ID EULEROS_SA-2018-1024.NASL Type nessus Reporter This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof. Modified 2019-11-02T00:00:00
Description
According to the version of the xdg-user-dirs package installed, the
EulerOS installation on the remote host is affected by the following
vulnerability :
It was found that the system umask policy is not being
honored when creating XDG user directories (~/Desktop
etc) on first login. This could lead to user
#
# (C) Tenable Network Security, Inc.
#
include("compat.inc");
if (description)
{
script_id(106165);
script_version("3.9");
script_cvs_date("Date: 2018/11/13 12:30:47");
script_cve_id(
"CVE-2017-15131"
);
script_name(english:"EulerOS 2.0 SP1 : xdg-user-dirs (EulerOS-SA-2018-1024)");
script_summary(english:"Checks the rpm output for the updated package.");
script_set_attribute(attribute:"synopsis", value:
"The remote EulerOS host is missing a security update.");
script_set_attribute(attribute:"description", value:
"According to the version of the xdg-user-dirs package installed, the
EulerOS installation on the remote host is affected by the following
vulnerability :
- It was found that the system umask policy is not being
honored when creating XDG user directories (~/Desktop
etc) on first login. This could lead to user's files
being inadvertently exposed to other local
users.(CVE-2017-15131)
Note that Tenable Network Security has extracted the preceding
description block directly from the EulerOS security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.");
# https://developer.huawei.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2018-1024
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?ba8fd837");
script_set_attribute(attribute:"solution", value:
"Update the affected xdg-user-dirs package.");
script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"patch_publication_date", value:"2018/01/17");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:xdg-user-dirs");
script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0");
script_set_attribute(attribute:"plugin_publication_date", value:"2018/01/19");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Huawei Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp");
script_exclude_keys("Host/EulerOS/uvp_version");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/EulerOS/release");
if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0");
sp = get_kb_item("Host/EulerOS/sp");
if (isnull(sp) || sp !~ "^(1)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP1");
uvp = get_kb_item("Host/EulerOS/uvp_version");
if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP1", "EulerOS UVP " + uvp);
if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
flag = 0;
pkgs = ["xdg-user-dirs-0.15-4.h1"];
foreach (pkg in pkgs)
if (rpm_check(release:"EulerOS-2.0", sp:"1", reference:pkg)) flag++;
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : rpm_report_get()
);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "xdg-user-dirs");
}
{"id": "EULEROS_SA-2018-1024.NASL", "bulletinFamily": "scanner", "title": "EulerOS 2.0 SP1 : xdg-user-dirs (EulerOS-SA-2018-1024)", "description": "According to the version of the xdg-user-dirs package installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerability :\n\n - It was found that the system umask policy is not being\n honored when creating XDG user directories (~/Desktop\n etc) on first login. This could lead to user", "published": "2018-01-19T00:00:00", "modified": "2019-11-02T00:00:00", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "href": "https://www.tenable.com/plugins/nessus/106165", "reporter": "This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://www.nessus.org/u?ba8fd837"], "cvelist": ["CVE-2017-15131"], "type": "nessus", "lastseen": "2019-11-01T02:04:23", "history": [{"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:huawei:euleros:xdg-user-dirs", "cpe:/o:huawei:euleros:2.0"], "cvelist": ["CVE-2017-15131"], "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "description": "According to the version of the xdg-user-dirs package installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerability :\n\n - It was found that the system umask policy is not being\n honored when creating XDG user directories (~/Desktop\n etc) on first login. This could lead to user", "edition": 17, "enchantments": {"dependencies": {"modified": "2019-10-28T19:50:33", "references": [{"idList": ["ORACLELINUX_ELSA-2018-0842.NASL", "EULEROS_SA-2018-1025.NASL", "CENTOS_RHSA-2018-0842.NASL", "REDHAT-RHSA-2018-0842.NASL", "EULEROS_SA-2018-1181.NASL", "AL2_ALAS-2018-1030.NASL", "SL_20180410_XDG_USER_DIRS_ON_SL7_X.NASL", "NEWSTART_CGSL_NS-SA-2019-0026_XDG-USER-DIRS.NASL"], "type": "nessus"}, {"idList": ["CESA-2018:0842"], "type": "centos"}, {"idList": ["CVE-2017-15131"], "type": "cve"}, {"idList": ["RHSA-2018:0842"], "type": "redhat"}, {"idList": ["ELSA-2018-0842"], "type": "oraclelinux"}]}, "score": {"modified": "2019-10-28T19:50:33", "value": 4.6, "vector": "NONE"}}, "hash": "10e4373e6a5c6e811e28a9b65a53a565444b552316d83a25678392dea422b22b", "hashmap": [{"hash": "a81f098be1c188ba4c295426f661bba7", "key": "cvelist"}, {"hash": "205fa18cac3fc8ebbd32824afb096581", "key": "reporter"}, {"hash": "37f2f11b4131823c521e8223abdd4e70", "key": "references"}, {"hash": "c9573c7a3031dd9ef2fc86c6a65d690d", "key": "title"}, {"hash": "8acef1c33f73aafdb7cffe84eda8c2b1", "key": "published"}, {"hash": "3df96d201f7fb87314590c8357cc2857", "key": "description"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "0bafb6325bcaf483a25404f785191cc5", "key": "modified"}, {"hash": "6f6410364e4cee78bd47ed1fc3d8dd5b", "key": "cvss"}, {"hash": "67933a273737791ab6f71e29a2605c31", "key": "naslFamily"}, {"hash": "641c9522d174829ea7e12b235db1ae6c", "key": "cpe"}, {"hash": "c1cb4e80655b4077982b87562226e10f", "key": "href"}, {"hash": "4bf555a622c5def722ea81e24c7080e6", "key": "pluginID"}, {"hash": "b0d37824139f6cc04601d4e75829eef1", "key": "sourceData"}], "history": [], "href": "https://www.tenable.com/plugins/nessus/106165", "id": "EULEROS_SA-2018-1024.NASL", "lastseen": "2019-10-28T19:50:33", "modified": "2019-10-02T00:00:00", "naslFamily": "Huawei Local Security Checks", "objectVersion": "1.3", "pluginID": "106165", "published": "2018-01-19T00:00:00", "references": ["http://www.nessus.org/u?ba8fd837"], "reporter": "This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(106165);\n script_version(\"3.9\");\n script_cvs_date(\"Date: 2018/11/13 12:30:47\");\n\n script_cve_id(\n \"CVE-2017-15131\"\n );\n\n script_name(english:\"EulerOS 2.0 SP1 : xdg-user-dirs (EulerOS-SA-2018-1024)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the xdg-user-dirs package installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerability :\n\n - It was found that the system umask policy is not being\n honored when creating XDG user directories (~/Desktop\n etc) on first login. This could lead to user's files\n being inadvertently exposed to other local\n users.(CVE-2017-15131)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huawei.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2018-1024\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?ba8fd837\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected xdg-user-dirs package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/01/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:xdg-user-dirs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(1)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP1\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP1\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\n\nflag = 0;\n\npkgs = [\"xdg-user-dirs-0.15-4.h1\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"1\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xdg-user-dirs\");\n}\n", "title": "EulerOS 2.0 SP1 : xdg-user-dirs (EulerOS-SA-2018-1024)", "type": "nessus", "viewCount": 1}, "differentElements": ["modified"], "edition": 17, "lastseen": "2019-10-28T19:50:33"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:huawei:euleros:xdg-user-dirs", "cpe:/o:huawei:euleros:2.0"], "cvelist": ["CVE-2017-15131"], "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "According to the version of the xdg-user-dirs package installed, the EulerOS installation on the remote host is affected by the following vulnerability :\n\n - It was found that the system umask policy is not being honored when creating XDG user directories (~/Desktop etc) on first login. This could lead to user's files being inadvertently exposed to other local users.(CVE-2017-15131)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 14, "enchantments": {"score": {"value": 7.2, "vector": "NONE"}}, "hash": "57dc3e06fe81ad09d022df3d68f5af49d577b1e9b65551604591c9cb1ce8df25", "hashmap": [{"hash": "a81f098be1c188ba4c295426f661bba7", "key": "cvelist"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "37f2f11b4131823c521e8223abdd4e70", "key": "references"}, {"hash": "c9573c7a3031dd9ef2fc86c6a65d690d", "key": "title"}, {"hash": "8acef1c33f73aafdb7cffe84eda8c2b1", "key": "published"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "292f2e293571b0e70e3182b615982dad", "key": "cvss"}, {"hash": "900a490efd6e1d04fe0780aba8408eb9", "key": "modified"}, {"hash": "cd48dab648812b7d5056e96cef7a607f", "key": "description"}, {"hash": "67933a273737791ab6f71e29a2605c31", "key": "naslFamily"}, {"hash": "554754603497580ed444c19ca2f3f90c", "key": "href"}, {"hash": "641c9522d174829ea7e12b235db1ae6c", "key": "cpe"}, {"hash": "4bf555a622c5def722ea81e24c7080e6", "key": "pluginID"}, {"hash": "b0d37824139f6cc04601d4e75829eef1", "key": "sourceData"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=106165", "id": "EULEROS_SA-2018-1024.NASL", "lastseen": "2018-11-14T03:11:27", "modified": "2018-11-13T00:00:00", "naslFamily": "Huawei Local Security Checks", "objectVersion": "1.3", "pluginID": "106165", "published": "2018-01-19T00:00:00", "references": ["http://www.nessus.org/u?ba8fd837"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(106165);\n script_version(\"3.9\");\n script_cvs_date(\"Date: 2018/11/13 12:30:47\");\n\n script_cve_id(\n \"CVE-2017-15131\"\n );\n\n script_name(english:\"EulerOS 2.0 SP1 : xdg-user-dirs (EulerOS-SA-2018-1024)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the xdg-user-dirs package installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerability :\n\n - It was found that the system umask policy is not being\n honored when creating XDG user directories (~/Desktop\n etc) on first login. This could lead to user's files\n being inadvertently exposed to other local\n users.(CVE-2017-15131)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huawei.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2018-1024\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?ba8fd837\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected xdg-user-dirs package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/01/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:xdg-user-dirs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(1)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP1\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP1\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\n\nflag = 0;\n\npkgs = [\"xdg-user-dirs-0.15-4.h1\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"1\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xdg-user-dirs\");\n}\n", "title": "EulerOS 2.0 SP1 : xdg-user-dirs (EulerOS-SA-2018-1024)", "type": "nessus", "viewCount": 0}, "differentElements": ["description"], "edition": 14, "lastseen": "2018-11-14T03:11:27"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:huawei:euleros:xdg-user-dirs", "cpe:/o:huawei:euleros:2.0"], "cvelist": ["CVE-2017-15131"], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "According to the version of the xdg-user-dirs package installed, the EulerOS installation on the remote host is affected by the following vulnerability :\n\n - It was found that the system umask policy is not being honored when creating XDG user directories (~/Desktop etc) on first login. This could lead to user's files being inadvertently exposed to other local users.(CVE-2017-15131)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 1, "enchantments": {"score": {"modified": "2018-01-19T23:12:16", "value": 3.6}}, "hash": "49c4f230cb05e72d9415b39ee295f4285d36996112395e344addb72bca6ec7a8", "hashmap": [{"hash": "a81f098be1c188ba4c295426f661bba7", "key": "cvelist"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "cf9ce54fb147e7cacd51642f738f28d3", "key": "sourceData"}, {"hash": "c9573c7a3031dd9ef2fc86c6a65d690d", "key": "title"}, {"hash": "8acef1c33f73aafdb7cffe84eda8c2b1", "key": "published"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "8acef1c33f73aafdb7cffe84eda8c2b1", "key": "modified"}, {"hash": "cd48dab648812b7d5056e96cef7a607f", "key": "description"}, {"hash": "67933a273737791ab6f71e29a2605c31", "key": "naslFamily"}, {"hash": "554754603497580ed444c19ca2f3f90c", "key": "href"}, {"hash": "839423d5d809969e303f401e6888f62f", "key": "references"}, {"hash": "641c9522d174829ea7e12b235db1ae6c", "key": "cpe"}, {"hash": "4bf555a622c5def722ea81e24c7080e6", "key": "pluginID"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=106165", "id": "EULEROS_SA-2018-1024.NASL", "lastseen": "2018-01-19T23:12:16", "modified": "2018-01-19T00:00:00", "naslFamily": "Huawei Local Security Checks", "objectVersion": "1.3", "pluginID": "106165", "published": "2018-01-19T00:00:00", "references": ["http://www.nessus.org/u?0ff27e1c"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(106165);\n script_version(\"$Revision: 3.1 $\");\n script_cvs_date(\"$Date: 2018/01/19 14:26:49 $\");\n\n script_cve_id(\n \"CVE-2017-15131\"\n );\n script_osvdb_id(\n 172311\n );\n\n script_name(english:\"EulerOS 2.0 SP1 : xdg-user-dirs (EulerOS-SA-2018-1024)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the xdg-user-dirs package installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerability :\n\n - It was found that the system umask policy is not being\n honored when creating XDG user directories (~/Desktop\n etc) on first login. This could lead to user's files\n being inadvertently exposed to other local\n users.(CVE-2017-15131)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # http://developer.huawei.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2018-1024\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?0ff27e1c\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected xdg-user-dirs package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/01/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:xdg-user-dirs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(1)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP1\");\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\n\nflag = 0;\n\npkgs = [\"xdg-user-dirs-0.15-4.h1\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"1\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xdg-user-dirs\");\n}\n", "title": "EulerOS 2.0 SP1 : xdg-user-dirs (EulerOS-SA-2018-1024)", "type": "nessus", "viewCount": 0}, "differentElements": ["cvss"], "edition": 1, "lastseen": "2018-01-19T23:12:16"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:huawei:euleros:xdg-user-dirs", "cpe:/o:huawei:euleros:2.0"], "cvelist": ["CVE-2017-15131"], "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "According to the version of the xdg-user-dirs package installed, the EulerOS installation on the remote host is affected by the following vulnerability :\n\n - It was found that the system umask policy is not being honored when creating XDG user directories (~/Desktop etc) on first login. This could lead to user's files being inadvertently exposed to other local users.(CVE-2017-15131)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 2, "enchantments": {"score": {"modified": "2018-02-06T13:12:55", "value": 3.6}}, "hash": "a9115fed6496e979f9bf883beb8fe3a900fec66528db2c3e652715a49458d3a6", "hashmap": [{"hash": "a81f098be1c188ba4c295426f661bba7", "key": "cvelist"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "cf9ce54fb147e7cacd51642f738f28d3", "key": "sourceData"}, {"hash": "c9573c7a3031dd9ef2fc86c6a65d690d", "key": "title"}, {"hash": "8acef1c33f73aafdb7cffe84eda8c2b1", "key": "published"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "8acef1c33f73aafdb7cffe84eda8c2b1", "key": "modified"}, {"hash": "292f2e293571b0e70e3182b615982dad", "key": "cvss"}, {"hash": "cd48dab648812b7d5056e96cef7a607f", "key": "description"}, {"hash": "67933a273737791ab6f71e29a2605c31", "key": "naslFamily"}, {"hash": "554754603497580ed444c19ca2f3f90c", "key": "href"}, {"hash": "839423d5d809969e303f401e6888f62f", "key": "references"}, {"hash": "641c9522d174829ea7e12b235db1ae6c", "key": "cpe"}, {"hash": "4bf555a622c5def722ea81e24c7080e6", "key": "pluginID"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=106165", "id": "EULEROS_SA-2018-1024.NASL", "lastseen": "2018-02-06T13:12:55", "modified": "2018-01-19T00:00:00", "naslFamily": "Huawei Local Security Checks", "objectVersion": "1.3", "pluginID": "106165", "published": "2018-01-19T00:00:00", "references": ["http://www.nessus.org/u?0ff27e1c"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(106165);\n script_version(\"$Revision: 3.1 $\");\n script_cvs_date(\"$Date: 2018/01/19 14:26:49 $\");\n\n script_cve_id(\n \"CVE-2017-15131\"\n );\n script_osvdb_id(\n 172311\n );\n\n script_name(english:\"EulerOS 2.0 SP1 : xdg-user-dirs (EulerOS-SA-2018-1024)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the xdg-user-dirs package installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerability :\n\n - It was found that the system umask policy is not being\n honored when creating XDG user directories (~/Desktop\n etc) on first login. This could lead to user's files\n being inadvertently exposed to other local\n users.(CVE-2017-15131)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # http://developer.huawei.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2018-1024\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?0ff27e1c\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected xdg-user-dirs package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/01/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:xdg-user-dirs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(1)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP1\");\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\n\nflag = 0;\n\npkgs = [\"xdg-user-dirs-0.15-4.h1\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"1\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xdg-user-dirs\");\n}\n", "title": "EulerOS 2.0 SP1 : xdg-user-dirs (EulerOS-SA-2018-1024)", "type": "nessus", "viewCount": 0}, "differentElements": ["modified", "sourceData"], "edition": 2, "lastseen": "2018-02-06T13:12:55"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:huawei:euleros:xdg-user-dirs", "cpe:/o:huawei:euleros:2.0"], "cvelist": ["CVE-2017-15131"], "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "According to the version of the xdg-user-dirs package installed, the EulerOS installation on the remote host is affected by the following vulnerability :\n\n - It was found that the system umask policy is not being honored when creating XDG user directories (~/Desktop etc) on first login. This could lead to user's files being inadvertently exposed to other local users.(CVE-2017-15131)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 5, "enchantments": {"score": {"value": 7.2, "vector": "NONE"}}, "hash": "0d03700c63926b7266f8d8526cea22a7cf1557ee895c05705b319c2049f343e5", "hashmap": [{"hash": "a81f098be1c188ba4c295426f661bba7", "key": "cvelist"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "5299677d29a0b2004584ce465e834b3e", "key": "modified"}, {"hash": "c9573c7a3031dd9ef2fc86c6a65d690d", "key": "title"}, {"hash": "8acef1c33f73aafdb7cffe84eda8c2b1", "key": "published"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "e67419079ae68ee0dabbdd0c83971321", "key": "sourceData"}, {"hash": "292f2e293571b0e70e3182b615982dad", "key": "cvss"}, {"hash": "cd48dab648812b7d5056e96cef7a607f", "key": "description"}, {"hash": "67933a273737791ab6f71e29a2605c31", "key": "naslFamily"}, {"hash": "554754603497580ed444c19ca2f3f90c", "key": "href"}, {"hash": "839423d5d809969e303f401e6888f62f", "key": "references"}, {"hash": "641c9522d174829ea7e12b235db1ae6c", "key": "cpe"}, {"hash": "4bf555a622c5def722ea81e24c7080e6", "key": "pluginID"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=106165", "id": "EULEROS_SA-2018-1024.NASL", "lastseen": "2018-06-14T07:51:40", "modified": "2018-06-13T00:00:00", "naslFamily": "Huawei Local Security Checks", "objectVersion": "1.3", "pluginID": "106165", "published": "2018-01-19T00:00:00", "references": ["http://www.nessus.org/u?0ff27e1c"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(106165);\n script_version(\"3.4\");\n script_cvs_date(\"Date: 2018/06/13 12:12:20\");\n\n script_cve_id(\n \"CVE-2017-15131\"\n );\n\n script_name(english:\"EulerOS 2.0 SP1 : xdg-user-dirs (EulerOS-SA-2018-1024)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the xdg-user-dirs package installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerability :\n\n - It was found that the system umask policy is not being\n honored when creating XDG user directories (~/Desktop\n etc) on first login. This could lead to user's files\n being inadvertently exposed to other local\n users.(CVE-2017-15131)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # http://developer.huawei.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2018-1024\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?0ff27e1c\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected xdg-user-dirs package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/01/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:xdg-user-dirs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(1)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP1\");\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\n\nflag = 0;\n\npkgs = [\"xdg-user-dirs-0.15-4.h1\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"1\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xdg-user-dirs\");\n}\n", "title": "EulerOS 2.0 SP1 : xdg-user-dirs (EulerOS-SA-2018-1024)", "type": "nessus", "viewCount": 0}, "differentElements": ["modified", "sourceData"], "edition": 5, "lastseen": "2018-06-14T07:51:40"}], "edition": 18, "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cpe", "hash": "641c9522d174829ea7e12b235db1ae6c"}, {"key": "cvelist", "hash": "a81f098be1c188ba4c295426f661bba7"}, {"key": "cvss", "hash": "6f6410364e4cee78bd47ed1fc3d8dd5b"}, {"key": "description", "hash": "3df96d201f7fb87314590c8357cc2857"}, {"key": "href", "hash": "c1cb4e80655b4077982b87562226e10f"}, {"key": "modified", "hash": "abcf9266f425f12dda38f529cd4a94bc"}, {"key": "naslFamily", "hash": "67933a273737791ab6f71e29a2605c31"}, {"key": "pluginID", "hash": "4bf555a622c5def722ea81e24c7080e6"}, {"key": "published", "hash": "8acef1c33f73aafdb7cffe84eda8c2b1"}, {"key": "references", "hash": "37f2f11b4131823c521e8223abdd4e70"}, {"key": "reporter", "hash": "205fa18cac3fc8ebbd32824afb096581"}, {"key": "sourceData", "hash": "b0d37824139f6cc04601d4e75829eef1"}, {"key": "title", "hash": "c9573c7a3031dd9ef2fc86c6a65d690d"}, {"key": "type", "hash": "5e0bd03bec244039678f2b955a2595aa"}], "hash": "1c35aa2c6c8fa019b8feb12d8a8b14dc17a61b7c40613248b19ad606507d38d1", "viewCount": 1, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2017-15131"]}, {"type": "nessus", "idList": ["SL_20180410_XDG_USER_DIRS_ON_SL7_X.NASL", "AL2_ALAS-2018-1030.NASL", "NEWSTART_CGSL_NS-SA-2019-0026_XDG-USER-DIRS.NASL", "EULEROS_SA-2018-1181.NASL", "CENTOS_RHSA-2018-0842.NASL", "ORACLELINUX_ELSA-2018-0842.NASL", "REDHAT-RHSA-2018-0842.NASL", "EULEROS_SA-2018-1025.NASL"]}, {"type": "centos", "idList": ["CESA-2018:0842"]}, {"type": "oraclelinux", "idList": ["ELSA-2018-0842"]}, {"type": "redhat", "idList": ["RHSA-2018:0842"]}], "modified": "2019-11-01T02:04:23"}, "score": {"value": 4.6, "vector": "NONE", "modified": "2019-11-01T02:04:23"}, "vulnersScore": 4.6}, "objectVersion": "1.3", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(106165);\n script_version(\"3.9\");\n script_cvs_date(\"Date: 2018/11/13 12:30:47\");\n\n script_cve_id(\n \"CVE-2017-15131\"\n );\n\n script_name(english:\"EulerOS 2.0 SP1 : xdg-user-dirs (EulerOS-SA-2018-1024)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the xdg-user-dirs package installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerability :\n\n - It was found that the system umask policy is not being\n honored when creating XDG user directories (~/Desktop\n etc) on first login. This could lead to user's files\n being inadvertently exposed to other local\n users.(CVE-2017-15131)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huawei.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2018-1024\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?ba8fd837\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected xdg-user-dirs package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/01/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:xdg-user-dirs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(1)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP1\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP1\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\n\nflag = 0;\n\npkgs = [\"xdg-user-dirs-0.15-4.h1\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"1\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xdg-user-dirs\");\n}\n", "naslFamily": "Huawei Local Security Checks", "pluginID": "106165", "cpe": ["p-cpe:/a:huawei:euleros:xdg-user-dirs", "cpe:/o:huawei:euleros:2.0"], "scheme": null}
{"cve": [{"lastseen": "2019-11-05T13:22:34", "bulletinFamily": "NVD", "description": "It was found that system umask policy is not being honored when creating XDG user directories, since Xsession sources xdg-user-dirs.sh before setting umask policy. This only affects xdg-user-dirs before 0.15.5 as shipped with Red Hat Enterprise Linux.", "modified": "2019-10-03T00:03:00", "id": "CVE-2017-15131", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-15131", "published": "2018-01-09T21:29:00", "title": "CVE-2017-15131", "type": "cve", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}], "centos": [{"lastseen": "2019-05-29T18:34:50", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2018:0842\n\n\nxdg-user-dirs is a tool to create and configure default desktop user directories such as the Music and the Desktop directories.\n\nSecurity Fix(es):\n\n* xdg-user-dirs, gnome-session: Xsession creation of XDG user directories does not honor system umask policy (CVE-2017-15131)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 7.5 Release Notes linked from the References section.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-cr-announce/2018-April/005215.html\n\n**Affected packages:**\nxdg-user-dirs\n\n**Upstream details at:**\n", "modified": "2018-04-26T17:54:11", "published": "2018-04-26T17:54:11", "id": "CESA-2018:0842", "href": "http://lists.centos.org/pipermail/centos-cr-announce/2018-April/005215.html", "title": "xdg security update", "type": "centos", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2019-11-03T12:13:58", "bulletinFamily": "scanner", "description": "Security Fix(es) :\n\n - xdg-user-dirs, gnome-session: Xsession creation of XDG\n user directories does not honor system umask policy\n (CVE-2017-15131)\n\nAdditional Changes :", "modified": "2019-11-02T00:00:00", "id": "SL_20180410_XDG_USER_DIRS_ON_SL7_X.NASL", "href": "https://www.tenable.com/plugins/nessus/109459", "published": "2018-05-01T00:00:00", "title": "Scientific Linux Security Update : xdg-user-dirs on SL7.x x86_64", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(109459);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2018/12/27 10:05:37\");\n\n script_cve_id(\"CVE-2017-15131\");\n\n script_name(english:\"Scientific Linux Security Update : xdg-user-dirs on SL7.x x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security Fix(es) :\n\n - xdg-user-dirs, gnome-session: Xsession creation of XDG\n user directories does not honor system umask policy\n (CVE-2017-15131)\n\nAdditional Changes :\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1804&L=scientific-linux-errata&F=&S=&P=4401\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c10508ba\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected xdg-user-dirs and / or xdg-user-dirs-debuginfo\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/04/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/05/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"xdg-user-dirs-0.15-5.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"xdg-user-dirs-debuginfo-0.15-5.el7\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-11-01T02:57:48", "bulletinFamily": "scanner", "description": "The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has xdg-user-dirs packages installed that are\naffected by a vulnerability:\n\n - It was found that the system umask policy is not being\n honored when creating XDG user directories (~/Desktop\n etc) on first login. This could lead to user", "modified": "2019-11-02T00:00:00", "id": "NEWSTART_CGSL_NS-SA-2019-0026_XDG-USER-DIRS.NASL", "href": "https://www.tenable.com/plugins/nessus/127188", "published": "2019-08-12T00:00:00", "title": "NewStart CGSL CORE 5.04 / MAIN 5.04 : xdg-user-dirs Vulnerability (NS-SA-2019-0026)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from ZTE advisory NS-SA-2019-0026. The text\n# itself is copyright (C) ZTE, Inc.\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(127188);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2019/10/18 23:14:15\");\n\n script_cve_id(\"CVE-2017-15131\");\n\n script_name(english:\"NewStart CGSL CORE 5.04 / MAIN 5.04 : xdg-user-dirs Vulnerability (NS-SA-2019-0026)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote machine is affected by a vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has xdg-user-dirs packages installed that are\naffected by a vulnerability:\n\n - It was found that the system umask policy is not being\n honored when creating XDG user directories (~/Desktop\n etc) on first login. This could lead to user's files\n being inadvertently exposed to other local users.\n (CVE-2017-15131)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/notice/NS-SA-2019-0026\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the vulnerable CGSL xdg-user-dirs packages. Note that updated packages may not be available yet. Please contact\nZTE for more information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-15131\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/01/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/07/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"NewStart CGSL Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/ZTE-CGSL/release\", \"Host/ZTE-CGSL/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/ZTE-CGSL/release\");\nif (isnull(release) || release !~ \"^CGSL (MAIN|CORE)\") audit(AUDIT_OS_NOT, \"NewStart Carrier Grade Server Linux\");\n\nif (release !~ \"CGSL CORE 5.04\" &&\n release !~ \"CGSL MAIN 5.04\")\n audit(AUDIT_OS_NOT, 'NewStart CGSL CORE 5.04 / NewStart CGSL MAIN 5.04');\n\nif (!get_kb_item(\"Host/ZTE-CGSL/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"NewStart Carrier Grade Server Linux\", cpu);\n\nflag = 0;\n\npkgs = {\n \"CGSL CORE 5.04\": [\n \"xdg-user-dirs-0.15-5.el7\",\n \"xdg-user-dirs-debuginfo-0.15-5.el7\"\n ],\n \"CGSL MAIN 5.04\": [\n \"xdg-user-dirs-0.15-5.el7\",\n \"xdg-user-dirs-debuginfo-0.15-5.el7\"\n ]\n};\npkg_list = pkgs[release];\n\nforeach (pkg in pkg_list)\n if (rpm_check(release:\"ZTE \" + release, reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xdg-user-dirs\");\n}\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-11-01T02:13:17", "bulletinFamily": "scanner", "description": "It was found that the system umask policy is not being honored when\ncreating XDG user directories (~/Desktop etc) on first login. This\ncould lead to user", "modified": "2019-11-02T00:00:00", "id": "AL2_ALAS-2018-1030.NASL", "href": "https://www.tenable.com/plugins/nessus/110447", "published": "2018-06-12T00:00:00", "title": "Amazon Linux 2 : xdg-user-dirs (ALAS-2018-1030)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux 2 Security Advisory ALAS-2018-1030.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(110447);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2018/08/31 12:25:00\");\n\n script_cve_id(\"CVE-2017-15131\");\n script_xref(name:\"ALAS\", value:\"2018-1030\");\n\n script_name(english:\"Amazon Linux 2 : xdg-user-dirs (ALAS-2018-1030)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux 2 host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was found that the system umask policy is not being honored when\ncreating XDG user directories (~/Desktop etc) on first login. This\ncould lead to user's files being inadvertently exposed to other local\nusers.(CVE-2017-15131)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/AL2/ALAS-2018-1030.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update xdg-user-dirs' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:xdg-user-dirs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:xdg-user-dirs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux:2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/06/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/06/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"2\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux 2\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"AL2\", cpu:\"x86_64\", reference:\"xdg-user-dirs-0.15-5.amzn2\")) flag++;\nif (rpm_check(release:\"AL2\", cpu:\"x86_64\", reference:\"xdg-user-dirs-debuginfo-0.15-5.amzn2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xdg-user-dirs / xdg-user-dirs-debuginfo\");\n}\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-11-01T02:04:24", "bulletinFamily": "scanner", "description": "According to the version of the xdg-user-dirs package installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerability :\n\n - It was found that the system umask policy is not being\n honored when creating XDG user directories (~/Desktop\n etc) on first login. This could lead to user", "modified": "2019-11-02T00:00:00", "id": "EULEROS_SA-2018-1025.NASL", "href": "https://www.tenable.com/plugins/nessus/106166", "published": "2018-01-19T00:00:00", "title": "EulerOS 2.0 SP2 : xdg-user-dirs (EulerOS-SA-2018-1025)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(106166);\n script_version(\"3.9\");\n script_cvs_date(\"Date: 2018/11/13 12:30:47\");\n\n script_cve_id(\n \"CVE-2017-15131\"\n );\n\n script_name(english:\"EulerOS 2.0 SP2 : xdg-user-dirs (EulerOS-SA-2018-1025)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the xdg-user-dirs package installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerability :\n\n - It was found that the system umask policy is not being\n honored when creating XDG user directories (~/Desktop\n etc) on first login. This could lead to user's files\n being inadvertently exposed to other local\n users.(CVE-2017-15131)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huawei.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2018-1025\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?cdcc7f3e\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected xdg-user-dirs package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/01/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:xdg-user-dirs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(2)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\n\nflag = 0;\n\npkgs = [\"xdg-user-dirs-0.15-4.h1\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"2\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xdg-user-dirs\");\n}\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-11-01T03:23:11", "bulletinFamily": "scanner", "description": "An update for xdg-user-dirs is now available for Red Hat Enterprise\nLinux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Low. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link (s) in the References section.\n\nxdg-user-dirs is a tool to create and configure default desktop user\ndirectories such as the Music and the Desktop directories.\n\nSecurity Fix(es) :\n\n* xdg-user-dirs, gnome-session: Xsession creation of XDG user\ndirectories does not honor system umask policy (CVE-2017-15131)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, and other related information, refer to the CVE page(s)\nlisted in the References section.\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 7.5 Release Notes linked from the References section.", "modified": "2019-11-02T00:00:00", "id": "REDHAT-RHSA-2018-0842.NASL", "href": "https://www.tenable.com/plugins/nessus/108987", "published": "2018-04-11T00:00:00", "title": "RHEL 7 : xdg-user-dirs (RHSA-2018:0842)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2018:0842. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(108987);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2019/10/24 15:35:44\");\n\n script_cve_id(\"CVE-2017-15131\");\n script_xref(name:\"RHSA\", value:\"2018:0842\");\n\n script_name(english:\"RHEL 7 : xdg-user-dirs (RHSA-2018:0842)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for xdg-user-dirs is now available for Red Hat Enterprise\nLinux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Low. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link (s) in the References section.\n\nxdg-user-dirs is a tool to create and configure default desktop user\ndirectories such as the Music and the Desktop directories.\n\nSecurity Fix(es) :\n\n* xdg-user-dirs, gnome-session: Xsession creation of XDG user\ndirectories does not honor system umask policy (CVE-2017-15131)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, and other related information, refer to the CVE page(s)\nlisted in the References section.\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 7.5 Release Notes linked from the References section.\"\n );\n # https://access.redhat.com/documentation/en-US/red_hat_enterprise_linux/7/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?dde41582\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2018:0842\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-15131\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected xdg-user-dirs and / or xdg-user-dirs-debuginfo\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xdg-user-dirs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xdg-user-dirs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/01/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/04/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/04/11\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2018:0842\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"xdg-user-dirs-0.15-5.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"xdg-user-dirs-0.15-5.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"xdg-user-dirs-debuginfo-0.15-5.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"xdg-user-dirs-debuginfo-0.15-5.el7\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xdg-user-dirs / xdg-user-dirs-debuginfo\");\n }\n}\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-11-01T02:16:19", "bulletinFamily": "scanner", "description": "An update for xdg-user-dirs is now available for Red Hat Enterprise\nLinux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Low. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link (s) in the References section.\n\nxdg-user-dirs is a tool to create and configure default desktop user\ndirectories such as the Music and the Desktop directories.\n\nSecurity Fix(es) :\n\n* xdg-user-dirs, gnome-session: Xsession creation of XDG user\ndirectories does not honor system umask policy (CVE-2017-15131)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, and other related information, refer to the CVE page(s)\nlisted in the References section.\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 7.5 Release Notes linked from the References section.", "modified": "2019-11-02T00:00:00", "id": "CENTOS_RHSA-2018-0842.NASL", "href": "https://www.tenable.com/plugins/nessus/109373", "published": "2018-04-27T00:00:00", "title": "CentOS 7 : xdg-user-dirs (CESA-2018:0842)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2018:0842 and \n# CentOS Errata and Security Advisory 2018:0842 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(109373);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2019/10/02 15:30:21\");\n\n script_cve_id(\"CVE-2017-15131\");\n script_xref(name:\"RHSA\", value:\"2018:0842\");\n\n script_name(english:\"CentOS 7 : xdg-user-dirs (CESA-2018:0842)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for xdg-user-dirs is now available for Red Hat Enterprise\nLinux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Low. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link (s) in the References section.\n\nxdg-user-dirs is a tool to create and configure default desktop user\ndirectories such as the Music and the Desktop directories.\n\nSecurity Fix(es) :\n\n* xdg-user-dirs, gnome-session: Xsession creation of XDG user\ndirectories does not honor system umask policy (CVE-2017-15131)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, and other related information, refer to the CVE page(s)\nlisted in the References section.\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 7.5 Release Notes linked from the References section.\"\n );\n # https://lists.centos.org/pipermail/centos-cr-announce/2018-April/005215.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?6b690c5e\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected xdg-user-dirs package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:xdg-user-dirs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/01/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/04/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/04/27\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 7.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"xdg-user-dirs-0.15-5.el7\")) flag++;\n\n\nif (flag)\n{\n cr_plugin_caveat = '\\n' +\n 'NOTE: The security advisory associated with this vulnerability has a\\n' +\n 'fixed package version that may only be available in the continuous\\n' +\n 'release (CR) repository for CentOS, until it is present in the next\\n' +\n 'point release of CentOS.\\n\\n' +\n\n 'If an equal or higher package level does not exist in the baseline\\n' +\n 'repository for your major version of CentOS, then updates from the CR\\n' +\n 'repository will need to be applied in order to address the\\n' +\n 'vulnerability.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + cr_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xdg-user-dirs\");\n}\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-11-01T02:04:48", "bulletinFamily": "scanner", "description": "According to the version of the xdg-user-dirs package installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerability :\n\n - It was found that the system umask policy is not being\n honored when creating XDG user directories (~/Desktop\n etc) on first login. This could lead to user", "modified": "2019-11-02T00:00:00", "id": "EULEROS_SA-2018-1181.NASL", "href": "https://www.tenable.com/plugins/nessus/110845", "published": "2018-07-03T00:00:00", "title": "EulerOS 2.0 SP3 : xdg-user-dirs (EulerOS-SA-2018-1181)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(110845);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2019/06/28 11:31:58\");\n\n script_cve_id(\n \"CVE-2017-15131\"\n );\n\n script_name(english:\"EulerOS 2.0 SP3 : xdg-user-dirs (EulerOS-SA-2018-1181)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the xdg-user-dirs package installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerability :\n\n - It was found that the system umask policy is not being\n honored when creating XDG user directories (~/Desktop\n etc) on first login. This could lead to user's files\n being inadvertently exposed to other local\n users.(CVE-2017-15131)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2018-1181\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?fb1b436f\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected xdg-user-dirs package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/06/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/07/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:xdg-user-dirs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(3)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\n\nflag = 0;\n\npkgs = [\"xdg-user-dirs-0.15-5\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"3\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xdg-user-dirs\");\n}\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-11-01T03:15:33", "bulletinFamily": "scanner", "description": "From Red Hat Security Advisory 2018:0842 :\n\nAn update for xdg-user-dirs is now available for Red Hat Enterprise\nLinux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Low. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link (s) in the References section.\n\nxdg-user-dirs is a tool to create and configure default desktop user\ndirectories such as the Music and the Desktop directories.\n\nSecurity Fix(es) :\n\n* xdg-user-dirs, gnome-session: Xsession creation of XDG user\ndirectories does not honor system umask policy (CVE-2017-15131)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, and other related information, refer to the CVE page(s)\nlisted in the References section.\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 7.5 Release Notes linked from the References section.", "modified": "2019-11-02T00:00:00", "id": "ORACLELINUX_ELSA-2018-0842.NASL", "href": "https://www.tenable.com/plugins/nessus/109107", "published": "2018-04-18T00:00:00", "title": "Oracle Linux 7 : xdg-user-dirs (ELSA-2018-0842)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2018:0842 and \n# Oracle Linux Security Advisory ELSA-2018-0842 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(109107);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2019/09/27 13:00:38\");\n\n script_cve_id(\"CVE-2017-15131\");\n script_xref(name:\"RHSA\", value:\"2018:0842\");\n\n script_name(english:\"Oracle Linux 7 : xdg-user-dirs (ELSA-2018-0842)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2018:0842 :\n\nAn update for xdg-user-dirs is now available for Red Hat Enterprise\nLinux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Low. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link (s) in the References section.\n\nxdg-user-dirs is a tool to create and configure default desktop user\ndirectories such as the Music and the Desktop directories.\n\nSecurity Fix(es) :\n\n* xdg-user-dirs, gnome-session: Xsession creation of XDG user\ndirectories does not honor system umask policy (CVE-2017-15131)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, and other related information, refer to the CVE page(s)\nlisted in the References section.\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 7.5 Release Notes linked from the References section.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2018-April/007612.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected xdg-user-dirs package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:xdg-user-dirs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/01/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/04/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/04/18\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 7\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"xdg-user-dirs-0.15-5.el7\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xdg-user-dirs\");\n}\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:35:50", "bulletinFamily": "unix", "description": "[0.15-5]\n- Start using autostart mechanism instead of xinitrc.d script\n Resolves: #1412762", "modified": "2018-04-16T00:00:00", "published": "2018-04-16T00:00:00", "id": "ELSA-2018-0842", "href": "http://linux.oracle.com/errata/ELSA-2018-0842.html", "title": "xdg-user-dirs security and bug fix update", "type": "oraclelinux", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}], "redhat": [{"lastseen": "2019-08-13T18:45:48", "bulletinFamily": "unix", "description": "xdg-user-dirs is a tool to create and configure default desktop user directories such as the Music and the Desktop directories.\n\nSecurity Fix(es):\n\n* xdg-user-dirs, gnome-session: Xsession creation of XDG user directories does not honor system umask policy (CVE-2017-15131)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 7.5 Release Notes linked from the References section.", "modified": "2018-04-10T10:39:17", "published": "2018-04-10T09:02:19", "id": "RHSA-2018:0842", "href": "https://access.redhat.com/errata/RHSA-2018:0842", "type": "redhat", "title": "(RHSA-2018:0842) Low: xdg-user-dirs security and bug fix update", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}]}