Fedora 27 : rpm (2018-2c9120d494)

2018-11-11T00:00:00
ID FEDORA_2018-2C9120D494.NASL
Type nessus
Reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
Modified 2020-02-02T00:00:00

Description

An unfortunate regression in rpm 4.14.2 causes --setperms to behave incorrectly on symbolic links: file and directory permissions become world-writable and executable on symlink targets. A similar flaw exists in --setugids, but it is less exploitable.

If you have used --setperms (or --setugids, or --restore) with rpm 4.14.2, you should ensure system integrity with rpm --verify before proceeding to correct any mixed up permissions and ownerships to avoid possibly giving suid capabilities to a modified binary.

Further details of the --setperms bug available upstream: http://rpm.org/wiki/Releases/4.14.2.1

Note that this update can not automatically fix possible damage done by using –setperms, –setugids or –restore with rpm 4.14.2, it merely fixes the functionlity itself. Any damage needs to be investigated and fixed manually, such as using –verify and –restore or reinstalling packages.

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

                                        
                                            #
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Fedora Security Advisory FEDORA-2018-2c9120d494.
#

include("compat.inc");

if (description)
{
  script_id(118857);
  script_version("1.2");
  script_cvs_date("Date: 2019/09/25 17:12:11");

  script_xref(name:"FEDORA", value:"2018-2c9120d494");

  script_name(english:"Fedora 27 : rpm (2018-2c9120d494)");
  script_summary(english:"Checks rpm output for the updated package.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Fedora host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"An unfortunate regression in rpm 4.14.2 causes --setperms to behave
incorrectly on symbolic links: file and directory permissions become
world-writable and executable on symlink targets. A similar flaw
exists in --setugids, but it is less exploitable.

If you have used --setperms (or --setugids, or --restore) with rpm
4.14.2, you should ensure system integrity with rpm --verify before
proceeding to correct any mixed up permissions and ownerships to avoid
possibly giving suid capabilities to a modified binary.

Further details of the --setperms bug available upstream:
http://rpm.org/wiki/Releases/4.14.2.1

**Note that this update can not automatically fix possible damage done
by using –setperms, –setugids or –restore with rpm
4.14.2, it merely fixes the functionlity itself. Any damage needs to
be investigated and fixed manually, such as using –verify and
–restore or reinstalling packages.**

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as
possible without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bodhi.fedoraproject.org/updates/FEDORA-2018-2c9120d494"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected rpm package.");
  script_set_attribute(attribute:"risk_factor", value:"High");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:rpm");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:27");

  script_set_attribute(attribute:"vuln_publication_date", value:"2018/11/10");
  script_set_attribute(attribute:"patch_publication_date", value:"2018/11/10");
  script_set_attribute(attribute:"plugin_publication_date", value:"2018/11/11");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Fedora Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
os_ver = os_ver[1];
if (! preg(pattern:"^27([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 27", "Fedora " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);


cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);


flag = 0;
if (rpm_check(release:"FC27", reference:"rpm-4.14.2.1-1.fc27")) flag++;


if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "rpm");
}