Lucene search

K
nessusThis script is Copyright (C) 2017-2023 and is owned by Tenable, Inc. or an Affiliate thereof.ORACLE_ENTERPRISE_MANAGER_OCT_2017_CPU.NASL
HistoryOct 21, 2017 - 12:00 a.m.

Oracle Enterprise Manager Ops Center Remote Code Execution (October 2017 CPU)

2017-10-2100:00:00
This script is Copyright (C) 2017-2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
11

9.7 High

AI Score

Confidence

High

The version of Oracle Enterprise Manager Ops Center installed on the remote host is missing a security patch. It is, therefore, affected by a remote code execution vulnerability. Refer to the October 2017 CPU for details on this vulnerability.

#TRUSTED 2cfd38b76d84fa350208d3abd2cdfff612e34cb933cabc3550e74084970c14ba8eeb461cd858cd2da37205b7f5962979a508776f8800d4cd9d6310d27113504133b1632f60a40813c412a50dedc5630ac7cd810fa4e36341af7226632b8ed63abada47b661fc8d7e20026a20da12b53d6328f0de5cb3ab087d9c8e4d035fa7a16f2f7042ed321fc1a75f3e6c28796f1adaf442dbfb8cf01e1ad64b54af6bd3e4fd407a48afbbd03326846b51f4870ed75a024954e25e1b57d69916158745af421c38050973edb9302d2e60ff5aeeef6813738cbb1ec1753569d6f989c43ad2eaf5a9cd173342f0a5de1485453a4c81cb02880edf340e4c9245b0a6446db0c91edf13ea9ef91764d00b2620c794dc335dd19a1415130ebe9feb989276be603292cfd00ac6aa27242ae74d2d6e19ad3e803f74c4dfad3d5879a11d89f331511eef78362f10aac24fb9f1462cf86117683715fba139cdec1895807c5368a7aaa8999c18e9674a429ee9a3b3a32d1d1bbb4d4ac226dd372839b7b796e7c79edaa22f59c3e8296de688e0770125124cf90f0c941c0a63bc780bcf993d205abf77933e762746246ee518b1f87fd9e37388e84bb1043c15fac594c42b365c03d794fe35da4e5b31e696d4e6d5076f4b3b27df8a9ca74a0fa680f14898678d82e2df42f27f0a301a3224a5b62fa8dd10f6e1a8e215ddc18a72ab3d6271c4bae79301511f
#TRUST-RSA-SHA256 0219a6431e4a74df71366eefb2b03213361d172b23b780170346e4a9128188014b19e98e94b2c9f8ff924e5aaa9a81c5164b0b432e41ccbc80e3d91f9171f1b489480d5ffd5f6cbe4517c0dc511087d56a71487ef9bffd71070190c61e25edec780bf3aa3ae59a38a37b6ec414bfad163c0b4e11e73b96f161f230054da762ce025458a89577cc85e4a2eb6ca0d9635b490e1fd115d0423be15346bb03a81095961828ac9c2510b49d78f1197259d3db245670517a553610b4ad3f48af9967a9965c746588be63a3356b30d2e91988119c6622dbfe6fb404c8d300ca96ba545844a1fbdfd34673580bcb55644ddd927cab3b2a23c8c1b3402ff1d3d6f9210e04179a9375926792493aac4f604963e6ccd22b8b60a336a9e7bb8844815d1593d0f9168d37322012bc26a656dfffb785aac17abdd6c8c6653abb90980d1de19d3f60838c7577e4a604c13e7058ac5a0d6ba160af307f846f3cb3688fb2813ac651703a65df0cdd284435a2818390eeb63e9608486ad5af2b0e63b134a071f66831a58e9dd0d8942fea8bb0c3c41cefae8ef6570b98e7cbea2a18d1b1074b3be11747210daf211aa1bf26d812a0c0f6744a01cdd7f701020b649073873c8258816ee58e425ab848301f3c0b550950c3c90d553469a0fb379f8944fc2d3e84ee553e13b8fa6e8b6c0c1adde19b53ed8e07708ae4eb1d4567b5cfb9b50a81891d0bbc
#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(104052);
  script_version("1.9");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/11/27");

  script_cve_id("CVE-2016-6814");
  script_bugtraq_id(95429);

  script_name(english:"Oracle Enterprise Manager Ops Center Remote Code Execution (October 2017 CPU)");
  script_summary(english:"Checks the version of a library.");

  script_set_attribute(attribute:"synopsis", value:
"An enterprise management application installed on the remote host is
affected by multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The version of Oracle Enterprise Manager Ops Center installed on
the remote host is missing a security patch. It is, therefore,
affected by a remote code execution vulnerability. Refer to the
October 2017 CPU for details on this vulnerability.");
  # http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?1e07fa0e");
  script_set_attribute(attribute:"solution", value:
"Apply the appropriate patch according to the October 2017 Oracle Critical
Patch Update advisory.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2016-6814");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");

  script_set_attribute(attribute:"vuln_publication_date", value:"2015/09/15");
  script_set_attribute(attribute:"patch_publication_date", value:"2017/07/18");
  script_set_attribute(attribute:"plugin_publication_date", value:"2017/10/21");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Misc.");

  script_copyright(english:"This script is Copyright (C) 2017-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled");

  exit(0);
}

include("global_settings.inc");
include("misc_func.inc");
include("install_func.inc");
include("audit.inc");
include("ssh_func.inc");

enable_ssh_wrappers();

patch = "26974609";

installed_cmd = "bash -c 'if [ -f /opt/sun/xvmoc/bin/satadm ]; then echo 1; else echo 0; fi'";

ret = ssh_open_connection();

if(!ret) exit(0);

buf = ssh_cmd(cmd:installed_cmd);

if("1" >!< buf)
{
  ssh_close_connection();
  audit(AUDIT_NOT_INST, "Oracle Enterprise Manager Ops Center");
}

lib_ver_cmd = "unzip -q -c /opt/sun/n1gc/lib/commons-fileupload.jar META-INF/MANIFEST.MF | grep Implementation-Version";

buf = ssh_cmd(cmd:lib_ver_cmd);
ssh_close_connection();

if("Implementation-Version" >!< buf) audit(AUDIT_VER_FAIL, "commons-fileupload.jar");

version = pregmatch(pattern:"Implementation-Version:\s+([0-9.]+)", string:buf);

if(isnull(version) || isnull(version[1])) audit(AUDIT_VER_FAIL, "commons-fileupload.jar");

version = version[1];

report = 'The install of Oracle Enterprise Manager Ops Center is missing the\n';
report += 'following patch :\n\n  ' + patch + '\n\nThis was determined by';
report += ' the version of the commons-fileupload.jar library.\n\n';
report += '  Patched version : 1.3.2\n';
report += '  Installed version : ' + version + '\n';

if(ver_compare(ver:version, fix:"1.3.2") < 0)
  security_report_v4(port:0, extra:report, severity:SECURITY_HOLE);
else
  audit(AUDIT_INST_VER_NOT_VULN, "Oracle Enterprise Manager Ops Center");