GLSA-201708-04 : Ked Password Manager: Information leak

2017-08-21T00:00:00
ID GENTOO_GLSA-201708-04.NASL
Type nessus
Reporter This script is Copyright (C) 2017-2018 Tenable Network Security, Inc.
Modified 2020-11-02T00:00:00

Description

The remote host is affected by the vulnerability described in GLSA-201708-04 (Ked Password Manager: Information leak)

A history file in ~/.kedpm/history is written in clear text. All of the
  commands performed in the password manager are written there. This can
  lead to the disclosure of the master password if the “password”
  command is used with an argument. The names of the password entries
  created and consulted are also accessible in clear text.

Impact :

An attacker could obtain confidential information.

Workaround :

There is no known workaround at this time.

                                        
                                            #
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Gentoo Linux Security Advisory GLSA 201708-04.
#
# The advisory text is Copyright (C) 2001-2018 Gentoo Foundation, Inc.
# and licensed under the Creative Commons - Attribution / Share Alike 
# license. See http://creativecommons.org/licenses/by-sa/3.0/
#

include("compat.inc");

if (description)
{
  script_id(102616);
  script_version("$Revision: 3.3 $");
  script_cvs_date("$Date: 2018/01/26 17:15:57 $");

  script_cve_id("CVE-2017-8296");
  script_xref(name:"GLSA", value:"201708-04");

  script_name(english:"GLSA-201708-04 : Ked Password Manager: Information leak");
  script_summary(english:"Checks for updated package(s) in /var/db/pkg");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Gentoo host is missing one or more security-related
patches."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"The remote host is affected by the vulnerability described in GLSA-201708-04
(Ked Password Manager: Information leak)

    A history file in ~/.kedpm/history is written in clear text. All of the
      commands performed in the password manager are written there. This can
      lead to the disclosure of the master password if the “password”
      command is used with an argument. The names of the password entries
      created and consulted are also accessible in clear text.
  
Impact :

    An attacker could obtain confidential information.
  
Workaround :

    There is no known workaround at this time."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security.gentoo.org/glsa/201708-04"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"Gentoo Security recommends that users unmerge Ked Password Manager:
      # emerge --unmerge 'app-admin/kedpm'"
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:kedpm");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux");

  script_set_attribute(attribute:"patch_publication_date", value:"2017/08/21");
  script_set_attribute(attribute:"plugin_publication_date", value:"2017/08/21");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2017-2018 Tenable Network Security, Inc.");
  script_family(english:"Gentoo Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("qpkg.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo");
if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;

if (qpkg_check(package:"app-admin/kedpm", unaffected:make_list(), vulnerable:make_list("le 0.4.0-r2"))) flag++;

if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());
  else security_warning(0);
  exit(0);
}
else
{
  tested = qpkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Ked Password Manager");
}