Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.REDHAT-RHSA-2016-1852.NASL
HistoryDec 04, 2018 - 12:00 a.m.

RHEL 7 : Red Hat OpenShift Enterprise 3.1 (RHSA-2016:1852)

2018-12-0400:00:00
This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
10
JSON

An update for Red Hat OpenShift Enterprise 3.1 is now available.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

OpenShift Enterprise by Red Hat is the company’s cloud computing Platform-as-a-Service (PaaS) solution designed for on-premise or private cloud deployments.

Security Fix(es) :

  • A flaw was found in the way libarchive handled hardlink archive entries of non-zero size. Combined with flaws in libarchive’s file system sandboxing, this issue could cause an application using libarchive to overwrite arbitrary files with arbitrary data from the archive. (CVE-2016-5418)

Red Hat would like to thank Insomnia Security for reporting this issue.

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Red Hat Security Advisory RHSA-2016:1852. The text 
# itself is copyright (C) Red Hat, Inc.
#

include("compat.inc");

if (description)
{
  script_id(119380);
  script_version("1.5");
  script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/11");

  script_cve_id("CVE-2016-5418");
  script_xref(name:"RHSA", value:"2016:1852");

  script_name(english:"RHEL 7 : Red Hat OpenShift Enterprise 3.1 (RHSA-2016:1852)");
  script_summary(english:"Checks the rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis",
    value:"The remote Red Hat host is missing one or more security updates."
  );
  script_set_attribute(
    attribute:"description",
    value:
"An update for Red Hat OpenShift Enterprise 3.1 is now available.

Red Hat Product Security has rated this update as having a security
impact of Important. A Common Vulnerability Scoring System (CVSS) base
score, which gives a detailed severity rating, is available for each
vulnerability from the CVE link(s) in the References section.

OpenShift Enterprise by Red Hat is the company's cloud computing
Platform-as-a-Service (PaaS) solution designed for on-premise or
private cloud deployments.

Security Fix(es) :

* A flaw was found in the way libarchive handled hardlink archive
entries of non-zero size. Combined with flaws in libarchive's file
system sandboxing, this issue could cause an application using
libarchive to overwrite arbitrary files with arbitrary data from the
archive. (CVE-2016-5418)

Red Hat would like to thank Insomnia Security for reporting this
issue."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/errata/RHSA-2016:1852"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2016-5418"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:atomic-openshift");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-clients");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-clients-redistributable");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-dockerregistry");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-master");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-node");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-pod");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-recycle");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-sdn-ovs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tuned-profiles-atomic-openshift-node");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7");

  script_set_attribute(attribute:"vuln_publication_date", value:"2016/09/21");
  script_set_attribute(attribute:"patch_publication_date", value:"2016/09/12");
  script_set_attribute(attribute:"plugin_publication_date", value:"2018/12/04");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Red Hat Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
os_ver = os_ver[1];
if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 7.x", "Red Hat " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
if ("x86_64" >!< cpu) audit(AUDIT_ARCH_NOT, "x86_64", cpu);

yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
if (!empty_or_null(yum_updateinfo)) 
{
  rhsa = "RHSA-2016:1852";
  yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
  if (!empty_or_null(yum_report))
  {
    security_report_v4(
      port       : 0,
      severity   : SECURITY_WARNING,
      extra      : yum_report 
    );
    exit(0);
  }
  else
  {
    audit_message = "affected by Red Hat security advisory " + rhsa;
    audit(AUDIT_OS_NOT, audit_message);
  }
}
else
{
  flag = 0;
  if (rpm_exists(rpm:"atomic-openshift-3.1", release:"RHEL7") && rpm_check(release:"RHEL7", cpu:"x86_64", reference:"atomic-openshift-3.1.1.7-1.git.0.65f396b.el7aos")) flag++;
  if (rpm_exists(rpm:"atomic-openshift-clients-3.1", release:"RHEL7") && rpm_check(release:"RHEL7", cpu:"x86_64", reference:"atomic-openshift-clients-3.1.1.7-1.git.0.65f396b.el7aos")) flag++;
  if (rpm_exists(rpm:"atomic-openshift-clients-redistributable-3.1", release:"RHEL7") && rpm_check(release:"RHEL7", cpu:"x86_64", reference:"atomic-openshift-clients-redistributable-3.1.1.7-1.git.0.65f396b.el7aos")) flag++;
  if (rpm_exists(rpm:"atomic-openshift-dockerregistry-3.1", release:"RHEL7") && rpm_check(release:"RHEL7", cpu:"x86_64", reference:"atomic-openshift-dockerregistry-3.1.1.7-1.git.0.65f396b.el7aos")) flag++;
  if (rpm_exists(rpm:"atomic-openshift-master-3.1", release:"RHEL7") && rpm_check(release:"RHEL7", cpu:"x86_64", reference:"atomic-openshift-master-3.1.1.7-1.git.0.65f396b.el7aos")) flag++;
  if (rpm_exists(rpm:"atomic-openshift-node-3.1", release:"RHEL7") && rpm_check(release:"RHEL7", cpu:"x86_64", reference:"atomic-openshift-node-3.1.1.7-1.git.0.65f396b.el7aos")) flag++;
  if (rpm_exists(rpm:"atomic-openshift-pod-3.1", release:"RHEL7") && rpm_check(release:"RHEL7", cpu:"x86_64", reference:"atomic-openshift-pod-3.1.1.7-1.git.0.65f396b.el7aos")) flag++;
  if (rpm_exists(rpm:"atomic-openshift-recycle-3.1", release:"RHEL7") && rpm_check(release:"RHEL7", cpu:"x86_64", reference:"atomic-openshift-recycle-3.1.1.7-1.git.0.65f396b.el7aos")) flag++;
  if (rpm_exists(rpm:"atomic-openshift-sdn-ovs-3.1", release:"RHEL7") && rpm_check(release:"RHEL7", cpu:"x86_64", reference:"atomic-openshift-sdn-ovs-3.1.1.7-1.git.0.65f396b.el7aos")) flag++;
  if (rpm_exists(rpm:"tuned-profiles-atomic-openshift-node-3.1", release:"RHEL7") && rpm_check(release:"RHEL7", cpu:"x86_64", reference:"tuned-profiles-atomic-openshift-node-3.1.1.7-1.git.0.65f396b.el7aos")) flag++;

  if (flag)
  {
    security_report_v4(
      port       : 0,
      severity   : SECURITY_WARNING,
      extra      : rpm_report_get() + redhat_report_package_caveat()
    );
    exit(0);
  }
  else
  {
    tested = pkg_tests_get();
    if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
    else audit(AUDIT_PACKAGE_NOT_INSTALLED, "atomic-openshift / atomic-openshift-clients / etc");
  }
}
VendorProductVersionCPE
redhatenterprise_linuxatomic-openshiftp-cpe:/a:redhat:enterprise_linux:atomic-openshift
redhatenterprise_linuxatomic-openshift-clientsp-cpe:/a:redhat:enterprise_linux:atomic-openshift-clients
redhatenterprise_linuxatomic-openshift-clients-redistributablep-cpe:/a:redhat:enterprise_linux:atomic-openshift-clients-redistributable
redhatenterprise_linuxatomic-openshift-dockerregistryp-cpe:/a:redhat:enterprise_linux:atomic-openshift-dockerregistry
redhatenterprise_linuxatomic-openshift-masterp-cpe:/a:redhat:enterprise_linux:atomic-openshift-master
redhatenterprise_linuxatomic-openshift-nodep-cpe:/a:redhat:enterprise_linux:atomic-openshift-node
redhatenterprise_linuxatomic-openshift-podp-cpe:/a:redhat:enterprise_linux:atomic-openshift-pod
redhatenterprise_linuxatomic-openshift-recyclep-cpe:/a:redhat:enterprise_linux:atomic-openshift-recycle
redhatenterprise_linuxatomic-openshift-sdn-ovsp-cpe:/a:redhat:enterprise_linux:atomic-openshift-sdn-ovs
redhatenterprise_linuxtuned-profiles-atomic-openshift-nodep-cpe:/a:redhat:enterprise_linux:tuned-profiles-atomic-openshift-node
Rows per page:
1-10 of 111

Related

openvas 14
mageia 1
debiancve 1
nessus 23
veracode 2
f5 1
redhat 4
redhatcve 1
osv 1
prion 1
ubuntucve 1
debian 3
cve 1
oraclelinux 2
centos 2
ubuntu 1
cloudfoundry 1
ibm 1
amazon 1
gentoo 1
openvas
openvas
Debian: Security Advisory (DLA-657-1)
2023-03-08 00:00:00
Mageia: Security Advisory (MGASA-2016-0318)
2022-01-28 00:00:00
F5 BIG-IP - libarchive vulnerability CVE-2016-5418
2016-12-14 00:00:00
mageia
mageia
Updated libarchive packages fix security vulnerability
2016-09-25 14:41:52
debiancve
debiancve
CVE-2016-5418
2016-09-21 14:25:00
nessus
nessus
Debian DLA-657-1 : libarchive security update
2016-10-17 00:00:00
RHEL 7 : Red Hat OpenShift Enterprise 3.2 (RHSA-2016:1853)
2018-12-04 00:00:00
F5 Networks BIG-IP : libarchive vulnerability (K35246595)
2016-12-12 00:00:00
veracode
veracode
Arbitrary File Overwrite
2019-01-15 09:13:10
Arbitrary File Overwrite
2018-07-17 06:21:27
f5
f5
K35246595 : libarchive vulnerability CVE-2016-5418
2016-12-08 00:00:00
redhat
redhat
(RHSA-2016:1852) Important: Red Hat OpenShift Enterprise 3.1 security update
2016-09-12 17:25:20
(RHSA-2016:1853) Important: Red Hat OpenShift Enterprise 3.2 security update and bug fix update
2016-09-12 17:25:58
(RHSA-2016:1850) Important: libarchive security update
2016-09-12 15:10:17
redhatcve
redhatcve
CVE-2016-5418
2016-09-12 15:18:48
osv
osv
libarchive - security update
2016-10-16 00:00:00
prion
prion
Code injection
2016-09-21 14:25:00
ubuntucve
ubuntucve
CVE-2016-5418
2016-09-21 00:00:00
debian
debian
[SECURITY] [DLA 657-1] libarchive security update
2016-10-16 10:33:30
[SECURITY] [DSA 3677-1] libarchive security update
2016-09-25 09:50:39
[SECURITY] [DSA 3677-1] libarchive security update
2016-09-25 09:50:39
cve
cve
CVE-2016-5418
2016-09-21 14:25:00
oraclelinux
oraclelinux
libarchive security update
2016-09-12 00:00:00
libarchive security update
2016-09-12 00:00:00
centos
centos
libarchive security update
2016-09-15 22:26:12
bsdcpio, bsdtar, libarchive security update
2016-09-16 00:18:58
ubuntu
ubuntu
libarchive vulnerabilities
2017-03-09 00:00:00
cloudfoundry
cloudfoundry
USN-3225-1: libarchive vulnerabilities | Cloud Foundry
2017-03-31 00:00:00
ibm
ibm
Security Bulletin: Vulnerabilities in libarchive affect PowerKVM
2018-06-18 01:33:29
amazon
amazon
Important: libarchive
2016-09-27 10:30:00
gentoo
gentoo
libarchive: Multiple vulnerabilities
2017-01-01 00:00:00
JSON
Related for REDHAT-RHSA-2016-1852.NASL
openvas14mageia1debiancve1nessus23veracode2f51redhat4redhatcve1osv1prion1ubuntucve1debian3cve1oraclelinux2centos2ubuntu1cloudfoundry1ibm1amazon1gentoo1