Security update to new File version 5.19 fixing 8 CVEs found in previous two months.
Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Fedora Security Advisory 2014-7992.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(76377);
script_version("1.9");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/11");
script_cve_id("CVE-2012-1571", "CVE-2013-7345", "CVE-2014-0207", "CVE-2014-0237", "CVE-2014-3478", "CVE-2014-3479", "CVE-2014-3480", "CVE-2014-3487", "CVE-2014-3538");
script_bugtraq_id(52225, 66406, 67759, 68120, 68238, 68239, 68241, 68243, 68348);
script_xref(name:"FEDORA", value:"2014-7992");
script_name(english:"Fedora 20 : file-5.19-1.fc20 (2014-7992)");
script_summary(english:"Checks rpm output for the updated package.");
script_set_attribute(
attribute:"synopsis",
value:"The remote Fedora host is missing a security update."
);
script_set_attribute(
attribute:"description",
value:
"Security update to new File version 5.19 fixing 8 CVEs found in
previous two months.
Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.redhat.com/show_bug.cgi?id=1091842"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.redhat.com/show_bug.cgi?id=1098193"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.redhat.com/show_bug.cgi?id=1098222"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.redhat.com/show_bug.cgi?id=1104858"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.redhat.com/show_bug.cgi?id=1104863"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.redhat.com/show_bug.cgi?id=1104869"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.redhat.com/show_bug.cgi?id=1107544"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.redhat.com/show_bug.cgi?id=805197"
);
# https://lists.fedoraproject.org/pipermail/package-announce/2014-July/135082.html
script_set_attribute(
attribute:"see_also",
value:"http://www.nessus.org/u?9764a3fc"
);
script_set_attribute(attribute:"solution", value:"Update the affected file package.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:file");
script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:20");
script_set_attribute(attribute:"patch_publication_date", value:"2014/07/01");
script_set_attribute(attribute:"plugin_publication_date", value:"2014/07/06");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"Fedora Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
os_ver = os_ver[1];
if (! ereg(pattern:"^20([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 20.x", "Fedora " + os_ver);
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
flag = 0;
if (rpm_check(release:"FC20", reference:"file-5.19-1.fc20")) flag++;
if (flag)
{
if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
else security_warning(0);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "file");
}
Vendor | Product | Version | CPE |
---|---|---|---|
fedoraproject | fedora | file | p-cpe:/a:fedoraproject:fedora:file |
fedoraproject | fedora | 20 | cpe:/o:fedoraproject:fedora:20 |
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1571
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7345
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0207
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0237
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3478
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3479
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3480
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3487
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3538
www.nessus.org/u?9764a3fc
bugzilla.redhat.com/show_bug.cgi?id=1091842
bugzilla.redhat.com/show_bug.cgi?id=1098193
bugzilla.redhat.com/show_bug.cgi?id=1098222
bugzilla.redhat.com/show_bug.cgi?id=1104858
bugzilla.redhat.com/show_bug.cgi?id=1104863
bugzilla.redhat.com/show_bug.cgi?id=1104869
bugzilla.redhat.com/show_bug.cgi?id=1107544
bugzilla.redhat.com/show_bug.cgi?id=805197