Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2005-2021 and is owned by Tenable, Inc. or an Affiliate thereof.REDHAT-RHSA-2005-495.NASL
HistoryJun 13, 2005 - 12:00 a.m.

RHEL 2.1 : rsh (RHSA-2005:495)

2005-06-1300:00:00
This script is Copyright (C) 2005-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
12
JSON

Updated rsh packages that fix a theoretical security issue are now available.

This update has been rated as having low security impact by the Red Hat Security Response Team

The rsh package contains a set of programs that allow users to run commands on remote machines, login to other machines, and copy files between machines, using the rsh, rlogin, and rcp commands. All three of these commands use rhosts-style authentication.

The rcp protocol allows a server to instruct a client to write to arbitrary files outside of the current directory. This could potentially cause a security issue if a user uses rcp to copy files from a malicious server. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0175 to this issue.

All users of rsh should upgrade to these updated packages, which resolve these issues.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Red Hat Security Advisory RHSA-2005:495. The text 
# itself is copyright (C) Red Hat, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(18472);
  script_version("1.25");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/14");

  script_cve_id("CVE-2004-0175");
  script_xref(name:"RHSA", value:"2005:495");

  script_name(english:"RHEL 2.1 : rsh (RHSA-2005:495)");
  script_summary(english:"Checks the rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Red Hat host is missing one or more security updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Updated rsh packages that fix a theoretical security issue are now
available.

This update has been rated as having low security impact by the Red
Hat Security Response Team

The rsh package contains a set of programs that allow users to run
commands on remote machines, login to other machines, and copy files
between machines, using the rsh, rlogin, and rcp commands. All three
of these commands use rhosts-style authentication.

The rcp protocol allows a server to instruct a client to write to
arbitrary files outside of the current directory. This could
potentially cause a security issue if a user uses rcp to copy files
from a malicious server. The Common Vulnerabilities and Exposures
project (cve.mitre.org) has assigned the name CVE-2004-0175 to this
issue.

All users of rsh should upgrade to these updated packages, which
resolve these issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2004-0175"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/errata/RHSA-2005:495"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected rsh and / or rsh-server packages."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N");
  script_cwe_id(22);

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rsh");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rsh-server");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:2.1");

  script_set_attribute(attribute:"vuln_publication_date", value:"2004/08/18");
  script_set_attribute(attribute:"patch_publication_date", value:"2005/06/13");
  script_set_attribute(attribute:"plugin_publication_date", value:"2005/06/13");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2005-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Red Hat Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
os_ver = os_ver[1];
if (! preg(pattern:"^2\.1([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 2.1", "Red Hat " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
if (cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i386", cpu);

yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
if (!empty_or_null(yum_updateinfo)) 
{
  rhsa = "RHSA-2005:495";
  yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
  if (!empty_or_null(yum_report))
  {
    security_report_v4(
      port       : 0,
      severity   : SECURITY_WARNING,
      extra      : yum_report 
    );
    exit(0);
  }
  else
  {
    audit_message = "affected by Red Hat security advisory " + rhsa;
    audit(AUDIT_OS_NOT, audit_message);
  }
}
else
{
  flag = 0;
  if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"rsh-0.17-18.AS21.4")) flag++;
  if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"rsh-server-0.17-18.AS21.4")) flag++;

  if (flag)
  {
    security_report_v4(
      port       : 0,
      severity   : SECURITY_WARNING,
      extra      : rpm_report_get() + redhat_report_package_caveat()
    );
    exit(0);
  }
  else
  {
    tested = pkg_tests_get();
    if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
    else audit(AUDIT_PACKAGE_NOT_INSTALLED, "rsh / rsh-server");
  }
}
VendorProductVersionCPE
redhatenterprise_linuxrshp-cpe:/a:redhat:enterprise_linux:rsh
redhatenterprise_linuxrsh-serverp-cpe:/a:redhat:enterprise_linux:rsh-server
redhatenterprise_linux2.1cpe:/o:redhat:enterprise_linux:2.1

Related

redhat 7
nessus 19
centos 8
openvas 3
cve 1
debiancve 1
suse 1
redhat
redhat
(RHSA-2005:495) rsh security update
2005-06-13 00:00:00
(RHSA-2005:481) openssh security update
2005-06-02 00:00:00
(RHSA-2005:106) openssh security update
2005-05-18 00:00:00
nessus
nessus
OpenSSH < 3.4p1 scp Traversal Arbitrary File Overwrite
2011-11-18 00:00:00
Mandrake Linux Security Advisory : rsh (MDKSA-2005:100)
2005-06-16 00:00:00
CentOS 3 : rsh (CESA-2005:074)
2006-07-03 00:00:00
centos
centos
rsh security update
2005-05-18 17:58:16
openssh security update
2005-05-18 18:00:09
openssh security update
2005-06-05 22:53:04
openvas
openvas
OpenSSH < 3.4p1 Path Traversal Vulnerability
2021-05-27 00:00:00
Mandriva Update for rsh MDVSA-2008:191 (rsh)
2009-04-09 00:00:00
Mandriva Update for rsh MDVSA-2008:191 (rsh)
2009-04-09 00:00:00
cve
cve
CVE-2004-0175
2004-08-18 04:00:00
debiancve
debiancve
CVE-2004-0175
2004-08-18 04:00:00
suse
suse
local privilege escalation in Linux Kernel
2004-04-14 15:46:44
JSON
Related for REDHAT-RHSA-2005-495.NASL
redhat7nessus19centos8openvas3cve1debiancve1suse1