Lucene search
This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.FEDORA_2013-18202.NASLHistoryOct 13, 2013 - 12:00 a.m.
Fedora 20 : glpi-0.84.2-1.fc20 (2013-18202)
2013-10-1300:00:00
This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
18
New major version of GLPI.
Upstream announcements :
-
GLPI 0.84 http://www.glpi-project.org/spip.php?page=annonce&id_bre ve=304&lang=en
-
GLPI 0.84.1 http://www.glpi-project.org/spip.php?page=annonce&id_b reve=306&lang=en
-
GLPI 0.84.2 http://www.glpi-project.org/spip.php?page=annonce&id_b reve=308&lang=en
-
Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Fedora Security Advisory 2013-18202.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(70404);
script_version("1.8");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/11");
script_cve_id("CVE-2013-5696");
script_bugtraq_id(62515);
script_xref(name:"FEDORA", value:"2013-18202");
script_name(english:"Fedora 20 : glpi-0.84.2-1.fc20 (2013-18202)");
script_summary(english:"Checks rpm output for the updated package.");
script_set_attribute(
attribute:"synopsis",
value:"The remote Fedora host is missing a security update."
);
script_set_attribute(
attribute:"description",
value:
"New major version of GLPI.
Upstream announcements :
- GLPI 0.84
http://www.glpi-project.org/spip.php?page=annonce&id_bre
ve=304&lang=en
- GLPI 0.84.1
http://www.glpi-project.org/spip.php?page=annonce&id_b
reve=306&lang=en
- GLPI 0.84.2
http://www.glpi-project.org/spip.php?page=annonce&id_b
reve=308&lang=en
Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
);
# http://www.glpi-project.org/spip.php?page=annonce&id_breve=304&lang=en
script_set_attribute(
attribute:"see_also",
value:"http://glpi-project.org/spip.php?page=annonce&id_breve=304&lang=en"
);
# http://www.glpi-project.org/spip.php?page=annonce&id_breve=306&lang=en
script_set_attribute(
attribute:"see_also",
value:"http://glpi-project.org/spip.php?page=annonce&id_breve=306&lang=en"
);
# http://www.glpi-project.org/spip.php?page=annonce&id_breve=308&lang=en
script_set_attribute(
attribute:"see_also",
value:"http://glpi-project.org/spip.php?page=annonce&id_breve=308&lang=en"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.redhat.com/show_bug.cgi?id=1010827"
);
# https://lists.fedoraproject.org/pipermail/package-announce/2013-October/118925.html
script_set_attribute(
attribute:"see_also",
value:"http://www.nessus.org/u?34b45a24"
);
script_set_attribute(attribute:"solution", value:"Update the affected glpi package.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"d2_elliot_name", value:"GLPI 0.84.1 RCE");
script_set_attribute(attribute:"exploit_framework_d2_elliot", value:"true");
script_set_attribute(attribute:"metasploit_name", value:'GLPI install.php Remote Command Execution');
script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:glpi");
script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:20");
script_set_attribute(attribute:"vuln_publication_date", value:"2013/09/22");
script_set_attribute(attribute:"patch_publication_date", value:"2013/10/02");
script_set_attribute(attribute:"plugin_publication_date", value:"2013/10/13");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"Fedora Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
os_ver = os_ver[1];
if (! ereg(pattern:"^20([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 20.x", "Fedora " + os_ver);
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
flag = 0;
if (rpm_check(release:"FC20", reference:"glpi-0.84.2-1.fc20")) flag++;
if (flag)
{
if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
else security_warning(0);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "glpi");
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| fedoraproject | fedora | glpi | p-cpe:/a:fedoraproject:fedora:glpi |
| fedoraproject | fedora | 20 | cpe:/o:fedoraproject:fedora:20 |
References
Related
checkpoint_advisories
checkpoint_advisories
GLPI install.php Remote Command Execution (CVE-2013-5696)
2013-12-29 00:00:00
packetstorm
packetstorm
GLPI 0.84.1 Access Control / Code Injection
2013-10-02 00:00:00
GLPI install.php Remote Command Execution
2013-09-20 00:00:00
securityvulns
securityvulns
Remote Code Execution in GLPI
2013-10-02 00:00:00
ubuntucve
ubuntucve
CVE-2013-5696
2013-09-23 00:00:00
exploitpack
exploitpack
GLPI 0.84.1 - Multiple Vulnerabilities
2013-10-02 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 9 package glpi version 0.84.2-alt1
2013-09-20 00:00:00
Security fix for the ALT Linux 10 package glpi version 0.84.2-alt1
2013-09-20 00:00:00
zdt
zdt
GLPI install.php Remote Command Execution Vulnerability
2013-09-21 00:00:00
GLPI 0.84.1 - Multiple Vulnerabilities
2013-10-02 00:00:00
fedora
fedora
[SECURITY] Fedora 20 Update: glpi-0.84.2-1.fc20
2013-10-12 04:30:38
dsquare
dsquare
GLPI 0.84.1 RCE
2013-10-04 00:00:00
htbridge
htbridge
Remote Code Execution in GLPI
2013-09-11 00:00:00
metasploit
metasploit
GLPI install.php Remote Command Execution
2013-09-20 08:45:10
cvelist
cvelist
CVE-2013-5696
2022-10-03 16:14:54
cve
cve
CVE-2013-5696
2013-09-23 03:49:00
prion
prion
Cross site request forgery (csrf)
2013-09-23 03:49:00
seebug
seebug
GLPI install.php Remote Command Execution
2014-07-01 00:00:00
exploitdb
exploitdb
GLPI 0.84.1 - Multiple Vulnerabilities
2013-10-02 00:00:00
GLPI - 'install.php' Remote Command Execution (Metasploit)
2013-09-23 00:00:00
nessus
nessus
Mandriva Linux Security Advisory : glpi (MDVSA-2013:240)
2013-09-26 00:00:00
mageia
mageia
Updated glpi package fixes security vulnerabilities
2013-09-20 09:36:48
openvas
openvas
Mageia: Security Advisory (MGASA-2013-0288)
2022-01-28 00:00:00
Related for FEDORA_2013-18202.NASL