Lucene search

HistoryMay 09, 2014 - 12:00 a.m.

Oracle Linux 5 : struts (ELSA-2014-0474)

2014-05-0900:00:00

www.tenable.com

JSON

From Red Hat Security Advisory 2014:0474 :

Updated struts packages that fix one security issue are now available for Red Hat Enterprise Linux 5.

The Red Hat Security Response Team has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.

Apache Struts is a framework for building web applications with Java.

It was found that the Struts 1 ActionForm object allowed access to the ‘class’ parameter, which is directly mapped to the getClass() method.
A remote attacker could use this flaw to manipulate the ClassLoader used by an application server running Struts 1. This could lead to remote code execution under certain conditions. (CVE-2014-0114)

All struts users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. All running applications using struts must be restarted for this update to take effect.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Red Hat Security Advisory RHSA-2014:0474 and 
# Oracle Linux Security Advisory ELSA-2014-0474 respectively.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(73935);
  script_version("1.12");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/14");

  script_cve_id("CVE-2014-0114");
  script_bugtraq_id(67121);
  script_xref(name:"RHSA", value:"2014:0474");

  script_name(english:"Oracle Linux 5 : struts (ELSA-2014-0474)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Oracle Linux host is missing one or more security updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"From Red Hat Security Advisory 2014:0474 :

Updated struts packages that fix one security issue are now available
for Red Hat Enterprise Linux 5.

The Red Hat Security Response Team has rated this update as having
Important security impact. A Common Vulnerability Scoring System
(CVSS) base score, which gives a detailed severity rating, is
available from the CVE link in the References section.

Apache Struts is a framework for building web applications with Java.

It was found that the Struts 1 ActionForm object allowed access to the
'class' parameter, which is directly mapped to the getClass() method.
A remote attacker could use this flaw to manipulate the ClassLoader
used by an application server running Struts 1. This could lead to
remote code execution under certain conditions. (CVE-2014-0114)

All struts users are advised to upgrade to these updated packages,
which contain a backported patch to correct this issue. All running
applications using struts must be restarted for this update to take
effect."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://oss.oracle.com/pipermail/el-errata/2014-May/004103.html"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected struts packages."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"metasploit_name", value:'Apache Struts ClassLoader Manipulation Remote Code Execution');
  script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:struts");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:struts-javadoc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:struts-manual");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:struts-webapps-tomcat5");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:5");

  script_set_attribute(attribute:"vuln_publication_date", value:"2014/04/30");
  script_set_attribute(attribute:"patch_publication_date", value:"2014/05/07");
  script_set_attribute(attribute:"plugin_publication_date", value:"2014/05/09");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Oracle Linux Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux");
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux");
os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux");
os_ver = os_ver[1];
if (! preg(pattern:"^5([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 5", "Oracle Linux " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu);

flag = 0;
if (rpm_check(release:"EL5", reference:"struts-1.2.9-4jpp.8.el5_10")) flag++;
if (rpm_check(release:"EL5", reference:"struts-javadoc-1.2.9-4jpp.8.el5_10")) flag++;
if (rpm_check(release:"EL5", reference:"struts-manual-1.2.9-4jpp.8.el5_10")) flag++;
if (rpm_check(release:"EL5", reference:"struts-webapps-tomcat5-1.2.9-4jpp.8.el5_10")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "struts / struts-javadoc / struts-manual / struts-webapps-tomcat5");
}

VendorProductVersionCPE
oraclelinuxstrutsp-cpe:/a:oracle:linux:struts
oraclelinuxstruts-javadocp-cpe:/a:oracle:linux:struts-javadoc
oraclelinuxstruts-manualp-cpe:/a:oracle:linux:struts-manual
oraclelinuxstruts-webapps-tomcat5p-cpe:/a:oracle:linux:struts-webapps-tomcat5
oraclelinux5cpe:/o:oracle:linux:5

Vendor	Product	Version	CPE
oracle	linux	struts	p-cpe:/a:oracle:linux:struts
oracle	linux	struts-javadoc	p-cpe:/a:oracle:linux:struts-javadoc
oracle	linux	struts-manual	p-cpe:/a:oracle:linux:struts-manual
oracle	linux	struts-webapps-tomcat5	p-cpe:/a:oracle:linux:struts-webapps-tomcat5
oracle	linux	5	cpe:/o:oracle:linux:5

References

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0114

oss.oracle.com/pipermail/el-errata/2014-May/004103.html

JSON

Related for ORACLELINUX_ELSA-2014-0474.NASL