GLSA-201701-70 : Firewalld: Improper authentication methods

2017-01-30T00:00:00
ID GENTOO_GLSA-201701-70.NASL
Type nessus
Reporter This script is Copyright (C) 2017-2021 Tenable Network Security, Inc.
Modified 2017-01-30T00:00:00

Description

The remote host is affected by the vulnerability described in GLSA-201701-70 (Firewalld: Improper authentication methods)

A flaw in Firewalld allows any locally logged in user to tamper with or
  change firewall settings.  This is due to how Firewalld handles
  authentication via polkit which is not properly applied to 5 particular
  functions to include: addPassthrough, removePassthrough, addEntry,
  removeEntry, and setEntries.

Impact :

A local attacker could tamper or change firewall settings leading to the
  additional exposure of systems to include unauthorized remote access.

Workaround :

There is no known workaround at this time.

                                        
                                            #%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Gentoo Linux Security Advisory GLSA 201701-70.
#
# The advisory text is Copyright (C) 2001-2018 Gentoo Foundation, Inc.
# and licensed under the Creative Commons - Attribution / Share Alike 
# license. See http://creativecommons.org/licenses/by-sa/3.0/
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(96856);
  script_version("3.4");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/11");

  script_cve_id("CVE-2016-5410");
  script_xref(name:"GLSA", value:"201701-70");

  script_name(english:"GLSA-201701-70 : Firewalld: Improper authentication methods");
  script_summary(english:"Checks for updated package(s) in /var/db/pkg");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Gentoo host is missing one or more security-related
patches."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"The remote host is affected by the vulnerability described in GLSA-201701-70
(Firewalld: Improper authentication methods)

    A flaw in Firewalld allows any locally logged in user to tamper with or
      change firewall settings.  This is due to how Firewalld handles
      authentication via polkit which is not properly applied to 5 particular
      functions to include: addPassthrough, removePassthrough, addEntry,
      removeEntry, and setEntries.
  
Impact :

    A local attacker could tamper or change firewall settings leading to the
      additional exposure of systems to include unauthorized remote access.
  
Workaround :

    There is no known workaround at this time."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security.gentoo.org/glsa/201701-70"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"All Firewalld users should upgrade to the latest version:
      # emerge --sync
      # emerge --ask --oneshot --verbose '>=net-firewall/firewalld-0.4.3.3'"
  );
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:N/I:P/A:N");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:firewalld");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux");

  script_set_attribute(attribute:"patch_publication_date", value:"2017/01/29");
  script_set_attribute(attribute:"plugin_publication_date", value:"2017/01/30");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2017-2021 Tenable Network Security, Inc.");
  script_family(english:"Gentoo Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("qpkg.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo");
if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;

if (qpkg_check(package:"net-firewall/firewalld", unaffected:make_list("ge 0.4.3.3"), vulnerable:make_list("lt 0.4.3.3"))) flag++;

if (flag)
{
  if (report_verbosity > 0) security_note(port:0, extra:qpkg_report_get());
  else security_note(0);
  exit(0);
}
else
{
  tested = qpkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Firewalld");
}