Lucene search
This script is Copyright (C) 2016-2021 Tenable Network Security, Inc.FEDORA_2016-65B7608D8B.NASLHistoryMar 04, 2016 - 12:00 a.m.
Fedora 23 : okhttp-2.7.4-1.fc23 / okio-1.6.0-1.fc23 (2016-65b7608d8b)
2016-03-0400:00:00
This script is Copyright (C) 2016-2021 Tenable Network Security, Inc.
www.tenable.com
8
This update fixes a security vulnerability which allows an attacker to bypass certificate pinning and cause OkHttp not not to validate that the pinned certificate was in the chain to a trusted certificate authority.
Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Fedora Security Advisory 2016-65b7608d8b.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(89558);
script_version("1.4");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/11");
script_cve_id("CVE-2016-2402");
script_xref(name:"FEDORA", value:"2016-65b7608d8b");
script_name(english:"Fedora 23 : okhttp-2.7.4-1.fc23 / okio-1.6.0-1.fc23 (2016-65b7608d8b)");
script_summary(english:"Checks rpm output for the updated packages.");
script_set_attribute(
attribute:"synopsis",
value:"The remote Fedora host is missing one or more security updates."
);
script_set_attribute(
attribute:"description",
value:
"This update fixes a security vulnerability which allows an attacker to
bypass certificate pinning and cause OkHttp not not to validate that
the pinned certificate was in the chain to a trusted certificate
authority.
Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.redhat.com/show_bug.cgi?id=1308851"
);
# https://lists.fedoraproject.org/pipermail/package-announce/2016-February/178177.html
script_set_attribute(
attribute:"see_also",
value:"http://www.nessus.org/u?5dd9d23d"
);
# https://lists.fedoraproject.org/pipermail/package-announce/2016-February/178178.html
script_set_attribute(
attribute:"see_also",
value:"http://www.nessus.org/u?b557205d"
);
script_set_attribute(
attribute:"solution",
value:"Update the affected okhttp and / or okio packages."
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:okhttp");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:okio");
script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:23");
script_set_attribute(attribute:"patch_publication_date", value:"2016/02/29");
script_set_attribute(attribute:"plugin_publication_date", value:"2016/03/04");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2016-2021 Tenable Network Security, Inc.");
script_family(english:"Fedora Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
os_ver = os_ver[1];
if (! ereg(pattern:"^23([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 23.x", "Fedora " + os_ver);
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
flag = 0;
if (rpm_check(release:"FC23", reference:"okhttp-2.7.4-1.fc23")) flag++;
if (rpm_check(release:"FC23", reference:"okio-1.6.0-1.fc23")) flag++;
if (flag)
{
if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
else security_warning(0);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "okhttp / okio");
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| fedoraproject | fedora | okhttp | p-cpe:/a:fedoraproject:fedora:okhttp |
| fedoraproject | fedora | okio | p-cpe:/a:fedoraproject:fedora:okio |
| fedoraproject | fedora | 23 | cpe:/o:fedoraproject:fedora:23 |
Related
prion
prion
Design/Logic Flaw
2017-01-30 22:59:00
atlassian
atlassian
OkHttp Certificate Pinning Vulnerability CVE-2016-2402
2020-02-27 09:43:44
OkHttp Certificate Pinning Vulnerability CVE-2016-2402
2020-02-27 09:43:44
fedora
fedora
[SECURITY] Fedora 23 Update: okhttp-2.7.4-1.fc23
2016-02-29 22:30:33
[SECURITY] Fedora 23 Update: okio-1.6.0-1.fc23
2016-02-29 22:30:35
cve
cve
CVE-2016-2402
2017-01-30 22:59:00
osv
osv
CVE-2016-2402
2017-01-30 22:59:00
Improper Certificate Validation in OkHttp
2022-05-13 01:11:51
github
github
Improper Certificate Validation in OkHttp
2022-05-13 01:11:51
openvas
openvas
Fedora Update for okhttp FEDORA-2016-65
2016-03-01 00:00:00
Fedora Update for okio FEDORA-2016-65
2016-03-01 00:00:00
Related for FEDORA_2016-65B7608D8B.NASL