Lucene search
This script is Copyright (C) 2008-2021 Tenable Network Security, Inc.FEDORA_2008-4274.NASLHistoryMay 22, 2008 - 12:00 a.m.
Fedora 7 : gnutls-1.6.3-3.fc7 (2008-4274)
2008-05-2200:00:00
This script is Copyright (C) 2008-2021 Tenable Network Security, Inc.
www.tenable.com
9
10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.084 Low
EPSS
Percentile
94.5%
Fixes critical security issue GNUTLS-SA-2008-1 described here:
http://lists.gnu.org/archive/html/gnutls-devel/2008-05/msg00060.html All applications and system services which utilize gnutls library must be restarted for the updates to take effect.
Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Fedora Security Advisory 2008-4274.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(32414);
script_version("1.16");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/11");
script_cve_id("CVE-2008-1948", "CVE-2008-1949", "CVE-2008-1950");
script_bugtraq_id(29292);
script_xref(name:"FEDORA", value:"2008-4274");
script_name(english:"Fedora 7 : gnutls-1.6.3-3.fc7 (2008-4274)");
script_summary(english:"Checks rpm output for the updated package.");
script_set_attribute(
attribute:"synopsis",
value:"The remote Fedora host is missing a security update."
);
script_set_attribute(
attribute:"description",
value:
"Fixes critical security issue GNUTLS-SA-2008-1 described here:
http://lists.gnu.org/archive/html/gnutls-devel/2008-05/msg00060.html
All applications and system services which utilize gnutls library must
be restarted for the updates to take effect.
Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
);
script_set_attribute(
attribute:"see_also",
value:"http://lists.gnu.org/archive/html/gnutls-devel/2008-05/msg00060.html"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.redhat.com/show_bug.cgi?id=447461"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.redhat.com/show_bug.cgi?id=447462"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.redhat.com/show_bug.cgi?id=447463"
);
# https://lists.fedoraproject.org/pipermail/package-announce/2008-May/010267.html
script_set_attribute(
attribute:"see_also",
value:"http://www.nessus.org/u?bcea6a3d"
);
script_set_attribute(
attribute:"solution",
value:"Update the affected gnutls package."
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_cwe_id(189, 287);
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:gnutls");
script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:7");
script_set_attribute(attribute:"patch_publication_date", value:"2008/05/21");
script_set_attribute(attribute:"plugin_publication_date", value:"2008/05/22");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2008-2021 Tenable Network Security, Inc.");
script_family(english:"Fedora Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
os_ver = os_ver[1];
if (! ereg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 7.x", "Fedora " + os_ver);
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
flag = 0;
if (rpm_check(release:"FC7", reference:"gnutls-1.6.3-3.fc7")) flag++;
if (flag)
{
if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
else security_hole(0);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "gnutls");
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| fedoraproject | fedora | gnutls | p-cpe:/a:fedoraproject:fedora:gnutls |
| fedoraproject | fedora | 7 | cpe:/o:fedoraproject:fedora:7 |
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1948
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1949
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1950
lists.gnu.org/archive/html/gnutls-devel/2008-05/msg00060.html
www.nessus.org/u?bcea6a3d
bugzilla.redhat.com/show_bug.cgi?id=447461
bugzilla.redhat.com/show_bug.cgi?id=447462
bugzilla.redhat.com/show_bug.cgi?id=447463
Related
nessus
nessus
RHEL 4 : gnutls (RHSA-2008:0492)
2008-05-22 00:00:00
SuSE 10 Security Update : GnuTLS (ZYPP Patch Number 5601)
2008-09-16 00:00:00
SuSE 10 Security Update : GnuTLS (ZYPP Patch Number 5543)
2009-09-24 00:00:00
openvas
openvas
RedHat Update for gnutls RHSA-2008:0489-01
2009-03-06 00:00:00
GnuTLS < 2.2.5 Vulnerability - Linux
2008-09-06 00:00:00
Gentoo Security Advisory GLSA 200805-20 (gnutls)
2008-09-24 00:00:00
slackware
slackware
[slackware-security] gnutls
2008-06-28 22:44:13
ubuntu
ubuntu
GnuTLS vulnerabilities
2008-05-21 00:00:00
fedora
fedora
[SECURITY] Fedora 8 Update: gnutls-1.6.3-3.fc8
2008-05-21 10:57:21
[SECURITY] Fedora 9 Update: gnutls-2.0.4-3.fc9
2008-05-21 11:05:37
[SECURITY] Fedora 7 Update: gnutls-1.6.3-3.fc7
2008-05-21 11:08:14
suse
suse
remote code execution in gnutls
2008-09-17 16:33:28
gentoo
gentoo
GnuTLS: Execution of arbitrary code
2008-05-21 00:00:00
centos
centos
gnutls security update
2008-05-21 20:30:15
gnutls security update
2008-05-22 13:49:09
oraclelinux
oraclelinux
gnutls security update
2008-05-20 00:00:00
gnutls security update
2008-05-20 00:00:00
redhat
redhat
(RHSA-2008:0492) Important: gnutls security update
2008-05-20 00:00:00
(RHSA-2008:0489) Critical: gnutls security update
2008-05-20 00:00:00
debian
debian
[SECURITY] [DSA 1581-1] New gnutls13 packages fix potential code execution
2008-05-20 16:37:41
osv
osv
gnutls13 - potential code execution
2008-05-20 00:00:00
seebug
seebug
GnuTLSε ζΊ’εΊεζη»ζε‘ζΌζ΄
2008-05-22 00:00:00
prion
prion
Design/Logic Flaw
2008-05-21 13:24:00
Buffer overflow
2008-05-21 13:24:00
Integer overflow
2008-05-21 13:24:00
ubuntucve
ubuntucve
cert
cert
GnuTLS Client Hello repeat Denial of Service
2008-05-29 00:00:00
GnuTLS Server Name extension Denial of Service
2008-05-29 00:00:00
GnuTLS Pad Length Denial of Service
2008-05-30 00:00:00
cvelist
cvelist
nvd
nvd
cve
cve
10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.084 Low
EPSS
Percentile
94.5%
Related for FEDORA_2008-4274.NASL