4.4 Medium
CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:M/Au:N/C:P/I:P/A:P
0.001 Low
EPSS
Percentile
25.6%
The remote host is affected by the vulnerability described in GLSA-200911-04 (dstat: Untrusted search path)
Robert Buchholz of the Gentoo Security Team reported that dstat includes the current working directory and subdirectories in the Python module search path (sys.path) before calling 'import'.
Impact :
A local attacker could entice a user to run 'dstat' from a directory containing a specially crafted Python module, resulting in the execution of arbitrary code with the privileges of the user running the application.
Workaround :
Do not run 'dstat' from untrusted working directories.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Gentoo Linux Security Advisory GLSA 200911-04.
#
# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.
# and licensed under the Creative Commons - Attribution / Share Alike
# license. See http://creativecommons.org/licenses/by-sa/3.0/
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(42914);
script_version("1.12");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/06");
script_cve_id("CVE-2009-3894");
script_xref(name:"GLSA", value:"200911-04");
script_name(english:"GLSA-200911-04 : dstat: Untrusted search path");
script_summary(english:"Checks for updated package(s) in /var/db/pkg");
script_set_attribute(
attribute:"synopsis",
value:
"The remote Gentoo host is missing one or more security-related
patches."
);
script_set_attribute(
attribute:"description",
value:
"The remote host is affected by the vulnerability described in GLSA-200911-04
(dstat: Untrusted search path)
Robert Buchholz of the Gentoo Security Team reported that dstat
includes the current working directory and subdirectories in the Python
module search path (sys.path) before calling 'import'.
Impact :
A local attacker could entice a user to run 'dstat' from a directory
containing a specially crafted Python module, resulting in the
execution of arbitrary code with the privileges of the user running the
application.
Workaround :
Do not run 'dstat' from untrusted working directories."
);
script_set_attribute(
attribute:"see_also",
value:"https://security.gentoo.org/glsa/200911-04"
);
script_set_attribute(
attribute:"solution",
value:
"All dstat users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose '>=sys-apps/dstat-0.6.9-r1'"
);
script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:dstat");
script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux");
script_set_attribute(attribute:"patch_publication_date", value:"2009/11/25");
script_set_attribute(attribute:"plugin_publication_date", value:"2009/11/30");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.");
script_family(english:"Gentoo Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("qpkg.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo");
if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
flag = 0;
if (qpkg_check(package:"sys-apps/dstat", unaffected:make_list("ge 0.6.9-r1"), vulnerable:make_list("lt 0.6.9-r1"))) flag++;
if (flag)
{
if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());
else security_warning(0);
exit(0);
}
else
{
tested = qpkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "dstat");
}