Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.SL_20080731_NFS_UTILS_ON_SL5_X.NASL
HistoryAug 01, 2012 - 12:00 a.m.

Scientific Linux Security Update : nfs-utils on SL5.x i386/x86_64

2012-08-0100:00:00
This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
10

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

EPSS

0.015

Percentile

87.2%

JSON

A flaw was found in the nfs-utils package build. The nfs-utils package was missing TCP wrappers support, which could result in an administrator believing they had access restrictions enabled when they did not. (CVE-2008-1376)

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text is (C) Scientific Linux.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(60458);
  script_version("1.5");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/14");

  script_cve_id("CVE-2008-1376");

  script_name(english:"Scientific Linux Security Update : nfs-utils on SL5.x i386/x86_64");
  script_summary(english:"Checks rpm output for the updated package");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Scientific Linux host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"A flaw was found in the nfs-utils package build. The nfs-utils package
was missing TCP wrappers support, which could result in an
administrator believing they had access restrictions enabled when they
did not. (CVE-2008-1376)"
  );
  # https://listserv.fnal.gov/scripts/wa.exe?A2=ind0808&L=scientific-linux-errata&T=0&P=77
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?3579ebee"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected nfs-utils package."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_cwe_id(264);

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux");

  script_set_attribute(attribute:"patch_publication_date", value:"2008/07/31");
  script_set_attribute(attribute:"plugin_publication_date", value:"2012/08/01");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Scientific Linux Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux");
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu);


flag = 0;
if (rpm_check(release:"SL5", reference:"nfs-utils-1.0.9-35z.el5_2")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
VendorProductVersionCPE
fermilabscientific_linuxx-cpe:/o:fermilab:scientific_linux

Related

nessus 5
centos 2
openvas 5
prion 2
cvelist 2
redhat 2
nvd 2
oraclelinux 2
veracode 1
cve 2
nessus
nessus
CentOS 5 : nfs-utils (CESA-2008:0486)
2010-01-06 00:00:00
RHEL 5 : nfs-utils (RHSA-2008:0486)
2008-08-01 00:00:00
Oracle Linux 5 : nfs-utils (ELSA-2008-0486)
2013-07-12 00:00:00
centos
centos
nfs security update
2009-05-21 14:45:10
nfs security update
2008-07-31 22:00:24
openvas
openvas
RedHat Update for nfs-utils RHSA-2008:0486-01
2009-03-06 00:00:00
RedHat Security Advisory RHSA-2009:0955
2009-05-20 00:00:00
Oracle: Security Advisory (ELSA-2008-0486)
2015-10-08 00:00:00
prion
prion
Design/Logic Flaw
2008-08-01 14:41:00
Design/Logic Flaw
2009-01-20 16:30:00
cvelist
cvelist
CVE-2008-1376
2008-08-01 14:00:00
CVE-2009-0180
2009-01-20 16:00:00
redhat
redhat
(RHSA-2008:0486) Moderate: nfs-utils security update
2008-07-31 00:00:00
(RHSA-2009:0955) Moderate: nfs-utils security and bug fix update
2009-05-18 00:00:00
nvd
nvd
CVE-2008-1376
2008-08-01 14:41:00
CVE-2009-0180
2009-01-20 16:30:00
oraclelinux
oraclelinux
nfs-utils security update
2008-07-31 00:00:00
nfs-utils security and bug fix update
2009-05-26 00:00:00
veracode
veracode
Privilege Escalation
2020-04-10 00:28:58
cve
cve
CVE-2008-1376
2008-08-01 14:41:00
CVE-2009-0180
2009-01-20 16:30:00

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

EPSS

0.015

Percentile

87.2%

JSON
Related for SL_20080731_NFS_UTILS_ON_SL5_X.NASL
nessus5centos2openvas5prion2cvelist2redhat2nvd2oraclelinux2veracode1cve2