Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.MANDRIVA_MDVSA-2009-245.NASL
HistorySep 25, 2009 - 12:00 a.m.

Mandriva Linux Security Advisory : glib2.0 (MDVSA-2009:245)

2009-09-2500:00:00
This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
11
JSON

A vulnerability was discovered and corrected in glib2.0 :

The g_file_copy function in glib 2.0 sets the permissions of a target file to the permissions of a symbolic link (777), which allows user-assisted local users to modify files of other users, as demonstrated by using Nautilus to modify the permissions of the user home directory (CVE-2009-3289).

This update provides a solution to this vulnerability.

#%NASL_MIN_LEVEL 70300

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Mandriva Linux Security Advisory MDVSA-2009:245. 
# The text itself is copyright (C) Mandriva S.A.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(41619);
  script_version("1.15");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/06");

  script_cve_id("CVE-2009-3289");
  script_bugtraq_id(36313);
  script_xref(name:"MDVSA", value:"2009:245");

  script_name(english:"Mandriva Linux Security Advisory : glib2.0 (MDVSA-2009:245)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Mandriva Linux host is missing one or more security
updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"A vulnerability was discovered and corrected in glib2.0 :

The g_file_copy function in glib 2.0 sets the permissions of a target
file to the permissions of a symbolic link (777), which allows
user-assisted local users to modify files of other users, as
demonstrated by using Nautilus to modify the permissions of the user
home directory (CVE-2009-3289).

This update provides a solution to this vulnerability."
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_cwe_id(264);

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:glib-gettextize");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:glib2.0-common");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64gio2.0_0");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64glib2.0-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64glib2.0_0");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libgio2.0_0");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libglib2.0-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libglib2.0_0");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2008.1");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2009.0");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2009.1");

  script_set_attribute(attribute:"patch_publication_date", value:"2009/09/24");
  script_set_attribute(attribute:"plugin_publication_date", value:"2009/09/25");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Mandriva Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);


flag = 0;
if (rpm_check(release:"MDK2008.1", reference:"glib-gettextize-2.16.2-1.2mdv2008.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.1", reference:"glib2.0-common-2.16.2-1.2mdv2008.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.1", cpu:"x86_64", reference:"lib64gio2.0_0-2.16.2-1.2mdv2008.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.1", cpu:"x86_64", reference:"lib64glib2.0-devel-2.16.2-1.2mdv2008.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.1", cpu:"x86_64", reference:"lib64glib2.0_0-2.16.2-1.2mdv2008.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.1", cpu:"i386", reference:"libgio2.0_0-2.16.2-1.2mdv2008.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.1", cpu:"i386", reference:"libglib2.0-devel-2.16.2-1.2mdv2008.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.1", cpu:"i386", reference:"libglib2.0_0-2.16.2-1.2mdv2008.1", yank:"mdv")) flag++;

if (rpm_check(release:"MDK2009.0", reference:"glib-gettextize-2.18.1-1.2mdv2009.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.0", reference:"glib2.0-common-2.18.1-1.2mdv2009.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.0", cpu:"x86_64", reference:"lib64gio2.0_0-2.18.1-1.2mdv2009.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.0", cpu:"x86_64", reference:"lib64glib2.0-devel-2.18.1-1.2mdv2009.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.0", cpu:"x86_64", reference:"lib64glib2.0_0-2.18.1-1.2mdv2009.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.0", cpu:"i386", reference:"libgio2.0_0-2.18.1-1.2mdv2009.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.0", cpu:"i386", reference:"libglib2.0-devel-2.18.1-1.2mdv2009.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.0", cpu:"i386", reference:"libglib2.0_0-2.18.1-1.2mdv2009.0", yank:"mdv")) flag++;

if (rpm_check(release:"MDK2009.1", reference:"glib-gettextize-2.20.1-1.1mdv2009.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.1", reference:"glib2.0-common-2.20.1-1.1mdv2009.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.1", cpu:"x86_64", reference:"lib64gio2.0_0-2.20.1-1.1mdv2009.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.1", cpu:"x86_64", reference:"lib64glib2.0-devel-2.20.1-1.1mdv2009.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.1", cpu:"x86_64", reference:"lib64glib2.0_0-2.20.1-1.1mdv2009.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.1", cpu:"i386", reference:"libgio2.0_0-2.20.1-1.1mdv2009.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.1", cpu:"i386", reference:"libglib2.0-devel-2.20.1-1.1mdv2009.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.1", cpu:"i386", reference:"libglib2.0_0-2.20.1-1.1mdv2009.1", yank:"mdv")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
VendorProductVersionCPE
mandrivalinuxglib-gettextizep-cpe:/a:mandriva:linux:glib-gettextize
mandrivalinuxglib2.0-commonp-cpe:/a:mandriva:linux:glib2.0-common
mandrivalinuxlib64gio2.0_0p-cpe:/a:mandriva:linux:lib64gio2.0_0
mandrivalinuxlib64glib2.0-develp-cpe:/a:mandriva:linux:lib64glib2.0-devel
mandrivalinuxlib64glib2.0_0p-cpe:/a:mandriva:linux:lib64glib2.0_0
mandrivalinuxlibgio2.0_0p-cpe:/a:mandriva:linux:libgio2.0_0
mandrivalinuxlibglib2.0-develp-cpe:/a:mandriva:linux:libglib2.0-devel
mandrivalinuxlibglib2.0_0p-cpe:/a:mandriva:linux:libglib2.0_0
mandrivalinux2008.1cpe:/o:mandriva:linux:2008.1
mandrivalinux2009.0cpe:/o:mandriva:linux:2009.0
Rows per page:
1-10 of 111

Related

nessus 4
debiancve 1
seebug 1
openvas 4
cve 1
ubuntucve 1
securityvulns 2
prion 1
cvelist 1
ubuntu 1
nessus
nessus
SuSE 11 Security Update : glib2 (SAT Patch Number 1831)
2010-12-02 00:00:00
openSUSE Security Update : glib2 (openSUSE-SU-2010:0156-1)
2010-04-27 00:00:00
openSUSE Security Update : glib2 (openSUSE-SU-2010:0155-1)
2010-04-27 00:00:00
debiancve
debiancve
CVE-2009-3289
2009-09-22 10:30:00
seebug
seebug
GNOME glib库g_file_copy函数不安全文件权限设置漏洞
2009-09-23 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-841-1)
2009-10-13 00:00:00
Ubuntu USN-841-1 (glib2.0)
2009-10-13 00:00:00
Mandrake Security Advisory MDVSA-2009:245 (glib2.0)
2009-09-28 00:00:00
cve
cve
CVE-2009-3289
2009-09-22 10:30:00
ubuntucve
ubuntucve
CVE-2009-3289
2009-09-22 00:00:00
securityvulns
securityvulns
glib library privilege escalation
2009-09-24 00:00:00
[ MDVSA-2009:245 ] glib2.0
2009-09-24 00:00:00
prion
prion
Directory traversal
2009-09-22 10:30:00
cvelist
cvelist
CVE-2009-3289
2009-09-22 10:00:00
ubuntu
ubuntu
GLib vulnerability
2009-10-05 00:00:00
JSON
Related for MANDRIVA_MDVSA-2009-245.NASL
nessus4debiancve1seebug1openvas4cve1ubuntucve1securityvulns2prion1cvelist1ubuntu1