ID GENTOO_GLSA-200410-07.NASL Type nessus Reporter Tenable Modified 2018-08-10T00:00:00
Description
The remote host is affected by the vulnerability described in GLSA-200410-07 (ed: Insecure temporary file handling)
ed insecurely creates temporary files in world-writeable directories with predictable names. Given that ed is used in various system shell scripts, they are by extension affected by the same vulnerability.
Impact :
A local attacker could create symbolic links in the temporary files directory, pointing to a valid file somewhere on the filesystem. When ed is called, this would result in file access with the rights of the user running the utility, which could be the root user.
Workaround :
There is no known workaround at this time.
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Gentoo Linux Security Advisory GLSA 200410-07.
#
# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.
# and licensed under the Creative Commons - Attribution / Share Alike
# license. See http://creativecommons.org/licenses/by-sa/3.0/
#
include("compat.inc");
if (description)
{
script_id(15445);
script_version("1.13");
script_cvs_date("Date: 2018/08/10 18:07:05");
script_cve_id("CVE-2000-1137");
script_xref(name:"GLSA", value:"200410-07");
script_name(english:"GLSA-200410-07 : ed: Insecure temporary file handling");
script_summary(english:"Checks for updated package(s) in /var/db/pkg");
script_set_attribute(
attribute:"synopsis",
value:
"The remote Gentoo host is missing one or more security-related
patches."
);
script_set_attribute(
attribute:"description",
value:
"The remote host is affected by the vulnerability described in GLSA-200410-07
(ed: Insecure temporary file handling)
ed insecurely creates temporary files in world-writeable directories with
predictable names. Given that ed is used in various system shell scripts,
they are by extension affected by the same vulnerability.
Impact :
A local attacker could create symbolic links in the temporary files
directory, pointing to a valid file somewhere on the filesystem. When ed is
called, this would result in file access with the rights of the user
running the utility, which could be the root user.
Workaround :
There is no known workaround at this time."
);
script_set_attribute(
attribute:"see_also",
value:"https://security.gentoo.org/glsa/200410-07"
);
script_set_attribute(
attribute:"solution",
value:
"All ed users should upgrade to the latest version:
# emerge sync
# emerge -pv '>=sys-apps/ed-0.2-r4'
# emerge '>=sys-apps/ed-0.2-r4'"
);
script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:ed");
script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux");
script_set_attribute(attribute:"patch_publication_date", value:"2004/10/09");
script_set_attribute(attribute:"plugin_publication_date", value:"2004/10/09");
script_set_attribute(attribute:"vuln_publication_date", value:"2000/12/11");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2004-2018 Tenable Network Security, Inc.");
script_family(english:"Gentoo Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("qpkg.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo");
if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
flag = 0;
if (qpkg_check(package:"sys-apps/ed", unaffected:make_list("ge 0.2-r4"), vulnerable:make_list("le 0.2-r3"))) flag++;
if (flag)
{
if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());
else security_warning(0);
exit(0);
}
else
{
tested = qpkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "ed");
}
{"id": "GENTOO_GLSA-200410-07.NASL", "bulletinFamily": "scanner", "title": "GLSA-200410-07 : ed: Insecure temporary file handling", "description": "The remote host is affected by the vulnerability described in GLSA-200410-07 (ed: Insecure temporary file handling)\n\n ed insecurely creates temporary files in world-writeable directories with predictable names. Given that ed is used in various system shell scripts, they are by extension affected by the same vulnerability.\n Impact :\n\n A local attacker could create symbolic links in the temporary files directory, pointing to a valid file somewhere on the filesystem. When ed is called, this would result in file access with the rights of the user running the utility, which could be the root user.\n Workaround :\n\n There is no known workaround at this time.", "published": "2004-10-09T00:00:00", "modified": "2018-08-10T00:00:00", "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=15445", "reporter": "Tenable", "references": ["https://security.gentoo.org/glsa/200410-07"], "cvelist": ["CVE-2000-1137"], "type": "nessus", "lastseen": "2019-02-21T01:08:13", "history": [{"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:ed"], "cvelist": ["CVE-2000-1137"], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "The remote host is affected by the vulnerability described in GLSA-200410-07 (ed: Insecure temporary file handling)\n\n ed insecurely creates temporary files in world-writeable directories with predictable names. Given that ed is used in various system shell scripts, they are by extension affected by the same vulnerability.\n Impact :\n\n A local attacker could create symbolic links in the temporary files directory, pointing to a valid file somewhere on the filesystem. When ed is called, this would result in file access with the rights of the user running the utility, which could be the root user.\n Workaround :\n\n There is no known workaround at this time.", "edition": 4, "enchantments": {"score": {"value": 7.2, "vector": "NONE"}}, "hash": "538ffcc2f90f539dd3720c7835491df84a16bfc72745d69e6e377267f054aafa", "hashmap": [{"hash": "9ab63df68948728231eca577b2f98dc1", "key": "href"}, {"hash": "9c6fe61712654f56360b12011e3de300", "key": "modified"}, {"hash": "067a6535e54a54a17bc7ebf7df749413", "key": "cvelist"}, {"hash": "3abb0f3e45635586e3ed5809402f4a40", "key": "references"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "cac5b3b3f964bf3d8cff415f9c342d01", "key": "description"}, {"hash": "fe0bb7b02d0d77e50e84c95fef1e0d33", "key": "title"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "2f3a6a360e2891e9b6a9636e6a5729ff", "key": "cpe"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "94cb9a4d4528029e438c6d1858ab4c34", "key": "published"}, {"hash": "3052911097b5fe0f62c7d85da70d389e", "key": "sourceData"}, {"hash": "cf18d881f0f76f23f322ed3f861d3616", "key": "naslFamily"}, {"hash": "9759e4afabf043458dd9f1988644ed6b", "key": "pluginID"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=15445", "id": "GENTOO_GLSA-200410-07.NASL", "lastseen": "2018-08-30T19:44:13", "modified": "2018-08-10T00:00:00", "naslFamily": "Gentoo Local Security Checks", "objectVersion": "1.3", "pluginID": "15445", "published": "2004-10-09T00:00:00", "references": ["https://security.gentoo.org/glsa/200410-07"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200410-07.\n#\n# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(15445);\n script_version(\"1.13\");\n script_cvs_date(\"Date: 2018/08/10 18:07:05\");\n\n script_cve_id(\"CVE-2000-1137\");\n script_xref(name:\"GLSA\", value:\"200410-07\");\n\n script_name(english:\"GLSA-200410-07 : ed: Insecure temporary file handling\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200410-07\n(ed: Insecure temporary file handling)\n\n ed insecurely creates temporary files in world-writeable directories with\n predictable names. Given that ed is used in various system shell scripts,\n they are by extension affected by the same vulnerability.\n \nImpact :\n\n A local attacker could create symbolic links in the temporary files\n directory, pointing to a valid file somewhere on the filesystem. When ed is\n called, this would result in file access with the rights of the user\n running the utility, which could be the root user.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200410-07\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All ed users should upgrade to the latest version:\n # emerge sync\n # emerge -pv '>=sys-apps/ed-0.2-r4'\n # emerge '>=sys-apps/ed-0.2-r4'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:ed\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2004/10/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2004/10/09\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2000/12/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2004-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"sys-apps/ed\", unaffected:make_list(\"ge 0.2-r4\"), vulnerable:make_list(\"le 0.2-r3\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ed\");\n}\n", "title": "GLSA-200410-07 : ed: Insecure temporary file handling", "type": "nessus", "viewCount": 0}, "differentElements": ["cvss"], "edition": 4, "lastseen": "2018-08-30T19:44:13"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:ed"], "cvelist": ["CVE-2000-1137"], "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "The remote host is affected by the vulnerability described in GLSA-200410-07 (ed: Insecure temporary file handling)\n\n ed insecurely creates temporary files in world-writeable directories with predictable names. Given that ed is used in various system shell scripts, they are by extension affected by the same vulnerability.\n Impact :\n\n A local attacker could create symbolic links in the temporary files directory, pointing to a valid file somewhere on the filesystem. When ed is called, this would result in file access with the rights of the user running the utility, which could be the root user.\n Workaround :\n\n There is no known workaround at this time.", "edition": 3, "enchantments": {"score": {"value": 7.2, "vector": "NONE"}}, "hash": "1669dee0f48dff38bc67c299bdd08008f5adc028d7517bcf8c1845aea45ccec8", "hashmap": [{"hash": "9ab63df68948728231eca577b2f98dc1", "key": "href"}, {"hash": "9c6fe61712654f56360b12011e3de300", "key": "modified"}, {"hash": "067a6535e54a54a17bc7ebf7df749413", "key": "cvelist"}, {"hash": "3abb0f3e45635586e3ed5809402f4a40", "key": "references"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "cac5b3b3f964bf3d8cff415f9c342d01", "key": "description"}, {"hash": "fe0bb7b02d0d77e50e84c95fef1e0d33", "key": "title"}, {"hash": "2f3a6a360e2891e9b6a9636e6a5729ff", "key": "cpe"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "94cb9a4d4528029e438c6d1858ab4c34", "key": "published"}, {"hash": "3052911097b5fe0f62c7d85da70d389e", "key": "sourceData"}, {"hash": "292f2e293571b0e70e3182b615982dad", "key": "cvss"}, {"hash": "cf18d881f0f76f23f322ed3f861d3616", "key": "naslFamily"}, {"hash": "9759e4afabf043458dd9f1988644ed6b", "key": "pluginID"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=15445", "id": "GENTOO_GLSA-200410-07.NASL", "lastseen": "2018-08-11T09:15:42", "modified": "2018-08-10T00:00:00", "naslFamily": "Gentoo Local Security Checks", "objectVersion": "1.3", "pluginID": "15445", "published": "2004-10-09T00:00:00", "references": ["https://security.gentoo.org/glsa/200410-07"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200410-07.\n#\n# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(15445);\n script_version(\"1.13\");\n script_cvs_date(\"Date: 2018/08/10 18:07:05\");\n\n script_cve_id(\"CVE-2000-1137\");\n script_xref(name:\"GLSA\", value:\"200410-07\");\n\n script_name(english:\"GLSA-200410-07 : ed: Insecure temporary file handling\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200410-07\n(ed: Insecure temporary file handling)\n\n ed insecurely creates temporary files in world-writeable directories with\n predictable names. Given that ed is used in various system shell scripts,\n they are by extension affected by the same vulnerability.\n \nImpact :\n\n A local attacker could create symbolic links in the temporary files\n directory, pointing to a valid file somewhere on the filesystem. When ed is\n called, this would result in file access with the rights of the user\n running the utility, which could be the root user.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200410-07\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All ed users should upgrade to the latest version:\n # emerge sync\n # emerge -pv '>=sys-apps/ed-0.2-r4'\n # emerge '>=sys-apps/ed-0.2-r4'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:ed\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2004/10/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2004/10/09\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2000/12/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2004-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"sys-apps/ed\", unaffected:make_list(\"ge 0.2-r4\"), vulnerable:make_list(\"le 0.2-r3\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ed\");\n}\n", "title": "GLSA-200410-07 : ed: Insecure temporary file handling", "type": "nessus", "viewCount": 0}, "differentElements": ["cvss"], "edition": 3, "lastseen": "2018-08-11T09:15:42"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:ed"], "cvelist": ["CVE-2000-1137"], "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "The remote host is affected by the vulnerability described in GLSA-200410-07\n(ed: Insecure temporary file handling)\n\n ed insecurely creates temporary files in world-writeable directories with\n predictable names. Given that ed is used in various system shell scripts,\n they are by extension affected by the same vulnerability.\nImpact :\n\n A local attacker could create symbolic links in the temporary files\n directory, pointing to a valid file somewhere on the filesystem. When ed is\n called, this would result in file access with the rights of the user\n running the utility, which could be the root user.\nWorkaround :\n\n There is no known workaround at this time.", "edition": 6, "enchantments": {"dependencies": {"modified": "2019-01-16T20:05:45", "references": [{"idList": ["GLSA-200410-07"], "type": "gentoo"}, {"idList": ["OPENVAS:54698"], "type": "openvas"}, {"idList": ["MANDRAKE_MDKSA-2000-076.NASL"], "type": "nessus"}, {"idList": ["CVE-2000-1137"], "type": "cve"}, {"idList": ["OSVDB:6491"], "type": "osvdb"}]}, "score": {"value": 7.2, "vector": "NONE"}}, "hash": "3cbaf1b1c3fb248e45c9ab58e5f90cc5efa0da5d202a50842794edf7eb8e442d", "hashmap": [{"hash": "9ab63df68948728231eca577b2f98dc1", "key": "href"}, {"hash": "9c6fe61712654f56360b12011e3de300", "key": "modified"}, {"hash": "067a6535e54a54a17bc7ebf7df749413", "key": "cvelist"}, {"hash": "3abb0f3e45635586e3ed5809402f4a40", "key": "references"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "fe0bb7b02d0d77e50e84c95fef1e0d33", "key": "title"}, {"hash": "c1f84c082acff883f7bf9afe3c9ccc90", "key": "description"}, {"hash": "2f3a6a360e2891e9b6a9636e6a5729ff", "key": "cpe"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "94cb9a4d4528029e438c6d1858ab4c34", "key": "published"}, {"hash": "3052911097b5fe0f62c7d85da70d389e", "key": "sourceData"}, {"hash": "292f2e293571b0e70e3182b615982dad", "key": "cvss"}, {"hash": "cf18d881f0f76f23f322ed3f861d3616", "key": "naslFamily"}, {"hash": "9759e4afabf043458dd9f1988644ed6b", "key": "pluginID"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=15445", "id": "GENTOO_GLSA-200410-07.NASL", "lastseen": "2019-01-16T20:05:45", "modified": "2018-08-10T00:00:00", "naslFamily": "Gentoo Local Security Checks", "objectVersion": "1.3", "pluginID": "15445", "published": "2004-10-09T00:00:00", "references": ["https://security.gentoo.org/glsa/200410-07"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200410-07.\n#\n# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(15445);\n script_version(\"1.13\");\n script_cvs_date(\"Date: 2018/08/10 18:07:05\");\n\n script_cve_id(\"CVE-2000-1137\");\n script_xref(name:\"GLSA\", value:\"200410-07\");\n\n script_name(english:\"GLSA-200410-07 : ed: Insecure temporary file handling\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200410-07\n(ed: Insecure temporary file handling)\n\n ed insecurely creates temporary files in world-writeable directories with\n predictable names. Given that ed is used in various system shell scripts,\n they are by extension affected by the same vulnerability.\n \nImpact :\n\n A local attacker could create symbolic links in the temporary files\n directory, pointing to a valid file somewhere on the filesystem. When ed is\n called, this would result in file access with the rights of the user\n running the utility, which could be the root user.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200410-07\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All ed users should upgrade to the latest version:\n # emerge sync\n # emerge -pv '>=sys-apps/ed-0.2-r4'\n # emerge '>=sys-apps/ed-0.2-r4'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:ed\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2004/10/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2004/10/09\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2000/12/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2004-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"sys-apps/ed\", unaffected:make_list(\"ge 0.2-r4\"), vulnerable:make_list(\"le 0.2-r3\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ed\");\n}\n", "title": "GLSA-200410-07 : ed: Insecure temporary file handling", "type": "nessus", "viewCount": 0}, "differentElements": ["description"], "edition": 6, "lastseen": "2019-01-16T20:05:45"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:ed"], "cvelist": ["CVE-2000-1137"], "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "The remote host is affected by the vulnerability described in GLSA-200410-07 (ed: Insecure temporary file handling)\n\n ed insecurely creates temporary files in world-writeable directories with predictable names. Given that ed is used in various system shell scripts, they are by extension affected by the same vulnerability.\n Impact :\n\n A local attacker could create symbolic links in the temporary files directory, pointing to a valid file somewhere on the filesystem. When ed is called, this would result in file access with the rights of the user running the utility, which could be the root user.\n Workaround :\n\n There is no known workaround at this time.", "edition": 5, "enchantments": {"score": {"value": 7.2, "vector": "NONE"}}, "hash": "1669dee0f48dff38bc67c299bdd08008f5adc028d7517bcf8c1845aea45ccec8", "hashmap": [{"hash": "9ab63df68948728231eca577b2f98dc1", "key": "href"}, {"hash": "9c6fe61712654f56360b12011e3de300", "key": "modified"}, {"hash": "067a6535e54a54a17bc7ebf7df749413", "key": "cvelist"}, {"hash": "3abb0f3e45635586e3ed5809402f4a40", "key": "references"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "cac5b3b3f964bf3d8cff415f9c342d01", "key": "description"}, {"hash": "fe0bb7b02d0d77e50e84c95fef1e0d33", "key": "title"}, {"hash": "2f3a6a360e2891e9b6a9636e6a5729ff", "key": "cpe"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "94cb9a4d4528029e438c6d1858ab4c34", "key": "published"}, {"hash": "3052911097b5fe0f62c7d85da70d389e", "key": "sourceData"}, {"hash": "292f2e293571b0e70e3182b615982dad", "key": "cvss"}, {"hash": "cf18d881f0f76f23f322ed3f861d3616", "key": "naslFamily"}, {"hash": "9759e4afabf043458dd9f1988644ed6b", "key": "pluginID"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=15445", "id": "GENTOO_GLSA-200410-07.NASL", "lastseen": "2018-09-01T23:50:28", "modified": "2018-08-10T00:00:00", "naslFamily": "Gentoo Local Security Checks", "objectVersion": "1.3", "pluginID": "15445", "published": "2004-10-09T00:00:00", "references": ["https://security.gentoo.org/glsa/200410-07"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200410-07.\n#\n# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(15445);\n script_version(\"1.13\");\n script_cvs_date(\"Date: 2018/08/10 18:07:05\");\n\n script_cve_id(\"CVE-2000-1137\");\n script_xref(name:\"GLSA\", value:\"200410-07\");\n\n script_name(english:\"GLSA-200410-07 : ed: Insecure temporary file handling\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200410-07\n(ed: Insecure temporary file handling)\n\n ed insecurely creates temporary files in world-writeable directories with\n predictable names. Given that ed is used in various system shell scripts,\n they are by extension affected by the same vulnerability.\n \nImpact :\n\n A local attacker could create symbolic links in the temporary files\n directory, pointing to a valid file somewhere on the filesystem. When ed is\n called, this would result in file access with the rights of the user\n running the utility, which could be the root user.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200410-07\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All ed users should upgrade to the latest version:\n # emerge sync\n # emerge -pv '>=sys-apps/ed-0.2-r4'\n # emerge '>=sys-apps/ed-0.2-r4'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:ed\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2004/10/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2004/10/09\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2000/12/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2004-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"sys-apps/ed\", unaffected:make_list(\"ge 0.2-r4\"), vulnerable:make_list(\"le 0.2-r3\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ed\");\n}\n", "title": "GLSA-200410-07 : ed: Insecure temporary file handling", "type": "nessus", "viewCount": 0}, "differentElements": ["description"], "edition": 5, "lastseen": "2018-09-01T23:50:28"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": [], "cvelist": ["CVE-2000-1137"], "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "The remote host is affected by the vulnerability described in GLSA-200410-07 (ed: Insecure temporary file handling)\n\n ed insecurely creates temporary files in world-writeable directories with predictable names. Given that ed is used in various system shell scripts, they are by extension affected by the same vulnerability.\n Impact :\n\n A local attacker could create symbolic links in the temporary files directory, pointing to a valid file somewhere on the filesystem. When ed is called, this would result in file access with the rights of the user running the utility, which could be the root user.\n Workaround :\n\n There is no known workaround at this time.", "edition": 1, "enchantments": {}, "hash": "69352020cc43ce64caf2751c92393bf5560b354ba531bfd22c7ff0dbd50136f5", "hashmap": [{"hash": "5eecec1588b5041585e06d258cae5a95", "key": "sourceData"}, {"hash": "9ab63df68948728231eca577b2f98dc1", "key": "href"}, {"hash": "067a6535e54a54a17bc7ebf7df749413", "key": "cvelist"}, {"hash": "3abb0f3e45635586e3ed5809402f4a40", "key": "references"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "cac5b3b3f964bf3d8cff415f9c342d01", "key": "description"}, {"hash": "fe0bb7b02d0d77e50e84c95fef1e0d33", "key": "title"}, {"hash": "326af443ca0c41e91daa171ff124ce60", "key": "modified"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "94cb9a4d4528029e438c6d1858ab4c34", "key": "published"}, {"hash": "292f2e293571b0e70e3182b615982dad", "key": "cvss"}, {"hash": "cf18d881f0f76f23f322ed3f861d3616", "key": "naslFamily"}, {"hash": "9759e4afabf043458dd9f1988644ed6b", "key": "pluginID"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=15445", "id": "GENTOO_GLSA-200410-07.NASL", "lastseen": "2016-09-26T17:24:56", "modified": "2015-04-13T00:00:00", "naslFamily": "Gentoo Local Security Checks", "objectVersion": "1.2", "pluginID": "15445", "published": "2004-10-09T00:00:00", "references": ["https://security.gentoo.org/glsa/200410-07"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200410-07.\n#\n# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(15445);\n script_version(\"$Revision: 1.12 $\");\n script_cvs_date(\"$Date: 2015/04/13 13:34:23 $\");\n\n script_cve_id(\"CVE-2000-1137\");\n script_osvdb_id(6491);\n script_xref(name:\"GLSA\", value:\"200410-07\");\n\n script_name(english:\"GLSA-200410-07 : ed: Insecure temporary file handling\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200410-07\n(ed: Insecure temporary file handling)\n\n ed insecurely creates temporary files in world-writeable directories with\n predictable names. Given that ed is used in various system shell scripts,\n they are by extension affected by the same vulnerability.\n \nImpact :\n\n A local attacker could create symbolic links in the temporary files\n directory, pointing to a valid file somewhere on the filesystem. When ed is\n called, this would result in file access with the rights of the user\n running the utility, which could be the root user.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200410-07\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All ed users should upgrade to the latest version:\n # emerge sync\n # emerge -pv '>=sys-apps/ed-0.2-r4'\n # emerge '>=sys-apps/ed-0.2-r4'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:ed\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2004/10/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2004/10/09\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2000/12/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2004-2015 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"sys-apps/ed\", unaffected:make_list(\"ge 0.2-r4\"), vulnerable:make_list(\"le 0.2-r3\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ed\");\n}\n", "title": "GLSA-200410-07 : ed: Insecure temporary file handling", "type": "nessus", "viewCount": 0}, "differentElements": ["cpe"], "edition": 1, "lastseen": "2016-09-26T17:24:56"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:ed"], "cvelist": ["CVE-2000-1137"], "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "The remote host is affected by the vulnerability described in GLSA-200410-07 (ed: Insecure temporary file handling)\n\n ed insecurely creates temporary files in world-writeable directories with predictable names. Given that ed is used in various system shell scripts, they are by extension affected by the same vulnerability.\n Impact :\n\n A local attacker could create symbolic links in the temporary files directory, pointing to a valid file somewhere on the filesystem. When ed is called, this would result in file access with the rights of the user running the utility, which could be the root user.\n Workaround :\n\n There is no known workaround at this time.", "edition": 2, "enchantments": {"score": {"value": 7.2, "vector": "NONE"}}, "hash": "4d59dbd9f771178d8b7c511a9d1be081ff5c3cda7c0d68c81369cf3b694f55d2", "hashmap": [{"hash": "5eecec1588b5041585e06d258cae5a95", "key": "sourceData"}, {"hash": "9ab63df68948728231eca577b2f98dc1", "key": "href"}, {"hash": "067a6535e54a54a17bc7ebf7df749413", "key": "cvelist"}, {"hash": "3abb0f3e45635586e3ed5809402f4a40", "key": "references"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "cac5b3b3f964bf3d8cff415f9c342d01", "key": "description"}, {"hash": "fe0bb7b02d0d77e50e84c95fef1e0d33", "key": "title"}, {"hash": "326af443ca0c41e91daa171ff124ce60", "key": "modified"}, {"hash": "2f3a6a360e2891e9b6a9636e6a5729ff", "key": "cpe"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "94cb9a4d4528029e438c6d1858ab4c34", "key": "published"}, {"hash": "292f2e293571b0e70e3182b615982dad", "key": "cvss"}, {"hash": "cf18d881f0f76f23f322ed3f861d3616", "key": "naslFamily"}, {"hash": "9759e4afabf043458dd9f1988644ed6b", "key": "pluginID"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=15445", "id": "GENTOO_GLSA-200410-07.NASL", "lastseen": "2017-10-29T13:39:18", "modified": "2015-04-13T00:00:00", "naslFamily": "Gentoo Local Security Checks", "objectVersion": "1.3", "pluginID": "15445", "published": "2004-10-09T00:00:00", "references": ["https://security.gentoo.org/glsa/200410-07"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200410-07.\n#\n# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(15445);\n script_version(\"$Revision: 1.12 $\");\n script_cvs_date(\"$Date: 2015/04/13 13:34:23 $\");\n\n script_cve_id(\"CVE-2000-1137\");\n script_osvdb_id(6491);\n script_xref(name:\"GLSA\", value:\"200410-07\");\n\n script_name(english:\"GLSA-200410-07 : ed: Insecure temporary file handling\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200410-07\n(ed: Insecure temporary file handling)\n\n ed insecurely creates temporary files in world-writeable directories with\n predictable names. Given that ed is used in various system shell scripts,\n they are by extension affected by the same vulnerability.\n \nImpact :\n\n A local attacker could create symbolic links in the temporary files\n directory, pointing to a valid file somewhere on the filesystem. When ed is\n called, this would result in file access with the rights of the user\n running the utility, which could be the root user.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200410-07\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All ed users should upgrade to the latest version:\n # emerge sync\n # emerge -pv '>=sys-apps/ed-0.2-r4'\n # emerge '>=sys-apps/ed-0.2-r4'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:ed\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2004/10/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2004/10/09\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2000/12/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2004-2015 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"sys-apps/ed\", unaffected:make_list(\"ge 0.2-r4\"), vulnerable:make_list(\"le 0.2-r3\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ed\");\n}\n", "title": "GLSA-200410-07 : ed: Insecure temporary file handling", "type": "nessus", "viewCount": 0}, "differentElements": ["modified", "sourceData"], "edition": 2, "lastseen": "2017-10-29T13:39:18"}], "edition": 7, "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cpe", "hash": "2f3a6a360e2891e9b6a9636e6a5729ff"}, {"key": "cvelist", "hash": "067a6535e54a54a17bc7ebf7df749413"}, {"key": "cvss", "hash": "292f2e293571b0e70e3182b615982dad"}, {"key": "description", "hash": "cac5b3b3f964bf3d8cff415f9c342d01"}, {"key": "href", "hash": "9ab63df68948728231eca577b2f98dc1"}, {"key": "modified", "hash": "9c6fe61712654f56360b12011e3de300"}, {"key": "naslFamily", "hash": "cf18d881f0f76f23f322ed3f861d3616"}, {"key": "pluginID", "hash": "9759e4afabf043458dd9f1988644ed6b"}, {"key": "published", "hash": "94cb9a4d4528029e438c6d1858ab4c34"}, {"key": "references", "hash": "3abb0f3e45635586e3ed5809402f4a40"}, {"key": "reporter", "hash": "9cf00d658b687f030ebe173a0528c567"}, {"key": "sourceData", "hash": "3052911097b5fe0f62c7d85da70d389e"}, {"key": "title", "hash": "fe0bb7b02d0d77e50e84c95fef1e0d33"}, {"key": "type", "hash": "5e0bd03bec244039678f2b955a2595aa"}], "hash": "1669dee0f48dff38bc67c299bdd08008f5adc028d7517bcf8c1845aea45ccec8", "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2000-1137"]}, {"type": "osvdb", "idList": ["OSVDB:6491"]}, {"type": "openvas", "idList": ["OPENVAS:54698"]}, {"type": "nessus", "idList": ["MANDRAKE_MDKSA-2000-076.NASL"]}, {"type": "gentoo", "idList": ["GLSA-200410-07"]}], "modified": "2019-02-21T01:08:13"}, "score": {"value": 7.2, "vector": "NONE"}, "vulnersScore": 7.2}, "objectVersion": "1.3", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200410-07.\n#\n# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(15445);\n script_version(\"1.13\");\n script_cvs_date(\"Date: 2018/08/10 18:07:05\");\n\n script_cve_id(\"CVE-2000-1137\");\n script_xref(name:\"GLSA\", value:\"200410-07\");\n\n script_name(english:\"GLSA-200410-07 : ed: Insecure temporary file handling\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200410-07\n(ed: Insecure temporary file handling)\n\n ed insecurely creates temporary files in world-writeable directories with\n predictable names. Given that ed is used in various system shell scripts,\n they are by extension affected by the same vulnerability.\n \nImpact :\n\n A local attacker could create symbolic links in the temporary files\n directory, pointing to a valid file somewhere on the filesystem. When ed is\n called, this would result in file access with the rights of the user\n running the utility, which could be the root user.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200410-07\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All ed users should upgrade to the latest version:\n # emerge sync\n # emerge -pv '>=sys-apps/ed-0.2-r4'\n # emerge '>=sys-apps/ed-0.2-r4'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:ed\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2004/10/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2004/10/09\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2000/12/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2004-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"sys-apps/ed\", unaffected:make_list(\"ge 0.2-r4\"), vulnerable:make_list(\"le 0.2-r3\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ed\");\n}\n", "naslFamily": "Gentoo Local Security Checks", "pluginID": "15445", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:ed"], "scheme": null}
{"cve": [{"lastseen": "2018-05-06T20:29:23", "bulletinFamily": "NVD", "description": "GNU ed before 0.2-18.1 allows local users to overwrite the files of other users via a symlink attack.", "modified": "2018-05-02T21:29:10", "published": "2001-01-09T00:00:00", "id": "CVE-2000-1137", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2000-1137", "title": "CVE-2000-1137", "type": "cve", "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "osvdb": [{"lastseen": "2017-04-28T13:20:01", "bulletinFamily": "software", "description": "## Vulnerability Description\nGNU ed contains a flaw that may allow a malicious user to overwrite arbitrary files. The issue is triggered when a user creates a symlink to a temporary file and the system is halted before the file is saved. This flaw may lead to a loss of integrity and availability.\n## Solution Description\nUpgrade to version 0.2-19 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Short Description\nGNU ed contains a flaw that may allow a malicious user to overwrite arbitrary files. The issue is triggered when a user creates a symlink to a temporary file and the system is halted before the file is saved. This flaw may lead to a loss of integrity and availability.\n## References:\nVendor URL: http://www.gnu.org/software/ed/ed.html\n[Vendor Specific Advisory URL](http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000359)\n[Vendor Specific Advisory URL](http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2000:076)\n[Vendor Specific Advisory URL](http://www.debian.org/security/2000/20001129)\n[Secunia Advisory ID:12780](https://secuniaresearch.flexerasoftware.com/advisories/12780/)\nRedHat RHSA: RHSA-2000:123-01\nOther Advisory URL: http://security.gentoo.org/glsa/glsa-200410-07.xml\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2000-12/0132.html\nMail List Post: http://archives.neohapsis.com/archives/apps/freshmeat/2006-11/0013.html\nISS X-Force ID: 5723\n[CVE-2000-1137](https://vulners.com/cve/CVE-2000-1137)\nBugtraq ID: 2095\n", "modified": "2000-12-11T00:00:00", "published": "2000-12-11T00:00:00", "href": "https://vulners.com/osvdb/OSVDB:6491", "id": "OSVDB:6491", "type": "osvdb", "title": "GNU ed tmpfile Symlink Arbitrary File Overwrite", "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:03", "bulletinFamily": "unix", "description": "### Background\n\ned is a line-oriented text editor, used to create or modify text files, both interactively and via shell scripts. \n\n### Description\n\ned insecurely creates temporary files in world-writeable directories with predictable names. Given that ed is used in various system shell scripts, they are by extension affected by the same vulnerability. \n\n### Impact\n\nA local attacker could create symbolic links in the temporary files directory, pointing to a valid file somewhere on the filesystem. When ed is called, this would result in file access with the rights of the user running the utility, which could be the root user. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll ed users should upgrade to the latest version: \n \n \n # emerge sync\n \n # emerge -pv \">=sys-apps/ed-0.2-r4\"\n # emerge \">=sys-apps/ed-0.2-r4\"", "modified": "2004-10-09T00:00:00", "published": "2004-10-09T00:00:00", "id": "GLSA-200410-07", "href": "https://security.gentoo.org/glsa/200410-07", "type": "gentoo", "title": "ed: Insecure temporary file handling", "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "nessus": [{"lastseen": "2019-02-21T01:17:32", "bulletinFamily": "scanner", "description": "Alan Cox discovered that GNU ed (a classed line editor tool) creates temporary files unsafely.", "modified": "2018-07-19T00:00:00", "id": "MANDRAKE_MDKSA-2000-076.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=61862", "published": "2012-09-06T00:00:00", "title": "Mandrake Linux Security Advisory : ed (MDKSA-2000:076)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 70103\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandrake Linux Security Advisory MDKSA-2000:076. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(61862);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2018/07/19 20:59:12\");\n\n script_cve_id(\"CVE-2000-1137\");\n script_xref(name:\"MDKSA\", value:\"2000:076\");\n\n script_name(english:\"Mandrake Linux Security Advisory : ed (MDKSA-2000:076)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Mandrake Linux host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Alan Cox discovered that GNU ed (a classed line editor tool) creates\ntemporary files unsafely.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected ed package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:ed\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandrakesoft:mandrake_linux:6.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandrakesoft:mandrake_linux:6.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandrakesoft:mandrake_linux:7.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandrakesoft:mandrake_linux:7.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandrakesoft:mandrake_linux:7.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2000/12/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/09/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK6.0\", cpu:\"i386\", reference:\"ed-0.2-15.1mdk\", yank:\"mdk\")) flag++;\n\nif (rpm_check(release:\"MDK6.1\", cpu:\"i386\", reference:\"ed-0.2-15.1mdk\", yank:\"mdk\")) flag++;\n\nif (rpm_check(release:\"MDK7.0\", cpu:\"i386\", reference:\"ed-0.2-15.1mdk\", yank:\"mdk\")) flag++;\n\nif (rpm_check(release:\"MDK7.1\", cpu:\"i386\", reference:\"ed-0.2-17.1mdk\", yank:\"mdk\")) flag++;\n\nif (rpm_check(release:\"MDK7.2\", cpu:\"i386\", reference:\"ed-0.2-21.1mdk\", yank:\"mdk\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "openvas": [{"lastseen": "2017-07-24T12:50:23", "bulletinFamily": "scanner", "description": "The remote host is missing updates announced in\nadvisory GLSA 200410-07.", "modified": "2017-07-07T00:00:00", "published": "2008-09-24T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=54698", "id": "OPENVAS:54698", "title": "Gentoo Security Advisory GLSA 200410-07 (ed)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The ed utility is vulnerable to symlink attacks, potentially allowing a\nlocal user to overwrite or change rights on arbitrary files with the\nrights of the user running ed, which could be the root user.\";\ntag_solution = \"All ed users should upgrade to the latest version:\n\n # emerge sync\n\n # emerge -pv '>=sys-apps/ed-0.2-r4'\n # emerge '>=sys-apps/ed-0.2-r4'\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20200410-07\nhttp://bugs.gentoo.org/show_bug.cgi?id=66400\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 200410-07.\";\n\n \n\nif(description)\n{\n script_id(54698);\n script_version(\"$Revision: 6596 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:21:37 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-24 21:14:03 +0200 (Wed, 24 Sep 2008)\");\n script_bugtraq_id(2095);\n script_cve_id(\"CVE-2000-1137\");\n script_tag(name:\"cvss_base\", value:\"4.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Gentoo Security Advisory GLSA 200410-07 (ed)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"sys-apps/ed\", unaffected: make_list(\"ge 0.2-r4\"), vulnerable: make_list(\"le 0.2-r3\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}
