4.6 Medium
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
0.0004 Low
EPSS
Percentile
9.5%
Jarno Juuskonen reported that a temporary file vulnerability exists in versions of Tripwire prior to 2.3.1-2. Because Tripwire opens/creates temporary files in /tmp without the O_EXCL flag during filesystem scanning and database updating, a malicious user could execute a symlink attack against the temporary files. This new version has all but one unsafe temporary file open fixed. It can still be used safely when using the new TEMPDIRECTORY configuration option, which is now set to /root/tmp.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Mandrake Linux Security Advisory MDKSA-2001:064.
# The text itself is copyright (C) Mandriva S.A.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(13879);
script_version("1.18");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/06");
script_cve_id("CVE-2001-0774");
script_xref(name:"MDKSA", value:"2001:064");
script_name(english:"Mandrake Linux Security Advisory : tripwire (MDKSA-2001:064)");
script_summary(english:"Checks rpm output for the updated package");
script_set_attribute(
attribute:"synopsis",
value:"The remote Mandrake Linux host is missing a security update."
);
script_set_attribute(
attribute:"description",
value:
"Jarno Juuskonen reported that a temporary file vulnerability exists in
versions of Tripwire prior to 2.3.1-2. Because Tripwire opens/creates
temporary files in /tmp without the O_EXCL flag during filesystem
scanning and database updating, a malicious user could execute a
symlink attack against the temporary files. This new version has all
but one unsafe temporary file open fixed. It can still be used safely
when using the new TEMPDIRECTORY configuration option, which is now
set to /root/tmp."
);
script_set_attribute(
attribute:"solution",
value:"Update the affected tripwire package."
);
script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:tripwire");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:8.0");
script_set_attribute(attribute:"patch_publication_date", value:"2001/07/18");
script_set_attribute(attribute:"plugin_publication_date", value:"2004/07/31");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2004-2021 Tenable Network Security, Inc.");
script_family(english:"Mandriva Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);
flag = 0;
if (rpm_check(release:"MDK8.0", cpu:"i386", reference:"tripwire-2.3.1.2-2.2mdk", yank:"mdk")) flag++;
if (flag)
{
if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
else security_warning(0);
exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
Vendor | Product | Version | CPE |
---|---|---|---|
mandriva | linux | tripwire | p-cpe:/a:mandriva:linux:tripwire |
mandrakesoft | mandrake_linux | 8.0 | cpe:/o:mandrakesoft:mandrake_linux:8.0 |