchantments": {"score": {"value": 7.2, "vector": "NONE"}}, "hash": "ac71f725571c28d4661d8cbde24aa3e488b6a21ab372d91a2826c058f3ee3449", "hashmap": [{"hash": "a81f098be1c188ba4c295426f661bba7", "key": "cvelist"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "c9573c7a3031dd9ef2fc86c6a65d690d", "key": "title"}, {"hash": "8acef1c33f73aafdb7cffe84eda8c2b1", "key": "published"}, {"hash": "e0cf19c0280a82d2093ffdbdac409b9a", "key": "sourceData"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "292f2e293571b0e70e3182b615982dad", "key": "cvss"}, {"hash": "cd48dab648812b7d5056e96cef7a607f", "key": "description"}, {"hash": "67933a273737791ab6f71e29a2605c31", "key": "naslFamily"}, {"hash": "554754603497580ed444c19ca2f3f90c", "key": "href"}, {"hash": "839423d5d809969e303f401e6888f62f", "key": "references"}, {"hash": "641c9522d174829ea7e12b235db1ae6c", "key": "cpe"}, {"hash": "9149a22260fc1d53e70d45431375b806", "key": "modified"}, {"hash": "4bf555a622c5def722ea81e24c7080e6", "key": "pluginID"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=106165", "id": "EULEROS_SA-2018-1024.NASL", "lastseen": "2018-08-30T06:08:28", "modified": "2018-08-29T00:00:00", "naslFamily": "Huawei Local Security Checks", "objectVersion": "1.3", "pluginID": "106165", "published": "2018-01-19T00:00:00", "references": ["http://www.nessus.org/u?0ff27e1c"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(106165);\n script_version(\"3.8\");\n script_cvs_date(\"Date: 2018/08/29 12:45:30\");\n\n script_cve_id(\n \"CVE-2017-15131\"\n );\n\n script_name(english:\"EulerOS 2.0 SP1 : xdg-user-dirs (EulerOS-SA-2018-1024)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the xdg-user-dirs package installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerability :\n\n - It was found that the system umask policy is not being\n honored when creating XDG user directories (~/Desktop\n etc) on first login. This could lead to user's files\n being inadvertently exposed to other local\n users.(CVE-2017-15131)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # http://developer.huawei.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2018-1024\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?0ff27e1c\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected xdg-user-dirs package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/01/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:xdg-user-dirs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(1)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP1\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP1\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\n\nflag = 0;\n\npkgs = [\"xdg-user-dirs-0.15-4.h1\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"1\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xdg-user-dirs\");\n}\n", "title": "EulerOS 2.0 SP1 : xdg-user-dirs (EulerOS-SA-2018-1024)", "type": "nessus", "viewCount": 0}, "differentElements": ["cvss"], "edition": 11, "lastseen": "2018-08-30T06:08:28"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:huawei:euleros:xdg-user-dirs", "cpe:/o:huawei:euleros:2.0"], "cvelist": ["CVE-2017-15131"], "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "According to the version of the xdg-user-dirs package installed, the EulerOS installation on the remote host is affected by the following vulnerability :\n\n - It was found that the system umask policy is not being honored when creating XDG user directories (~/Desktop etc) on first login. This could lead to user's files being inadvertently exposed to other local users.(CVE-2017-15131)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 13, "enchantments": {"score": {"value": 7.2, "vector": "NONE"}}, "hash": "ac71f725571c28d4661d8cbde24aa3e488b6a21ab372d91a2826c058f3ee3449", "hashmap": [{"hash": "a81f098be1c188ba4c295426f661bba7", "key": "cvelist"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "c9573c7a3031dd9ef2fc86c6a65d690d", "key": "title"}, {"hash": "8acef1c33f73aafdb7cffe84eda8c2b1", "key": "published"}, {"hash": "e0cf19c0280a82d2093ffdbdac409b9a", "key": "sourceData"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "292f2e293571b0e70e3182b615982dad", "key": "cvss"}, {"hash": "cd48dab648812b7d5056e96cef7a607f", "key": "description"}, {"hash": "67933a273737791ab6f71e29a2605c31", "key": "naslFamily"}, {"hash": "554754603497580ed444c19ca2f3f90c", "key": "href"}, {"hash": "839423d5d809969e303f401e6888f62f", "key": "references"}, {"hash": "641c9522d174829ea7e12b235db1ae6c", "key": "cpe"}, {"hash": "9149a22260fc1d53e70d45431375b806", "key": "modified"}, {"hash": "4bf555a622c5def722ea81e24c7080e6", "key": "pluginID"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=106165", "id": "EULEROS_SA-2018-1024.NASL", "lastseen": "2018-09-02T00:07:33", "modified": "2018-08-29T00:00:00", "naslFamily": "Huawei Local Security Checks", "objectVersion": "1.3", "pluginID": "106165", "published": "2018-01-19T00:00:00", "references": ["http://www.nessus.org/u?0ff27e1c"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(106165);\n script_version(\"3.8\");\n script_cvs_date(\"Date: 2018/08/29 12:45:30\");\n\n script_cve_id(\n \"CVE-2017-15131\"\n );\n\n script_name(english:\"EulerOS 2.0 SP1 : xdg-user-dirs (EulerOS-SA-2018-1024)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the xdg-user-dirs package installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerability :\n\n - It was found that the system umask policy is not being\n honored when creating XDG user directories (~/Desktop\n etc) on first login. This could lead to user's files\n being inadvertently exposed to other local\n users.(CVE-2017-15131)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # http://developer.huawei.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2018-1024\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?0ff27e1c\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected xdg-user-dirs package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/01/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:xdg-user-dirs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(1)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP1\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP1\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\n\nflag = 0;\n\npkgs = [\"xdg-user-dirs-0.15-4.h1\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"1\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xdg-user-dirs\");\n}\n", "title": "EulerOS 2.0 SP1 : xdg-user-dirs (EulerOS-SA-2018-1024)", "type": "nessus", "viewCount": 0}, "differentElements": ["references", "modified", "sourceData"], "edition": 13, "lastseen": "2018-09-02T00:07:33"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:huawei:euleros:xdg-user-dirs", "cpe:/o:huawei:euleros:2.0"], "cvelist": ["CVE-2017-15131"], "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "According to the version of the xdg-user-dirs package installed, the EulerOS installation on the remote host is affected by the following vulnerability :\n\n - It was found that the system umask policy is not being honored when creating XDG user directories (~/Desktop etc) on first login. This could lead to user's files being inadvertently exposed to other local users.(CVE-2017-15131)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 14, "enchantments": {"score": {"value": 7.2, "vector": "NONE"}}, "hash": "57dc3e06fe81ad09d022df3d68f5af49d577b1e9b65551604591c9cb1ce8df25", "hashmap": [{"hash": "a81f098be1c188ba4c295426f661bba7", "key": "cvelist"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "37f2f11b4131823c521e8223abdd4e70", "key": "references"}, {"hash": "c9573c7a3031dd9ef2fc86c6a65d690d", "key": "title"}, {"hash": "8acef1c33f73aafdb7cffe84eda8c2b1", "key": "published"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "292f2e293571b0e70e3182b615982dad", "key": "cvss"}, {"hash": "900a490efd6e1d04fe0780aba8408eb9", "key": "modified"}, {"hash": "cd48dab648812b7d5056e96cef7a607f", "key": "description"}, {"hash": "67933a273737791ab6f71e29a2605c31", "key": "naslFamily"}, {"hash": "554754603497580ed444c19ca2f3f90c", "key": "href"}, {"hash": "641c9522d174829ea7e12b235db1ae6c", "key": "cpe"}, {"hash": "4bf555a622c5def722ea81e24c7080e6", "key": "pluginID"}, {"hash": "b0d37824139f6cc04601d4e75829eef1", "key": "sourceData"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=106165", "id": "EULEROS_SA-2018-1024.NASL", "lastseen": "2018-11-14T03:11:27", "modified": "2018-11-13T00:00:00", "naslFamily": "Huawei Local Security Checks", "objectVersion": "1.3", "pluginID": "106165", "published": "2018-01-19T00:00:00", "references": ["http://www.nessus.org/u?ba8fd837"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(106165);\n script_version(\"3.9\");\n script_cvs_date(\"Date: 2018/11/13 12:30:47\");\n\n script_cve_id(\n \"CVE-2017-15131\"\n );\n\n script_name(english:\"EulerOS 2.0 SP1 : xdg-user-dirs (EulerOS-SA-2018-1024)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the xdg-user-dirs package installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerability :\n\n - It was found that the system umask policy is not being\n honored when creating XDG user directories (~/Desktop\n etc) on first login. This could lead to user's files\n being inadvertently exposed to other local\n users.(CVE-2017-15131)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huawei.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2018-1024\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?ba8fd837\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected xdg-user-dirs package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/01/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:xdg-user-dirs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(1)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP1\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP1\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\n\nflag = 0;\n\npkgs = [\"xdg-user-dirs-0.15-4.h1\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"1\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xdg-user-dirs\");\n}\n", "title": "EulerOS 2.0 SP1 : xdg-user-dirs (EulerOS-SA-2018-1024)", "type": "nessus", "viewCount": 0}, "differentElements": ["description"], "edition": 14, "lastseen": "2018-11-14T03:11:27"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:huawei:euleros:xdg-user-dirs", "cpe:/o:huawei:euleros:2.0"], "cvelist": ["CVE-2017-15131"], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "According to the version of the xdg-user-dirs package installed, the EulerOS installation on the remote host is affected by the following vulnerability :\n\n - It was found that the system umask policy is not being honored when creating XDG user directories (~/Desktop etc) on first login. This could lead to user's files being inadvertently exposed to other local users.(CVE-2017-15131)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 1, "enchantments": {"score": {"modified": "2018-01-19T23:12:16", "value": 3.6}}, "hash": "49c4f230cb05e72d9415b39ee295f4285d36996112395e344addb72bca6ec7a8", "hashmap": [{"hash": "a81f098be1c188ba4c295426f661bba7", "key": "cvelist"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "cf9ce54fb147e7cacd51642f738f28d3", "key": "sourceData"}, {"hash": "c9573c7a3031dd9ef2fc86c6a65d690d", "key": "title"}, {"hash": "8acef1c33f73aafdb7cffe84eda8c2b1", "key": "published"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "8acef1c33f73aafdb7cffe84eda8c2b1", "key": "modified"}, {"hash": "cd48dab648812b7d5056e96cef7a607f", "key": "description"}, {"hash": "67933a273737791ab6f71e29a2605c31", "key": "naslFamily"}, {"hash": "554754603497580ed444c19ca2f3f90c", "key": "href"}, {"hash": "839423d5d809969e303f401e6888f62f", "key": "references"}, {"hash": "641c9522d174829ea7e12b235db1ae6c", "key": "cpe"}, {"hash": "4bf555a622c5def722ea81e24c7080e6", "key": "pluginID"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=106165", "id": "EULEROS_SA-2018-1024.NASL", "lastseen": "2018-01-19T23:12:16", "modified": "2018-01-19T00:00:00", "naslFamily": "Huawei Local Security Checks", "objectVersion": "1.3", "pluginID": "106165", "published": "2018-01-19T00:00:00", "references": ["http://www.nessus.org/u?0ff27e1c"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(106165);\n script_version(\"$Revision: 3.1 $\");\n script_cvs_date(\"$Date: 2018/01/19 14:26:49 $\");\n\n script_cve_id(\n \"CVE-2017-15131\"\n );\n script_osvdb_id(\n 172311\n );\n\n script_name(english:\"EulerOS 2.0 SP1 : xdg-user-dirs (EulerOS-SA-2018-1024)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the xdg-user-dirs package installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerability :\n\n - It was found that the system umask policy is not being\n honored when creating XDG user directories (~/Desktop\n etc) on first login. This could lead to user's files\n being inadvertently exposed to other local\n users.(CVE-2017-15131)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # http://developer.huawei.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2018-1024\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?0ff27e1c\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected xdg-user-dirs package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/01/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:xdg-user-dirs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(1)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP1\");\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\n\nflag = 0;\n\npkgs = [\"xdg-user-dirs-0.15-4.h1\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"1\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xdg-user-dirs\");\n}\n", "title": "EulerOS 2.0 SP1 : xdg-user-dirs (EulerOS-SA-2018-1024)", "type": "nessus", "viewCount": 0}, "differentElements": ["cvss"], "edition": 1, "lastseen": "2018-01-19T23:12:16"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:huawei:euleros:xdg-user-dirs", "cpe:/o:huawei:euleros:2.0"], "cvelist": ["CVE-2017-15131"], "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "According to the version of the xdg-user-dirs package installed, the EulerOS installation on the remote host is affected by the following vulnerability :\n\n - It was found that the system umask policy is not being honored when creating XDG user directories (~/Desktop etc) on first login. This could lead to user's files being inadvertently exposed to other local users.(CVE-2017-15131)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 2, "enchantments": {"score": {"modified": "2018-02-06T13:12:55", "value": 3.6}}, "hash": "a9115fed6496e979f9bf883beb8fe3a900fec66528db2c3e652715a49458d3a6", "hashmap": [{"hash": "a81f098be1c188ba4c295426f661bba7", "key": "cvelist"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "cf9ce54fb147e7cacd51642f738f28d3", "key": "sourceData"}, {"hash": "c9573c7a3031dd9ef2fc86c6a65d690d", "key": "title"}, {"hash": "8acef1c33f73aafdb7cffe84eda8c2b1", "key": "published"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "8acef1c33f73aafdb7cffe84eda8c2b1", "key": "modified"}, {"hash": "292f2e293571b0e70e3182b615982dad", "key": "cvss"}, {"hash": "cd48dab648812b7d5056e96cef7a607f", "key": "description"}, {"hash": "67933a273737791ab6f71e29a2605c31", "key": "naslFamily"}, {"hash": "554754603497580ed444c19ca2f3f90c", "key": "href"}, {"hash": "839423d5d809969e303f401e6888f62f", "key": "references"}, {"hash": "641c9522d174829ea7e12b235db1ae6c", "key": "cpe"}, {"hash": "4bf555a622c5def722ea81e24c7080e6", "key": "pluginID"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=106165", "id": "EULEROS_SA-2018-1024.NASL", "lastseen": "2018-02-06T13:12:55", "modified": "2018-01-19T00:00:00", "naslFamily": "Huawei Local Security Checks", "objectVersion": "1.3", "pluginID": "106165", "published": "2018-01-19T00:00:00", "references": ["http://www.nessus.org/u?0ff27e1c"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(106165);\n script_version(\"$Revision: 3.1 $\");\n script_cvs_date(\"$Date: 2018/01/19 14:26:49 $\");\n\n script_cve_id(\n \"CVE-2017-15131\"\n );\n script_osvdb_id(\n 172311\n );\n\n script_name(english:\"EulerOS 2.0 SP1 : xdg-user-dirs (EulerOS-SA-2018-1024)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the xdg-user-dirs package installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerability :\n\n - It was found that the system umask policy is not being\n honored when creating XDG user directories (~/Desktop\n etc) on first login. This could lead to user's files\n being inadvertently exposed to other local\n users.(CVE-2017-15131)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # http://developer.huawei.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2018-1024\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?0ff27e1c\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected xdg-user-dirs package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/01/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:xdg-user-dirs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(1)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP1\");\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\n\nflag = 0;\n\npkgs = [\"xdg-user-dirs-0.15-4.h1\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"1\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xdg-user-dirs\");\n}\n", "title": "EulerOS 2.0 SP1 : xdg-user-dirs (EulerOS-SA-2018-1024)", "type": "nessus", "viewCount": 0}, "differentElements": ["modified", "sourceData"], "edition": 2, "lastseen": "2018-02-06T13:12:55"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:huawei:euleros:xdg-user-dirs", "cpe:/o:huawei:euleros:2.0"], "cvelist": ["CVE-2017-15131"], "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "According to the version of the xdg-user-dirs package installed, the EulerOS installation on the remote host is affected by the following vulnerability :\n\n - It was found that the system umask policy is not being honored when creating XDG user directories (~/Desktop etc) on first login. This could lead to user's files being inadvertently exposed to other local users.(CVE-2017-15131)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 5, "enchantments": {"score": {"value": 7.2, "vector": "NONE"}}, "hash": "0d03700c63926b7266f8d8526cea22a7cf1557ee895c05705b319c2049f343e5", "hashmap": [{"hash": "a81f098be1c188ba4c295426f661bba7", "key": "cvelist"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "5299677d29a0b2004584ce465e834b3e", "key": "modified"}, {"hash": "c9573c7a3031dd9ef2fc86c6a65d690d", "key": "title"}, {"hash": "8acef1c33f73aafdb7cffe84eda8c2b1", "key": "published"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "e67419079ae68ee0dabbdd0c83971321", "key": "sourceData"}, {"hash": "292f2e293571b0e70e3182b615982dad", "key": "cvss"}, {"hash": "cd48dab648812b7d5056e96cef7a607f", "key": "description"}, {"hash": "67933a273737791ab6f71e29a2605c31", "key": "naslFamily"}, {"hash": "554754603497580ed444c19ca2f3f90c", "key": "href"}, {"hash": "839423d5d809969e303f401e6888f62f", "key": "references"}, {"hash": "641c9522d174829ea7e12b235db1ae6c", "key": "cpe"}, {"hash": "4bf555a622c5def722ea81e24c7080e6", "key": "pluginID"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=106165", "id": "EULEROS_SA-2018-1024.NASL", "lastseen": "2018-06-14T07:51:40", "modified": "2018-06-13T00:00:00", "naslFamily": "Huawei Local Security Checks", "objectVersion": "1.3", "pluginID": "106165", "published": "2018-01-19T00:00:00", "references": ["http://www.nessus.org/u?0ff27e1c"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(106165);\n script_version(\"3.4\");\n script_cvs_date(\"Date: 2018/06/13 12:12:20\");\n\n script_cve_id(\n \"CVE-2017-15131\"\n );\n\n script_name(english:\"EulerOS 2.0 SP1 : xdg-user-dirs (EulerOS-SA-2018-1024)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the xdg-user-dirs package installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerability :\n\n - It was found that the system umask policy is not being\n honored when creating XDG user directories (~/Desktop\n etc) on first login. This could lead to user's files\n being inadvertently exposed to other local\n users.(CVE-2017-15131)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # http://developer.huawei.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2018-1024\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?0ff27e1c\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected xdg-user-dirs package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/01/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:xdg-user-dirs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(1)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP1\");\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\n\nflag = 0;\n\npkgs = [\"xdg-user-dirs-0.15-4.h1\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"1\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xdg-user-dirs\");\n}\n", "title": "EulerOS 2.0 SP1 : xdg-user-dirs (EulerOS-SA-2018-1024)", "type": "nessus", "viewCount": 0}, "differentElements": ["modified", "sourceData"], "edition": 5, "lastseen": "2018-06-14T07:51:40"}], "edition": 16, "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cpe", "hash": "641c9522d174829ea7e12b235db1ae6c"}, {"key": "cvelist", "hash": "a81f098be1c188ba4c295426f661bba7"}, {"key": "cvss", "hash": "292f2e293571b0e70e3182b615982dad"}, {"key": "description", "hash": "cd48dab648812b7d5056e96cef7a607f"}, {"key": "href", "hash": "554754603497580ed444c19ca2f3f90c"}, {"key": "modified", "hash": "900a490efd6e1d04fe0780aba8408eb9"}, {"key": "naslFamily", "hash": "67933a273737791ab6f71e29a2605c31"}, {"key": "pluginID", "hash": "4bf555a622c5def722ea81e24c7080e6"}, {"key": "published", "hash": "8acef1c33f73aafdb7cffe84eda8c2b1"}, {"key": "references", "hash": "37f2f11b4131823c521e8223abdd4e70"}, {"key": "reporter", "hash": "9cf00d658b687f030ebe173a0528c567"}, {"key": "sourceData", "hash": "b0d37824139f6cc04601d4e75829eef1"}, {"key": "title", "hash": "c9573c7a3031dd9ef2fc86c6a65d690d"}, {"key": "type", "hash": "5e0bd03bec244039678f2b955a2595aa"}], "hash": "57dc3e06fe81ad09d022df3d68f5af49d577b1e9b65551604591c9cb1ce8df25", "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2017-15131"]}, {"type": "nessus", "idList": ["ORACLELINUX_ELSA-2018-0842.NASL", "REDHAT-RHSA-2018-0842.NASL", "EULEROS_SA-2018-1181.NASL", "SL_20180410_XDG_USER_DIRS_ON_SL7_X.NASL", "CENTOS_RHSA-2018-0842.NASL", "AL2_ALAS-2018-1030.NASL", "EULEROS_SA-2018-1025.NASL"]}, {"type": "oraclelinux", "idList": ["ELSA-2018-0842"]}, {"type": "redhat", "idList": ["RHSA-2018:0842"]}, {"type": "centos", "idList": ["CESA-2018:0842"]}], "modified": "2019-02-21T01:35:48"}, "score": {"value": 7.2, "vector": "NONE"}, "vulnersScore": 7.2}, "objectVersion": "1.3", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(106165);\n script_version(\"3.9\");\n script_cvs_date(\"Date: 2018/11/13 12:30:47\");\n\n script_cve_id(\n \"CVE-2017-15131\"\n );\n\n script_name(english:\"EulerOS 2.0 SP1 : xdg-user-dirs (EulerOS-SA-2018-1024)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the xdg-user-dirs package installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerability :\n\n - It was found that the system umask policy is not being\n honored when creating XDG user directories (~/Desktop\n etc) on first login. This could lead to user's files\n being inadvertently exposed to other local\n users.(CVE-2017-15131)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huawei.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2018-1024\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?ba8fd837\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected xdg-user-dirs package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/01/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:xdg-user-dirs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(1)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP1\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP1\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\n\nflag = 0;\n\npkgs = [\"xdg-user-dirs-0.15-4.h1\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"1\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xdg-user-dirs\");\n}\n", "naslFamily": "Huawei Local Security Checks", "pluginID": "106165", "cpe": ["p-cpe:/a:huawei:euleros:xdg-user-dirs", "cpe:/o:huawei:euleros:2.0"], "scheme": null}
{"cve": [{"lastseen": "2018-04-12T10:38:16", "bulletinFamily": "NVD", "description": "It was found that system umask policy is not being honored when creating XDG user directories, since Xsession sources xdg-user-dirs.sh before setting umask policy. This only affects xdg-user-dirs before 0.15.5 as shipped with Red Hat Enterprise Linux.", "modified": "2018-04-11T21:29:03", "published": "2018-01-09T16:29:00", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-15131", "id": "CVE-2017-15131", "title": "CVE-2017-15131", "type": "cve", "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "nessus": [{"lastseen": "2019-02-21T01:38:59", "bulletinFamily": "scanner", "description": "Security Fix(es) :\n\n - xdg-user-dirs, gnome-session: Xsession creation of XDG user directories does not honor system umask policy (CVE-2017-15131)\n\nAdditional Changes :", "modified": "2018-12-27T00:00:00", "id": "SL_20180410_XDG_USER_DIRS_ON_SL7_X.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=109459", "published": "2018-05-01T00:00:00", "title": "Scientific Linux Security Update : xdg-user-dirs on SL7.x x86_64", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(109459);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2018/12/27 10:05:37\");\n\n script_cve_id(\"CVE-2017-15131\");\n\n script_name(english:\"Scientific Linux Security Update : xdg-user-dirs on SL7.x x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security Fix(es) :\n\n - xdg-user-dirs, gnome-session: Xsession creation of XDG\n user directories does not honor system umask policy\n (CVE-2017-15131)\n\nAdditional Changes :\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1804&L=scientific-linux-errata&F=&S=&P=4401\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c10508ba\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected xdg-user-dirs and / or xdg-user-dirs-debuginfo\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/04/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/05/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"xdg-user-dirs-0.15-5.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"xdg-user-dirs-debuginfo-0.15-5.el7\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:40:20", "bulletinFamily": "scanner", "description": "It was found that the system umask policy is not being honored when creating XDG user directories (~/Desktop etc) on first login. This could lead to user's files being inadvertently exposed to other local users.(CVE-2017-15131)", "modified": "2018-08-31T00:00:00", "id": "AL2_ALAS-2018-1030.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=110447", "published": "2018-06-12T00:00:00", "title": "Amazon Linux 2 : xdg-user-dirs (ALAS-2018-1030)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux 2 Security Advisory ALAS-2018-1030.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(110447);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2018/08/31 12:25:00\");\n\n script_cve_id(\"CVE-2017-15131\");\n script_xref(name:\"ALAS\", value:\"2018-1030\");\n\n script_name(english:\"Amazon Linux 2 : xdg-user-dirs (ALAS-2018-1030)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux 2 host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was found that the system umask policy is not being honored when\ncreating XDG user directories (~/Desktop etc) on first login. This\ncould lead to user's files being inadvertently exposed to other local\nusers.(CVE-2017-15131)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/AL2/ALAS-2018-1030.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update xdg-user-dirs' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:xdg-user-dirs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:xdg-user-dirs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux:2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/06/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/06/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"2\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux 2\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"AL2\", cpu:\"x86_64\", reference:\"xdg-user-dirs-0.15-5.amzn2\")) flag++;\nif (rpm_check(release:\"AL2\", cpu:\"x86_64\", reference:\"xdg-user-dirs-debuginfo-0.15-5.amzn2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xdg-user-dirs / xdg-user-dirs-debuginfo\");\n}\n", "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:38:15", "bulletinFamily": "scanner", "description": "An update for xdg-user-dirs is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link (s) in the References section.\n\nxdg-user-dirs is a tool to create and configure default desktop user directories such as the Music and the Desktop directories.\n\nSecurity Fix(es) :\n\n* xdg-user-dirs, gnome-session: Xsession creation of XDG user directories does not honor system umask policy (CVE-2017-15131)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 7.5 Release Notes linked from the References section.", "modified": "2018-11-10T00:00:00", "id": "REDHAT-RHSA-2018-0842.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=108987", "published": "2018-04-11T00:00:00", "title": "RHEL 7 : xdg-user-dirs (RHSA-2018:0842)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2018:0842. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(108987);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2018/11/10 11:49:57\");\n\n script_cve_id(\"CVE-2017-15131\");\n script_xref(name:\"RHSA\", value:\"2018:0842\");\n\n script_name(english:\"RHEL 7 : xdg-user-dirs (RHSA-2018:0842)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for xdg-user-dirs is now available for Red Hat Enterprise\nLinux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Low. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link (s) in the References section.\n\nxdg-user-dirs is a tool to create and configure default desktop user\ndirectories such as the Music and the Desktop directories.\n\nSecurity Fix(es) :\n\n* xdg-user-dirs, gnome-session: Xsession creation of XDG user\ndirectories does not honor system umask policy (CVE-2017-15131)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, and other related information, refer to the CVE page(s)\nlisted in the References section.\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 7.5 Release Notes linked from the References section.\"\n );\n # https://access.redhat.com/documentation/en-US/red_hat_enterprise_linux/7/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?dde41582\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2018:0842\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-15131\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected xdg-user-dirs and / or xdg-user-dirs-debuginfo\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xdg-user-dirs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xdg-user-dirs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.6\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/04/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/04/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2018:0842\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"xdg-user-dirs-0.15-5.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"xdg-user-dirs-0.15-5.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"xdg-user-dirs-debuginfo-0.15-5.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"xdg-user-dirs-debuginfo-0.15-5.el7\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xdg-user-dirs / xdg-user-dirs-debuginfo\");\n }\n}\n", "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:40:44", "bulletinFamily": "scanner", "description": "According to the version of the xdg-user-dirs package installed, the EulerOS installation on the remote host is affected by the following vulnerability :\n\n - It was found that the system umask policy is not being honored when creating XDG user directories (~/Desktop etc) on first login. This could lead to user's files being inadvertently exposed to other local users.(CVE-2017-15131)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "modified": "2018-11-13T00:00:00", "id": "EULEROS_SA-2018-1181.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=110845", "published": "2018-07-03T00:00:00", "title": "EulerOS 2.0 SP3 : xdg-user-dirs (EulerOS-SA-2018-1181)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(110845);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2018/11/13 12:30:47\");\n\n script_cve_id(\n \"CVE-2017-15131\"\n );\n\n script_name(english:\"EulerOS 2.0 SP3 : xdg-user-dirs (EulerOS-SA-2018-1181)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the xdg-user-dirs package installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerability :\n\n - It was found that the system umask policy is not being\n honored when creating XDG user directories (~/Desktop\n etc) on first login. This could lead to user's files\n being inadvertently exposed to other local\n users.(CVE-2017-15131)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huawei.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2018-1181\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?cdeb7b4e\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected xdg-user-dirs package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/06/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:xdg-user-dirs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/07/03\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(3)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\n\nflag = 0;\n\npkgs = [\"xdg-user-dirs-0.15-5\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"3\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xdg-user-dirs\");\n}\n", "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:38:48", "bulletinFamily": "scanner", "description": "An update for xdg-user-dirs is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link (s) in the References section.\n\nxdg-user-dirs is a tool to create and configure default desktop user directories such as the Music and the Desktop directories.\n\nSecurity Fix(es) :\n\n* xdg-user-dirs, gnome-session: Xsession creation of XDG user directories does not honor system umask policy (CVE-2017-15131)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 7.5 Release Notes linked from the References section.", "modified": "2018-11-10T00:00:00", "id": "CENTOS_RHSA-2018-0842.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=109373", "published": "2018-04-27T00:00:00", "title": "CentOS 7 : xdg-user-dirs (CESA-2018:0842)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2018:0842 and \n# CentOS Errata and Security Advisory 2018:0842 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(109373);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2018/11/10 11:49:32\");\n\n script_cve_id(\"CVE-2017-15131\");\n script_xref(name:\"RHSA\", value:\"2018:0842\");\n\n script_name(english:\"CentOS 7 : xdg-user-dirs (CESA-2018:0842)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for xdg-user-dirs is now available for Red Hat Enterprise\nLinux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Low. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link (s) in the References section.\n\nxdg-user-dirs is a tool to create and configure default desktop user\ndirectories such as the Music and the Desktop directories.\n\nSecurity Fix(es) :\n\n* xdg-user-dirs, gnome-session: Xsession creation of XDG user\ndirectories does not honor system umask policy (CVE-2017-15131)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, and other related information, refer to the CVE page(s)\nlisted in the References section.\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 7.5 Release Notes linked from the References section.\"\n );\n # https://lists.centos.org/pipermail/centos-cr-announce/2018-April/005215.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?6b690c5e\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected xdg-user-dirs package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:xdg-user-dirs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/04/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/04/27\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/CentOS/release\")) audit(AUDIT_OS_NOT, \"CentOS\");\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"xdg-user-dirs-0.15-5.el7\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:35:48", "bulletinFamily": "scanner", "description": "According to the version of the xdg-user-dirs package installed, the EulerOS installation on the remote host is affected by the following vulnerability :\n\n - It was found that the system umask policy is not being honored when creating XDG user directories (~/Desktop etc) on first login. This could lead to user's files being inadvertently exposed to other local users.(CVE-2017-15131)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "modified": "2018-11-13T00:00:00", "id": "EULEROS_SA-2018-1025.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=106166", "published": "2018-01-19T00:00:00", "title": "EulerOS 2.0 SP2 : xdg-user-dirs (EulerOS-SA-2018-1025)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(106166);\n script_version(\"3.9\");\n script_cvs_date(\"Date: 2018/11/13 12:30:47\");\n\n script_cve_id(\n \"CVE-2017-15131\"\n );\n\n script_name(english:\"EulerOS 2.0 SP2 : xdg-user-dirs (EulerOS-SA-2018-1025)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the xdg-user-dirs package installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerability :\n\n - It was found that the system umask policy is not being\n honored when creating XDG user directories (~/Desktop\n etc) on first login. This could lead to user's files\n being inadvertently exposed to other local\n users.(CVE-2017-15131)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huawei.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2018-1025\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?cdcc7f3e\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected xdg-user-dirs package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/01/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:xdg-user-dirs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(2)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\n\nflag = 0;\n\npkgs = [\"xdg-user-dirs-0.15-4.h1\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"2\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xdg-user-dirs\");\n}\n", "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:38:21", "bulletinFamily": "scanner", "description": "From Red Hat Security Advisory 2018:0842 :\n\nAn update for xdg-user-dirs is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link (s) in the References section.\n\nxdg-user-dirs is a tool to create and configure default desktop user directories such as the Music and the Desktop directories.\n\nSecurity Fix(es) :\n\n* xdg-user-dirs, gnome-session: Xsession creation of XDG user directories does not honor system umask policy (CVE-2017-15131)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 7.5 Release Notes linked from the References section.", "modified": "2018-09-05T00:00:00", "id": "ORACLELINUX_ELSA-2018-0842.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=109107", "published": "2018-04-18T00:00:00", "title": "Oracle Linux 7 : xdg-user-dirs (ELSA-2018-0842)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2018:0842 and \n# Oracle Linux Security Advisory ELSA-2018-0842 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(109107);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2018/09/05 15:02:26\");\n\n script_cve_id(\"CVE-2017-15131\");\n script_xref(name:\"RHSA\", value:\"2018:0842\");\n\n script_name(english:\"Oracle Linux 7 : xdg-user-dirs (ELSA-2018-0842)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2018:0842 :\n\nAn update for xdg-user-dirs is now available for Red Hat Enterprise\nLinux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Low. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link (s) in the References section.\n\nxdg-user-dirs is a tool to create and configure default desktop user\ndirectories such as the Music and the Desktop directories.\n\nSecurity Fix(es) :\n\n* xdg-user-dirs, gnome-session: Xsession creation of XDG user\ndirectories does not honor system umask policy (CVE-2017-15131)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, and other related information, refer to the CVE page(s)\nlisted in the References section.\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 7.5 Release Notes linked from the References section.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2018-April/007612.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected xdg-user-dirs package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:xdg-user-dirs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/04/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/04/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 7\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"xdg-user-dirs-0.15-5.el7\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xdg-user-dirs\");\n}\n", "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "centos": [{"lastseen": "2019-04-03T05:17:32", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2018:0842\n\n\nxdg-user-dirs is a tool to create and configure default desktop user directories such as the Music and the Desktop directories.\n\nSecurity Fix(es):\n\n* xdg-user-dirs, gnome-session: Xsession creation of XDG user directories does not honor system umask policy (CVE-2017-15131)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 7.5 Release Notes linked from the References section.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-cr-announce/2018-April/005215.html\n\n**Affected packages:**\nxdg-user-dirs\n\n**Upstream details at:**\n", "modified": "2018-04-26T17:54:11", "published": "2018-04-26T17:54:11", "id": "CESA-2018:0842", "href": "http://lists.centos.org/pipermail/centos-cr-announce/2018-April/005215.html", "title": "xdg security update", "type": "centos", "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "oraclelinux": [{"lastseen": "2018-08-31T01:48:13", "bulletinFamily": "unix", "description": "[0.15-5]\n- Start using autostart mechanism instead of xinitrc.d script\n Resolves: #1412762", "modified": "2018-04-16T00:00:00", "published": "2018-04-16T00:00:00", "id": "ELSA-2018-0842", "href": "http://linux.oracle.com/errata/ELSA-2018-0842.html", "title": "xdg-user-dirs security and bug fix update", "type": "oraclelinux", "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "redhat": [{"lastseen": "2018-12-11T17:45:54", "bulletinFamily": "unix", "description": "xdg-user-dirs is a tool to create and configure default desktop user directories such as the Music and the Desktop directories.\n\nSecurity Fix(es):\n\n* xdg-user-dirs, gnome-session: Xsession creation of XDG user directories does not honor system umask policy (CVE-2017-15131)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 7.5 Release Notes linked from the References section.", "modified": "2018-04-10T10:39:17", "published": "2018-04-10T09:02:19", "id": "RHSA-2018:0842", "href": "https://access.redhat.com/errata/RHSA-2018:0842", "type": "redhat", "title": "(RHSA-2018:0842) Low: xdg-user-dirs security and bug fix update", "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}
