openSUSE Security Update : rubygem-puppet (openSUSE-2018-174)

2018-02-20T00:00:00
ID OPENSUSE-2018-174.NASL
Type nessus
Reporter Tenable
Modified 2018-03-05T00:00:00

Description

This update for rubygem-puppet fixes the following issues :

  • CVE-2017-10689: Reset permissions when unpacking tar in PMT. When using minitar, files are unpacked with whatever permissions are in the tarball. This is potentially unsafe, as tarballs can be easily created with weird permissions (boo#1080288)

                                        
                                            #
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update openSUSE-2018-174.
#
# The text description of this plugin is (C) SUSE LLC.
#

include("compat.inc");

if (description)
{
  script_id(106892);
  script_version("$Revision: 3.3 $");
  script_cvs_date("$Date: 2018/03/05 16:13:15 $");

  script_cve_id("CVE-2017-10689");

  script_name(english:"openSUSE Security Update : rubygem-puppet (openSUSE-2018-174)");
  script_summary(english:"Check for the openSUSE-2018-174 patch");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote openSUSE host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"This update for rubygem-puppet fixes the following issues :

  - CVE-2017-10689: Reset permissions when unpacking tar in
    PMT. When using minitar, files are unpacked with
    whatever permissions are in the tarball. This is
    potentially unsafe, as tarballs can be easily created
    with weird permissions (boo#1080288)"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1080288"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected rubygem-puppet packages."
  );
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:N/I:P/A:N");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ruby2.1-rubygem-puppet");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ruby2.1-rubygem-puppet-testsuite");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ruby2.2-rubygem-puppet");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ruby2.2-rubygem-puppet-testsuite");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ruby2.3-rubygem-puppet");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ruby2.3-rubygem-puppet-testsuite");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ruby2.4-rubygem-puppet");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ruby2.4-rubygem-puppet-testsuite");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:rubygem-puppet");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:rubygem-puppet-emacs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:rubygem-puppet-master");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:rubygem-puppet-master-unicorn");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:rubygem-puppet-vim");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:42.3");

  script_set_attribute(attribute:"patch_publication_date", value:"2018/02/19");
  script_set_attribute(attribute:"plugin_publication_date", value:"2018/02/20");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2018 Tenable Network Security, Inc.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE42\.3)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "42.3", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

ourarch = get_kb_item("Host/cpu");
if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);

flag = 0;

if ( rpm_check(release:"SUSE42.3", reference:"ruby2.1-rubygem-puppet-3.8.7-23.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"ruby2.1-rubygem-puppet-testsuite-3.8.7-23.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"ruby2.2-rubygem-puppet-3.8.7-23.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"ruby2.2-rubygem-puppet-testsuite-3.8.7-23.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"ruby2.3-rubygem-puppet-3.8.7-23.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"ruby2.3-rubygem-puppet-testsuite-3.8.7-23.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"ruby2.4-rubygem-puppet-3.8.7-23.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"ruby2.4-rubygem-puppet-testsuite-3.8.7-23.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"rubygem-puppet-3.8.7-23.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"rubygem-puppet-emacs-3.8.7-23.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"rubygem-puppet-master-3.8.7-23.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"rubygem-puppet-master-unicorn-3.8.7-23.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"rubygem-puppet-vim-3.8.7-23.1") ) flag++;

if (flag)
{
  if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());
  else security_note(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "ruby2.1-rubygem-puppet / ruby2.1-rubygem-puppet-testsuite / etc");
}