Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2014-2021 Tenable Network Security, Inc.FEDORA_2014-0926.NASL
HistoryFeb 03, 2014 - 12:00 a.m.

Fedora 20 : memcached-1.4.17-1.fc20 (2014-0926)

2014-02-0300:00:00
This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.
www.tenable.com
11
JSON

This is an update to the latest upstream release. It fixes several security vulnerabilities, possible crashes when the key is printed in verbose mode and crash with specially crafted packet. (CVE-2011-4971, CVE-2013-0179, CVE-2013-7291 CVE-2013-7290)

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Fedora Security Advisory 2014-0926.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(72249);
  script_version("1.5");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/11");

  script_cve_id("CVE-2011-4971", "CVE-2013-0179", "CVE-2013-7290", "CVE-2013-7291");
  script_xref(name:"FEDORA", value:"2014-0926");

  script_name(english:"Fedora 20 : memcached-1.4.17-1.fc20 (2014-0926)");
  script_summary(english:"Checks rpm output for the updated package.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Fedora host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"This is an update to the latest upstream release. It fixes several
security vulnerabilities, possible crashes when the key is printed in
verbose mode and crash with specially crafted packet. (CVE-2011-4971,
CVE-2013-0179, CVE-2013-7291 CVE-2013-7290)

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=1052863"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=1052864"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=895054"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=957964"
  );
  # https://lists.fedoraproject.org/pipermail/package-announce/2014-February/127603.html
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?e7fa9ae2"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected memcached package."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:memcached");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:20");

  script_set_attribute(attribute:"patch_publication_date", value:"2014/01/16");
  script_set_attribute(attribute:"plugin_publication_date", value:"2014/02/03");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.");
  script_family(english:"Fedora Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
os_ver = os_ver[1];
if (! ereg(pattern:"^20([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 20.x", "Fedora " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);

flag = 0;
if (rpm_check(release:"FC20", reference:"memcached-1.4.17-1.fc20")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "memcached");
}
VendorProductVersionCPE
fedoraprojectfedoramemcachedp-cpe:/a:fedoraproject:fedora:memcached
fedoraprojectfedora20cpe:/o:fedoraproject:fedora:20

Related

openvas 11
fedora 2
nessus 12
debiancve 4
ubuntucve 4
prion 5
cve 5
gentoo 1
securityvulns 5
mageia 2
ibm 2
suse 2
osv 2
debian 3
ubuntu 1
openvas
openvas
Fedora Update for memcached FEDORA-2014-0926
2014-02-03 00:00:00
Fedora Update for memcached FEDORA-2014-0934
2014-02-03 00:00:00
Fedora Update for memcached FEDORA-2014-0934
2014-02-03 00:00:00
fedora
fedora
[SECURITY] Fedora 20 Update: memcached-1.4.17-1.fc20
2014-02-03 02:42:54
[SECURITY] Fedora 19 Update: memcached-1.4.17-1.fc19
2014-02-03 02:49:19
nessus
nessus
Fedora 19 : memcached-1.4.17-1.fc19 (2014-0934)
2014-02-03 00:00:00
openSUSE Security Update : memcached (openSUSE-SU-2014:0867-1)
2014-07-04 00:00:00
GLSA-201406-13 : memcached: Multiple vulnerabilities
2014-06-16 00:00:00
debiancve
debiancve
CVE-2013-7291
2014-01-13 21:55:00
CVE-2013-7290
2014-01-13 21:55:00
CVE-2011-4971
2013-12-12 18:55:00
ubuntucve
ubuntucve
CVE-2013-7291
2013-01-15 00:00:00
CVE-2013-0179
2013-01-15 00:00:00
CVE-2013-7290
2013-01-15 00:00:00
prion
prion
Design/Logic Flaw
2014-01-13 21:55:00
Design/Logic Flaw
2014-01-13 21:55:00
Integer overflow
2013-12-12 18:55:00
cve
cve
CVE-2013-7291
2014-01-13 21:55:00
CVE-2013-7290
2014-01-13 21:55:00
CVE-2011-4971
2013-12-12 18:55:00
gentoo
gentoo
memcached: Multiple vulnerabilities
2014-06-15 00:00:00
securityvulns
securityvulns
[ MDVSA-2014:010 ] memcached
2014-01-29 00:00:00
memcached multiple security vulnerabilities
2014-01-29 00:00:00
[SECURITY] [DSA 2832-1] memcached security update
2014-01-08 00:00:00
mageia
mageia
Updated memcached package fixes multiple security vulnerabilities
2014-01-21 20:14:47
Updated memcached packages fix CVE-2011-4971
2013-11-22 22:40:36
ibm
ibm
Security Bulletin: Multiple vulnerabilities in PHP and memcached libraries affect IBM Tealeaf Customer Experience
2018-06-16 20:03:30
Security Bulletin: Multiple security issues in IBM Tealeaf Customer Experience on Cloud Network Capture Add-On
2018-06-16 20:01:05
suse
suse
Security update for memcached (important)
2018-03-26 15:09:40
Security update for memcached (important)
2018-03-22 17:27:53
osv
osv
memcached - several
2014-01-01 00:00:00
memcached - security update
2016-11-05 00:00:00
debian
debian
[SECURITY] [DSA 2832-1] memcached security update
2014-01-01 11:17:45
[SECURITY] [DSA 2832-1] memcached security update
2014-01-01 11:17:45
[SECURITY] [DLA 701-1] memcached security update
2016-11-05 14:57:27
ubuntu
ubuntu
Memcached vulnerabilities
2014-01-13 00:00:00
JSON
Related for FEDORA_2014-0926.NASL
openvas11fedora2nessus12debiancve4ubuntucve4prion5cve5gentoo1securityvulns5mageia2ibm2suse2osv2debian3ubuntu1