Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2013-2021 Tenable Network Security, Inc.MANDRIVA_MDVSA-2013-240.NASL
HistorySep 26, 2013 - 12:00 a.m.

Mandriva Linux Security Advisory : glpi (MDVSA-2013:240)

2013-09-2600:00:00
This script is Copyright (C) 2013-2021 Tenable Network Security, Inc.
www.tenable.com
19
JSON

Updated glpi package fixes security vulnerabilities :

Multiple security vulnerabilities due to improper sanitation of user input in GLPI before versions 0.83.9 (CVE-2013-2226), 0.83.91 (CVE-2013-2225), and 0.84.2 (CVE-2013-5696).

This update provides GLPI version 0.83.91, with a patch from GLPI 0.84.2, to fix these issues.

#%NASL_MIN_LEVEL 70300

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Mandriva Linux Security Advisory MDVSA-2013:240. 
# The text itself is copyright (C) Mandriva S.A.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(70132);
  script_version("1.7");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/06");

  script_cve_id("CVE-2013-2225", "CVE-2013-2226", "CVE-2013-5696");
  script_xref(name:"MDVSA", value:"2013:240");

  script_name(english:"Mandriva Linux Security Advisory : glpi (MDVSA-2013:240)");
  script_summary(english:"Checks rpm output for the updated package");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Mandriva Linux host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Updated glpi package fixes security vulnerabilities :

Multiple security vulnerabilities due to improper sanitation of user
input in GLPI before versions 0.83.9 (CVE-2013-2226), 0.83.91
(CVE-2013-2225), and 0.84.2 (CVE-2013-5696).

This update provides GLPI version 0.83.91, with a patch from GLPI
0.84.2, to fix these issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://advisories.mageia.org/MGASA-2013-0288.html"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected glpi package.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"d2_elliot_name", value:"GLPI 0.84.1 RCE");
  script_set_attribute(attribute:"exploit_framework_d2_elliot", value:"true");
  script_set_attribute(attribute:"metasploit_name", value:'GLPI install.php Remote Command Execution');
  script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:glpi");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:business_server:1");

  script_set_attribute(attribute:"patch_publication_date", value:"2013/09/25");
  script_set_attribute(attribute:"plugin_publication_date", value:"2013/09/26");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2013-2021 Tenable Network Security, Inc.");
  script_family(english:"Mandriva Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);


flag = 0;
if (rpm_check(release:"MDK-MBS1", reference:"glpi-0.83.91-1.1.mbs1")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
VendorProductVersionCPE
mandrivalinuxglpip-cpe:/a:mandriva:linux:glpi
mandrivabusiness_server1cpe:/o:mandriva:business_server:1

Related

openvas 7
mageia 1
nessus 4
fedora 4
cvelist 3
checkpoint_advisories 1
packetstorm 3
securityvulns 2
ubuntucve 3
exploitpack 1
prion 3
metasploit 1
cve 3
altlinux 4
seebug 1
zdt 2
dsquare 1
htbridge 1
exploitdb 2
openvas
openvas
Mageia: Security Advisory (MGASA-2013-0288)
2022-01-28 00:00:00
Fedora Update for glpi FEDORA-2013-11315
2013-08-20 00:00:00
Fedora Update for glpi FEDORA-2013-11413
2013-07-05 00:00:00
mageia
mageia
Updated glpi package fixes security vulnerabilities
2013-09-20 09:36:48
nessus
nessus
Fedora 17 : glpi-0.83.9.1-1.fc17 (2013-11413)
2013-07-12 00:00:00
Fedora 18 : glpi-0.83.9.1-1.fc18 (2013-11396)
2013-07-12 00:00:00
Fedora 19 : glpi-0.83.9.1-1.fc19 (2013-11315)
2013-07-12 00:00:00
fedora
fedora
[SECURITY] Fedora 19 Update: glpi-0.83.9.1-1.fc19
2013-07-04 00:56:51
[SECURITY] Fedora 18 Update: glpi-0.83.9.1-1.fc18
2013-07-05 02:08:10
[SECURITY] Fedora 17 Update: glpi-0.83.9.1-1.fc17
2013-07-05 02:09:51
cvelist
cvelist
CVE-2013-2225
2014-05-27 15:00:00
CVE-2013-5696
2022-10-03 16:14:54
CVE-2013-2226
2014-05-14 19:00:00
checkpoint_advisories
checkpoint_advisories
GLPI install.php Remote Command Execution (CVE-2013-5696)
2013-12-29 00:00:00
packetstorm
packetstorm
GLPI 0.84.1 Access Control / Code Injection
2013-10-02 00:00:00
GLPI 0.83.9 Code Execution
2013-07-01 00:00:00
GLPI install.php Remote Command Execution
2013-09-20 00:00:00
securityvulns
securityvulns
Remote Code Execution in GLPI
2013-10-02 00:00:00
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
2013-10-02 00:00:00
ubuntucve
ubuntucve
CVE-2013-5696
2013-09-23 00:00:00
CVE-2013-2225
2014-05-27 00:00:00
CVE-2013-2226
2014-05-14 00:00:00
exploitpack
exploitpack
GLPI 0.84.1 - Multiple Vulnerabilities
2013-10-02 00:00:00
prion
prion
Code injection
2014-05-27 14:55:00
Cross site request forgery (csrf)
2013-09-23 03:49:00
Sql injection
2014-05-14 19:55:00
metasploit
metasploit
GLPI install.php Remote Command Execution
2013-09-20 08:45:10
cve
cve
CVE-2013-5696
2013-09-23 03:49:00
CVE-2013-2225
2014-05-27 14:55:00
CVE-2013-2226
2014-05-14 19:55:00
altlinux
altlinux
Security fix for the ALT Linux 10 package glpi version 0.84.2-alt1
2013-09-20 00:00:00
Security fix for the ALT Linux 9 package glpi version 0.84.2-alt1
2013-09-20 00:00:00
Security fix for the ALT Linux 9 package glpi version 0.83.9.1-alt1
2013-07-21 00:00:00
seebug
seebug
GLPI install.php Remote Command Execution
2014-07-01 00:00:00
zdt
zdt
GLPI install.php Remote Command Execution Vulnerability
2013-09-21 00:00:00
GLPI 0.84.1 - Multiple Vulnerabilities
2013-10-02 00:00:00
dsquare
dsquare
GLPI 0.84.1 RCE
2013-10-04 00:00:00
htbridge
htbridge
Remote Code Execution in GLPI
2013-09-11 00:00:00
exploitdb
exploitdb
GLPI - 'install.php' Remote Command Execution (Metasploit)
2013-09-23 00:00:00
GLPI 0.84.1 - Multiple Vulnerabilities
2013-10-02 00:00:00
JSON
Related for MANDRIVA_MDVSA-2013-240.NASL
openvas7mageia1nessus4fedora4cvelist3checkpoint_advisories1packetstorm3securityvulns2ubuntucve3exploitpack1prion3metasploit1cve3altlinux4seebug1zdt2dsquare1htbridge1exploitdb2