Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.ORACLELINUX_ELSA-2007-0244.NASL
HistoryJul 12, 2013 - 12:00 a.m.

Oracle Linux 4 : busybox (ELSA-2007-0244)

2013-07-1200:00:00
This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
6
JSON

From Red Hat Security Advisory 2007:0244 :

Updated busybox packages that fix a security issue are now available.

This update has been rated as having low security impact by the Red Hat Security Response Team.

Busybox is a single binary which includes versions of a large number of system commands, including a shell. This package can be useful for recovering from certain types of system failures.

BusyBox did not use a salt when generating passwords. This made it easier for local users to guess passwords from a stolen password file.
(CVE-2006-1058)

All users of busybox are advised to upgrade to these updated packages, which contain a patch to resolve this issue.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Red Hat Security Advisory RHSA-2007:0244 and 
# Oracle Linux Security Advisory ELSA-2007-0244 respectively.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(67478);
  script_version("1.7");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/14");

  script_cve_id("CVE-2006-1058");
  script_xref(name:"RHSA", value:"2007:0244");

  script_name(english:"Oracle Linux 4 : busybox (ELSA-2007-0244)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Oracle Linux host is missing one or more security updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"From Red Hat Security Advisory 2007:0244 :

Updated busybox packages that fix a security issue are now available.

This update has been rated as having low security impact by the Red
Hat Security Response Team.

Busybox is a single binary which includes versions of a large number
of system commands, including a shell. This package can be useful for
recovering from certain types of system failures.

BusyBox did not use a salt when generating passwords. This made it
easier for local users to guess passwords from a stolen password file.
(CVE-2006-1058)

All users of busybox are advised to upgrade to these updated packages,
which contain a patch to resolve this issue."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://oss.oracle.com/pipermail/el-errata/2007-May/000146.html"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected busybox packages."
  );
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:busybox");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:busybox-anaconda");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:4");

  script_set_attribute(attribute:"vuln_publication_date", value:"2006/04/04");
  script_set_attribute(attribute:"patch_publication_date", value:"2007/05/17");
  script_set_attribute(attribute:"plugin_publication_date", value:"2013/07/12");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Oracle Linux Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux");
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux");
os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux");
os_ver = os_ver[1];
if (! preg(pattern:"^4([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 4", "Oracle Linux " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu);

flag = 0;
if (rpm_check(release:"EL4", cpu:"i386", reference:"busybox-1.00.rc1-7.el4")) flag++;
if (rpm_check(release:"EL4", cpu:"x86_64", reference:"busybox-1.00.rc1-7.el4")) flag++;
if (rpm_check(release:"EL4", cpu:"i386", reference:"busybox-anaconda-1.00.rc1-7.el4")) flag++;
if (rpm_check(release:"EL4", cpu:"x86_64", reference:"busybox-anaconda-1.00.rc1-7.el4")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());
  else security_note(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "busybox / busybox-anaconda");
}
VendorProductVersionCPE
oraclelinuxbusyboxp-cpe:/a:oracle:linux:busybox
oraclelinuxbusybox-anacondap-cpe:/a:oracle:linux:busybox-anaconda
oraclelinux4cpe:/o:oracle:linux:4

Related

oraclelinux 1
redhat 1
ubuntucve 1
prion 1
nessus 3
cve 1
centos 1
debiancve 1
oraclelinux
oraclelinux
Low: busybox security update
2007-05-17 00:00:00
redhat
redhat
(RHSA-2007:0244) Low: busybox security update
2007-05-01 00:00:00
ubuntucve
ubuntucve
CVE-2006-1058
2006-04-04 00:00:00
prion
prion
Design/Logic Flaw
2006-04-04 10:04:00
nessus
nessus
Scientific Linux Security Update : busybox on SL4.x i386/x86_64
2012-08-01 00:00:00
CentOS 4 : busybox (CESA-2007:0244)
2013-06-29 00:00:00
RHEL 4 : busybox (RHSA-2007:0244)
2007-05-02 00:00:00
cve
cve
CVE-2006-1058
2006-04-04 10:04:00
centos
centos
busybox security update
2007-05-02 08:46:02
debiancve
debiancve
CVE-2006-1058
2006-04-04 10:04:00
JSON
Related for ORACLELINUX_ELSA-2007-0244.NASL
oraclelinux1redhat1ubuntucve1prion1nessus3cve1centos1debiancve1