Scientific Linux Security Update : sos on SL5.x (noarch) (20130730)

🗓️ 31 Jul 2013 00:00:00Reported by TenableType

Scientific Linux Security Update: sos on SL5.x (CVE-2012-2664) The sosreport utility did not remove the root user's password from Kickstart configuration fil

Reporter	Title	Published	Views	Family All 37
BDU FSTEC	The vulnerability of the Red Hat Enterprise Linux operating system allows a remote attacker to compromise the confidentiality of protected information.	28 Apr 201500:00	–	bdu_fstec
BDU FSTEC	The vulnerability of the CentOS operating system allows a malicious attacker to compromise the confidentiality of protected information.	28 Apr 201500:00	–	bdu_fstec
Tenable Nessus	CentOS 6 : sos (CESA-2012:0958)	11 Jul 201200:00	–	nessus
Tenable Nessus	CentOS 5 : sos (CESA-2013:1121)	31 Jul 201300:00	–	nessus
Tenable Nessus	MiracleLinux 4 : sos-2.2-29.0.1.AXS4 (AXSA:2012-573:02)	14 Jan 202600:00	–	nessus
Tenable Nessus	MiracleLinux 3 : sos-1.7-9.62.1.0.1.AXS3 (AXSA:2013-582:01)	16 Jan 202600:00	–	nessus
Tenable Nessus	Oracle Linux 6 : sos (ELSA-2012-0958)	12 Jul 201300:00	–	nessus
Tenable Nessus	Oracle Linux 5 : sos (ELSA-2013-1121)	31 Jul 201300:00	–	nessus
Tenable Nessus	RHEL 6 : sos (RHSA-2012:0958)	20 Jun 201200:00	–	nessus
Tenable Nessus	RHEL 5 : sos (RHSA-2013:1121)	31 Jul 201300:00	–	nessus

Source	Link
nessus	www.nessus.org/u
cve	www.cve.mitre.org/cgi-bin/cvename.cgi

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text is (C) Scientific Linux.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(69167);
  script_version("1.5");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/14");

  script_cve_id("CVE-2012-2664");

  script_name(english:"Scientific Linux Security Update : sos on SL5.x (noarch) (20130730)");
  script_summary(english:"Checks rpm output for the updated package");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Scientific Linux host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"The sosreport utility collected the Kickstart configuration file
('/root /anaconda-ks.cfg'), but did not remove the root user's
password from it before adding the file to the resulting archive of
debugging information. An attacker able to access the archive could
possibly use this flaw to obtain the root user's password.
'/root/anaconda-ks.cfg' usually only contains a hash of the password,
not the plain text password. (CVE-2012-2664)

Note: This issue affected all installations, not only systems
installed via Kickstart. A '/root/anaconda-ks.cfg' file is created by
all installation types.

The utility also collects yum repository information from
'/etc/yum.repos.d' which in uncommon configurations may contain
passwords. Any http_proxy password specified in these files will now
be automatically removed. Passwords embedded within URLs in these
files should be manually removed or the files excluded from the
archive."
  );
  # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1307&L=scientific-linux-errata&T=0&P=2699
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?4b575d82"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected sos package.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:sos");
  script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux");

  script_set_attribute(attribute:"vuln_publication_date", value:"2012/06/29");
  script_set_attribute(attribute:"patch_publication_date", value:"2013/07/30");
  script_set_attribute(attribute:"plugin_publication_date", value:"2013/07/31");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Scientific Linux Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux");
os_ver = pregmatch(pattern: "Scientific Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Scientific Linux");
os_ver = os_ver[1];
if (! preg(pattern:"^5([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Scientific Linux 5.x", "Scientific Linux " + os_ver);
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu);


flag = 0;
if (rpm_check(release:"SL5", reference:"sos-1.7-9.62.el5_9.1")) flag++;


if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_WARNING,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "sos");
}

14 Jan 2021 00:00Current

5.4Medium risk

Vulners AI Score5.4

CVSS 24.3

EPSS0.00438