Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2008-2021 and is owned by Tenable, Inc. or an Affiliate thereof.FEDORA_2008-8905.NASL
HistoryOct 16, 2008 - 12:00 a.m.

Fedora 8 : drupal-5.11-1.fc8 (2008-8905)

2008-10-1600:00:00
This script is Copyright (C) 2008-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
12

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.002 Low

EPSS

Percentile

60.0%

JSON

Update to 5.11, security fixes: SA-2008-047 (http://drupal.org/node/318706)

  • File upload access bypass (file disclosure) - Access rules bypass - BlogAPI access bypass - Node validation bypass Remember to log in to your site as the admin user before upgrading this package. After upgrading the package, browse to http://host/drupal/update.php to run the upgrade script.

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Fedora Security Advisory 2008-8905.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(34427);
  script_version("1.16");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/11");

  script_cve_id("CVE-2008-3661");
  script_bugtraq_id(31285, 31662);
  script_xref(name:"FEDORA", value:"2008-8905");

  script_name(english:"Fedora 8 : drupal-5.11-1.fc8 (2008-8905)");
  script_summary(english:"Checks rpm output for the updated package.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Fedora host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Update to 5.11, security fixes: SA-2008-047
(http://drupal.org/node/318706)

  - File upload access bypass (file disclosure) - Access
    rules bypass - BlogAPI access bypass - Node validation
    bypass Remember to log in to your site as the admin user
    before upgrading this package. After upgrading the
    package, browse to http://host/drupal/update.php to run
    the upgrade script.

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://drupal.org/node/318706"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=464162"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=466741"
  );
  # https://lists.fedoraproject.org/pipermail/package-announce/2008-October/015390.html
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?e35de17c"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected drupal package."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_cwe_id(310);

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:drupal");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:8");

  script_set_attribute(attribute:"patch_publication_date", value:"2008/10/16");
  script_set_attribute(attribute:"plugin_publication_date", value:"2008/10/16");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2008-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Fedora Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
os_ver = os_ver[1];
if (! ereg(pattern:"^8([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 8.x", "Fedora " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);

flag = 0;
if (rpm_check(release:"FC8", reference:"drupal-5.11-1.fc8")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "drupal");
}
VendorProductVersionCPE
fedoraprojectfedoradrupalp-cpe:/a:fedoraproject:fedora:drupal
fedoraprojectfedora8cpe:/o:fedoraproject:fedora:8

Related

openvas 20
fedora 10
securityvulns 2
cve 1
prion 1
cvelist 1
nvd 1
nessus 1
ubuntucve 1
openvas
openvas
Fedora Core 9 FEDORA-2009-4203 (drupal)
2009-05-05 00:00:00
Fedora Update for drupal FEDORA-2008-8852
2009-02-17 00:00:00
Fedora Core 9 FEDORA-2009-4203 (drupal)
2009-05-05 00:00:00
fedora
fedora
[SECURITY] Fedora 9 Update: drupal-6.5-1.fc9
2008-10-16 02:09:24
[SECURITY] Fedora 8 Update: drupal-5.13-1.fc8
2008-12-13 14:55:09
[SECURITY] Fedora 9 Update: drupal-6.11-1.fc9
2009-05-02 16:40:42
securityvulns
securityvulns
drupal: Session hijacking vulnerability, CVE-2008-3661
2008-09-24 00:00:00
Daily web applications security vulnerabilities summary &#40;PHP, ASP, JSP, CGI, Perl&#41;
2008-09-24 00:00:00
cve
cve
CVE-2008-3661
2008-09-23 15:25:42
prion
prion
Design/Logic Flaw
2008-09-23 15:25:00
cvelist
cvelist
CVE-2008-3661
2008-09-23 15:00:00
nvd
nvd
CVE-2008-3661
2008-09-23 15:25:42
nessus
nessus
Fedora 9 : drupal-6.5-1.fc9 (2008-8852)
2008-10-16 00:00:00
ubuntucve
ubuntucve
CVE-2008-3661
2008-09-23 00:00:00

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.002 Low

EPSS

Percentile

60.0%

JSON
Related for FEDORA_2008-8905.NASL
openvas20fedora10securityvulns2cve1prion1cvelist1nvd1nessus1ubuntucve1