Lucene search
This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.MANDRIVA_MDVSA-2015-184.NASLHistoryMar 31, 2015 - 12:00 a.m.
Mandriva Linux Security Advisory : setup (MDVSA-2015:184)
2015-03-3100:00:00
This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.
www.tenable.com
7
Updated setup package fixes security vulnerability :
An issue has been identified in Mandriva Business Server 2’s setup package where the /etc/shadow and /etc/gshadow files containing password hashes were created with incorrect permissions, making them world-readable (mga#14516).
This update fixes this issue by enforcing that those files are owned by the root user and shadow group, and are only readable by those two entities.
Note that this issue only affected new Mandriva Business Server 2 installations. Systems that were updated from previous Mandriva versions were not affected.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Mandriva Linux Security Advisory MDVSA-2015:184.
# The text itself is copyright (C) Mandriva S.A.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(82459);
script_version("1.4");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/14");
script_xref(name:"MDVSA", value:"2015:184");
script_name(english:"Mandriva Linux Security Advisory : setup (MDVSA-2015:184)");
script_summary(english:"Checks rpm output for the updated package");
script_set_attribute(
attribute:"synopsis",
value:"The remote Mandriva Linux host is missing a security update."
);
script_set_attribute(
attribute:"description",
value:
"Updated setup package fixes security vulnerability :
An issue has been identified in Mandriva Business Server 2's setup
package where the /etc/shadow and /etc/gshadow files containing
password hashes were created with incorrect permissions, making them
world-readable (mga#14516).
This update fixes this issue by enforcing that those files are owned
by the root user and shadow group, and are only readable by those two
entities.
Note that this issue only affected new Mandriva Business Server 2
installations. Systems that were updated from previous Mandriva
versions were not affected."
);
script_set_attribute(
attribute:"see_also",
value:"http://advisories.mageia.org/MGASA-2015-0116.html"
);
script_set_attribute(attribute:"solution", value:"Update the affected setup package.");
script_set_attribute(attribute:"risk_factor", value:"High");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:setup");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:business_server:2");
script_set_attribute(attribute:"patch_publication_date", value:"2015/03/30");
script_set_attribute(attribute:"plugin_publication_date", value:"2015/03/31");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.");
script_family(english:"Mandriva Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);
flag = 0;
if (rpm_check(release:"MDK-MBS2", reference:"setup-2.7.20-10.1.mbs2")) flag++;
if (flag)
{
if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
else security_hole(0);
exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");