Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2005-2021 and is owned by Tenable, Inc. or an Affiliate thereof.REDHAT-RHSA-2005-770.NASL
HistoryOct 19, 2005 - 12:00 a.m.

RHEL 2.1 : libuser (RHSA-2005:770)

2005-10-1900:00:00
This script is Copyright (C) 2005-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
11

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.005 Low

EPSS

Percentile

75.9%

JSON

Updated libuser packages that fix various security issues are now available.

This update has been rated as having low security impact by the Red Hat Security Response Team.

The libuser library implements a standardized interface for manipulating and administering user and group accounts. The library uses pluggable back-ends to interface to its data sources. Sample applications that are modeled after applications from the shadow password suite are included in the package.

Several denial of service bugs were discovered in libuser. Under certain conditions it is possible for an application linked against libuser to crash or operate irregularly. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-2392 to these issues.

All users of libuser are advised to upgrade to these updated packages, which contain a backported fix and are not vulnerable to these issues.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Red Hat Security Advisory RHSA-2005:770. The text 
# itself is copyright (C) Red Hat, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(20047);
  script_version("1.23");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/14");

  script_cve_id("CVE-2004-2392");
  script_xref(name:"RHSA", value:"2005:770");

  script_name(english:"RHEL 2.1 : libuser (RHSA-2005:770)");
  script_summary(english:"Checks the rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Red Hat host is missing one or more security updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Updated libuser packages that fix various security issues are now
available.

This update has been rated as having low security impact by the Red
Hat Security Response Team.

The libuser library implements a standardized interface for
manipulating and administering user and group accounts. The library
uses pluggable back-ends to interface to its data sources. Sample
applications that are modeled after applications from the shadow
password suite are included in the package.

Several denial of service bugs were discovered in libuser. Under
certain conditions it is possible for an application linked against
libuser to crash or operate irregularly. The Common Vulnerabilities
and Exposures project (cve.mitre.org) has assigned the name
CVE-2004-2392 to these issues.

All users of libuser are advised to upgrade to these updated packages,
which contain a backported fix and are not vulnerable to these issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2004-2392"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/errata/RHSA-2005:770"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected libuser and / or libuser-devel packages."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libuser");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libuser-devel");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:2.1");

  script_set_attribute(attribute:"vuln_publication_date", value:"2004/12/31");
  script_set_attribute(attribute:"patch_publication_date", value:"2005/10/11");
  script_set_attribute(attribute:"plugin_publication_date", value:"2005/10/19");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2005-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Red Hat Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
os_ver = os_ver[1];
if (! preg(pattern:"^2\.1([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 2.1", "Red Hat " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
if (cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i386", cpu);

yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
if (!empty_or_null(yum_updateinfo)) 
{
  rhsa = "RHSA-2005:770";
  yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
  if (!empty_or_null(yum_report))
  {
    security_report_v4(
      port       : 0,
      severity   : SECURITY_WARNING,
      extra      : yum_report 
    );
    exit(0);
  }
  else
  {
    audit_message = "affected by Red Hat security advisory " + rhsa;
    audit(AUDIT_OS_NOT, audit_message);
  }
}
else
{
  flag = 0;
  if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"libuser-0.32-1.el2.1")) flag++;
  if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"libuser-devel-0.32-1.el2.1")) flag++;

  if (flag)
  {
    security_report_v4(
      port       : 0,
      severity   : SECURITY_WARNING,
      extra      : rpm_report_get() + redhat_report_package_caveat()
    );
    exit(0);
  }
  else
  {
    tested = pkg_tests_get();
    if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
    else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libuser / libuser-devel");
  }
}
VendorProductVersionCPE
redhatenterprise_linuxlibuserp-cpe:/a:redhat:enterprise_linux:libuser
redhatenterprise_linuxlibuser-develp-cpe:/a:redhat:enterprise_linux:libuser-devel
redhatenterprise_linux2.1cpe:/o:redhat:enterprise_linux:2.1

Related

centos 1
cve 1
redhat 1
cvelist 1
nessus 1
nvd 1
centos
centos
libuser security update
2005-10-12 00:30:45
cve
cve
CVE-2004-2392
2005-08-17 04:00:00
redhat
redhat
(RHSA-2005:770) libuser security update
2005-10-11 00:00:00
cvelist
cvelist
CVE-2004-2392
2005-08-17 04:00:00
nessus
nessus
Mandrake Linux Security Advisory : libuser (MDKSA-2004:044)
2004-07-31 00:00:00
nvd
nvd
CVE-2004-2392
2004-12-31 05:00:00

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.005 Low

EPSS

Percentile

75.9%

JSON
Related for REDHAT-RHSA-2005-770.NASL
centos1cve1redhat1cvelist1nessus1nvd1