Fedora 15 : torque-3.0.1-4.fc15 (2011-8072)

2011-07-13T00:00:00
ID FEDORA_2011-8072.NASL
Type nessus
Reporter This script is Copyright (C) 2011-2021 Tenable Network Security, Inc.
Modified 2011-07-13T00:00:00

Description

This update fixes a buffer overflow that could allow for remote arbitrary code execution by a torque service. Credit to Bartlomiej Balcerek - CVE-2011-2193.

Warning: Packages previous to torque-3.0.1-4.fc15 within Fedora 15 contained the empty file /var/lib/torque/server_priv/nodes . This file is a listing of the nodes within your torque cluster and as such it should survive intact with upgrades. This file has now been removed from the package with torque-3.0.1-4.fc15 but it is essential that you backup and restore this file before and then after installing torque-3.0.1-4.fc15.

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

                                        
                                            #%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Fedora Security Advisory 2011-8072.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(55578);
  script_version("1.10");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/11");

  script_cve_id("CVE-2011-2193");
  script_bugtraq_id(48374);
  script_xref(name:"FEDORA", value:"2011-8072");

  script_name(english:"Fedora 15 : torque-3.0.1-4.fc15 (2011-8072)");
  script_summary(english:"Checks rpm output for the updated package.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Fedora host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"This update fixes a buffer overflow that could allow for remote
arbitrary code execution by a torque service. Credit to Bartlomiej
Balcerek - CVE-2011-2193.

Warning: Packages previous to torque-3.0.1-4.fc15 within Fedora 15
contained the empty file /var/lib/torque/server_priv/nodes . This file
is a listing of the nodes within your torque cluster and as such it
should survive intact with upgrades. This file has now been removed
from the package with torque-3.0.1-4.fc15 but it is essential that you
backup and restore this file before and then after installing
torque-3.0.1-4.fc15.

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=711463"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=713996"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=716659"
  );
  # https://lists.fedoraproject.org/pipermail/package-announce/2011-July/062638.html
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?05f7ad3c"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected torque package."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:S/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:torque");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:15");

  script_set_attribute(attribute:"patch_publication_date", value:"2011/06/10");
  script_set_attribute(attribute:"plugin_publication_date", value:"2011/07/13");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2011-2021 Tenable Network Security, Inc.");
  script_family(english:"Fedora Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
os_ver = os_ver[1];
if (! ereg(pattern:"^15([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 15.x", "Fedora " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);

flag = 0;
if (rpm_check(release:"FC15", reference:"torque-3.0.1-4.fc15")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "torque");
}