Lucene search
This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.F5_BIGIP_SOL15156.NASLHistoryOct 10, 2014 - 12:00 a.m.
F5 Networks BIG-IP : OpenSSH vulnerability (SOL15156)
2014-10-1000:00:00
This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
12
A certain Red Hat modification to the ChrootDirectory feature in OpenSSH 4.8, as used in sshd in OpenSSH 4.3 in Red Hat Enterprise Linux (RHEL) 5.4 and Fedora 11, allows local users to gain privileges via hard links to setuid programs that use configuration files within the chroot directory, related to requirements for directory ownership.
(CVE-2009-2904)
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from F5 Networks BIG-IP Solution SOL15156.
#
# The text description of this plugin is (C) F5 Networks.
#
include("compat.inc");
if (description)
{
script_id(78162);
script_version("1.8");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/03/10");
script_cve_id("CVE-2009-2904");
script_bugtraq_id(36552);
script_name(english:"F5 Networks BIG-IP : OpenSSH vulnerability (SOL15156)");
script_summary(english:"Checks the BIG-IP version.");
script_set_attribute(
attribute:"synopsis",
value:"The remote device is missing a vendor-supplied security patch."
);
script_set_attribute(
attribute:"description",
value:
"A certain Red Hat modification to the ChrootDirectory feature in
OpenSSH 4.8, as used in sshd in OpenSSH 4.3 in Red Hat Enterprise
Linux (RHEL) 5.4 and Fedora 11, allows local users to gain privileges
via hard links to setuid programs that use configuration files within
the chroot directory, related to requirements for directory ownership.
(CVE-2009-2904)"
);
script_set_attribute(
attribute:"see_also",
value:"https://support.f5.com/csp/article/K15156"
);
script_set_attribute(
attribute:"solution",
value:
"Upgrade to one of the non-vulnerable versions listed in the F5
Solution SOL15156."
);
script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_cwe_id(16);
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_application_security_manager");
script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_global_traffic_manager");
script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_link_controller");
script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_local_traffic_manager");
script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_wan_optimization_manager");
script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_webaccelerator");
script_set_attribute(attribute:"cpe", value:"cpe:/h:f5:big-ip");
script_set_attribute(attribute:"cpe", value:"cpe:/h:f5:big-ip_protocol_security_manager");
script_set_attribute(attribute:"vuln_publication_date", value:"2009/10/01");
script_set_attribute(attribute:"patch_publication_date", value:"2014/04/10");
script_set_attribute(attribute:"plugin_publication_date", value:"2014/10/10");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"F5 Networks Local Security Checks");
script_dependencies("f5_bigip_detect.nbin");
script_require_keys("Host/local_checks_enabled", "Host/BIG-IP/hotfix", "Host/BIG-IP/modules", "Host/BIG-IP/version");
exit(0);
}
include("f5_func.inc");
if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
version = get_kb_item("Host/BIG-IP/version");
if ( ! version ) audit(AUDIT_OS_NOT, "F5 Networks BIG-IP");
if ( isnull(get_kb_item("Host/BIG-IP/hotfix")) ) audit(AUDIT_KB_MISSING, "Host/BIG-IP/hotfix");
if ( ! get_kb_item("Host/BIG-IP/modules") ) audit(AUDIT_KB_MISSING, "Host/BIG-IP/modules");
sol = "SOL15156";
vmatrix = make_array();
# ASM
vmatrix["ASM"] = make_array();
vmatrix["ASM"]["affected" ] = make_list("10.0.0-10.0.1");
vmatrix["ASM"]["unaffected"] = make_list("11.0.0-11.5.1","10.1.0-10.2.4");
# GTM
vmatrix["GTM"] = make_array();
vmatrix["GTM"]["affected" ] = make_list("10.0.0-10.0.1");
vmatrix["GTM"]["unaffected"] = make_list("11.0.0-11.5.1","10.1.0-10.2.4");
# LC
vmatrix["LC"] = make_array();
vmatrix["LC"]["affected" ] = make_list("10.0.0-10.0.1");
vmatrix["LC"]["unaffected"] = make_list("11.0.0-11.5.1","10.1.0-10.2.4");
# LTM
vmatrix["LTM"] = make_array();
vmatrix["LTM"]["affected" ] = make_list("10.0.0-10.0.1");
vmatrix["LTM"]["unaffected"] = make_list("11.0.0-11.5.1","10.1.0-10.2.4");
# PSM
vmatrix["PSM"] = make_array();
vmatrix["PSM"]["affected" ] = make_list("10.0.0-10.0.1");
vmatrix["PSM"]["unaffected"] = make_list("11.0.0-11.4.1","10.1.0-10.2.4");
# WAM
vmatrix["WAM"] = make_array();
vmatrix["WAM"]["affected" ] = make_list("10.0.0-10.0.1");
vmatrix["WAM"]["unaffected"] = make_list("11.0.0-11.3.0","10.1.0-10.2.4");
# WOM
vmatrix["WOM"] = make_array();
vmatrix["WOM"]["affected" ] = make_list("10.0.0-10.0.1");
vmatrix["WOM"]["unaffected"] = make_list("11.0.0-11.3.0","10.1.0-10.2.4");
if (bigip_is_affected(vmatrix:vmatrix, sol:sol))
{
if (report_verbosity > 0) security_warning(port:0, extra:bigip_report_get());
else security_warning(0);
exit(0);
}
else
{
tested = bigip_get_tested_modules();
audit_extra = "For BIG-IP module(s) " + tested + ",";
if (tested) audit(AUDIT_INST_VER_NOT_VULN, audit_extra, version);
else audit(AUDIT_HOST_NOT, "running any of the affected modules");
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| f5 | big-ip_application_security_manager | cpe:/a:f5:big-ip_application_security_manager | |
| f5 | big-ip_global_traffic_manager | cpe:/a:f5:big-ip_global_traffic_manager | |
| f5 | big-ip_link_controller | cpe:/a:f5:big-ip_link_controller | |
| f5 | big-ip_local_traffic_manager | cpe:/a:f5:big-ip_local_traffic_manager | |
| f5 | big-ip_wan_optimization_manager | cpe:/a:f5:big-ip_wan_optimization_manager | |
| f5 | big-ip_webaccelerator | cpe:/a:f5:big-ip_webaccelerator | |
| f5 | big-ip | cpe:/h:f5:big-ip | |
| f5 | big-ip_protocol_security_manager | cpe:/h:f5:big-ip_protocol_security_manager |
Related
nessus
nessus
Scientific Linux Security Update : openssh on SL5.x i386/x86_64
2012-08-01 00:00:00
Red Hat Enterprise Linux OpenSSH ChrootDirectory Local Privilege Escalation
2011-11-18 00:00:00
Fedora 11 : openssh-5.2p1-6.fc11 (2010-5429)
2010-07-01 00:00:00
fedora
fedora
[SECURITY] Fedora 11 Update: openssh-5.2p1-6.fc11
2010-03-30 02:17:47
f5
f5
K15156 : OpenSSH vulnerability CVE-2009-2904
2014-04-24 00:00:00
SOL15156 - OpenSSH vulnerability CVE-2009-2904
2014-04-10 00:00:00
openvas
openvas
CentOS Update for openssh CESA-2009:1470 centos5 i386
2011-08-09 00:00:00
RedHat Security Advisory RHSA-2009:1470
2009-10-06 00:00:00
CentOS Update for openssh CESA-2009:1470 centos5 i386
2011-08-09 00:00:00
cve
cve
CVE-2009-2904
2009-10-01 15:30:00
prion
prion
Design/Logic Flaw
2009-10-01 15:30:00
veracode
veracode
Privilege Escalation
2020-04-10 00:37:23
cvelist
cvelist
CVE-2009-2904
2009-10-01 15:00:00
ubuntucve
ubuntucve
CVE-2009-2904
2009-10-01 00:00:00
centos
centos
openssh security update
2009-10-30 14:43:57
redhat
redhat
(RHSA-2009:1470) Moderate: openssh security update
2009-09-30 00:00:00
oraclelinux
oraclelinux
openssh security update
2009-09-30 00:00:00
debiancve
debiancve
CVE-2009-2904
2009-10-01 15:30:00
vmware
vmware
ESX Service Console and vMA third party updates
2010-03-03 00:00:00
ESX Service Console and vMA third party updates
2010-03-03 00:00:00
Related for F5_BIGIP_SOL15156.NASL