6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
8.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
0.006 Low
EPSS
Percentile
77.7%
Fixed to quote config / interface variables in ifservices script and cleaned up content of the ESSID which gets appended to them by NetworkManager dispatcher hook (bnc#735394, CVE-2011-4182). Fixed also to return proper exit code 0 in NM dispatcher hooks.
Changed to call ip addr flush in ifdown, but after ip link set down as it does not cause ipv6 sysctl tree side effects then at least with more recent kernels (bnc#580018,bnc#559170).
Explicitly disabled posix mode in all bash scripts as we are using several features not supported in posix mode (bnc#739338).
Fixed ipv6 dad / link ready wait time calculation (1/10 of the specified time) and replaced useless up flag check loop with link_ready_wait to avoid send errors from dhclient6 (bnc#697929).
Added to require vlan, bridge-utils and tunctl packages via spec, that are often required in base networking configurations and are missed otherwise in 2nd installation stage, that may be unable to install them for some reason (bnc#733118).
Added X-Systemd-RemainAfterExit: true LSB header (bnc#727771)
Do not suggest dhcp6c client from dropped dhcpv6 package in ifup-dhcp, marked dhcp6c as deprecated in network/dhcp and changed to use dhclient6 as first choice (bnc#734723).
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update openSUSE-2012-74.
#
# The text description of this plugin is (C) SUSE LLC.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(74794);
script_version("1.5");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/19");
script_cve_id("CVE-2011-4182");
script_name(english:"openSUSE Security Update : sysconfig (openSUSE-2012-74)");
script_summary(english:"Check for the openSUSE-2012-74 patch");
script_set_attribute(
attribute:"synopsis",
value:"The remote openSUSE host is missing a security update."
);
script_set_attribute(
attribute:"description",
value:
" - Fixed to quote config / interface variables in
ifservices script and cleaned up content of the ESSID
which gets appended to them by NetworkManager dispatcher
hook (bnc#735394, CVE-2011-4182). Fixed also to return
proper exit code 0 in NM dispatcher hooks.
- Changed to call ip addr flush in ifdown, but after ip
link set down as it does not cause ipv6 sysctl tree side
effects then at least with more recent kernels
(bnc#580018,bnc#559170).
- Explicitly disabled posix mode in all bash scripts as we
are using several features not supported in posix mode
(bnc#739338).
- Fixed ipv6 dad / link ready wait time calculation (1/10
of the specified time) and replaced useless up flag
check loop with link_ready_wait to avoid send errors
from dhclient6 (bnc#697929).
- Added to require vlan, bridge-utils and tunctl packages
via spec, that are often required in base networking
configurations and are missed otherwise in 2nd
installation stage, that may be unable to install them
for some reason (bnc#733118).
- Added X-Systemd-RemainAfterExit: true LSB header
(bnc#727771)
- Do not suggest dhcp6c client from dropped dhcpv6 package
in ifup-dhcp, marked dhcp6c as deprecated in
network/dhcp and changed to use dhclient6 as first
choice (bnc#734723)."
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=559170"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=580018"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=697929"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=727771"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=733118"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=734723"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=735394"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=739338"
);
script_set_attribute(
attribute:"solution",
value:"Update the affected sysconfig packages."
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:sysconfig");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:sysconfig-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:sysconfig-debugsource");
script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:12.1");
script_set_attribute(attribute:"patch_publication_date", value:"2012/01/20");
script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/13");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"SuSE Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE12\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "12.1", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
ourarch = get_kb_item("Host/cpu");
if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
flag = 0;
if ( rpm_check(release:"SUSE12.1", reference:"sysconfig-0.75.4-2.5.1") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"sysconfig-debuginfo-0.75.4-2.5.1") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"sysconfig-debugsource-0.75.4-2.5.1") ) flag++;
if (flag)
{
if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
else security_warning(0);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "sysconfig / sysconfig-debuginfo / sysconfig-debugsource");
}
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4182
bugzilla.novell.com/show_bug.cgi?id=559170
bugzilla.novell.com/show_bug.cgi?id=580018
bugzilla.novell.com/show_bug.cgi?id=697929
bugzilla.novell.com/show_bug.cgi?id=727771
bugzilla.novell.com/show_bug.cgi?id=733118
bugzilla.novell.com/show_bug.cgi?id=734723
bugzilla.novell.com/show_bug.cgi?id=735394
bugzilla.novell.com/show_bug.cgi?id=739338
6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
8.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
0.006 Low
EPSS
Percentile
77.7%