Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.SL_20141014_TROUSERS_ON_SL6_X.NASL
HistoryOct 23, 2014 - 12:00 a.m.

Scientific Linux Security Update : trousers on SL6.x i386/x86_64 (20141014)

2014-10-2300:00:00
This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
9
JSON

A flaw was found in the way tcsd, the daemon that manages Trusted Computing resources, processed incoming TCP packets. A remote attacker could send a specially crafted TCP packet that, when processed by tcsd, could cause the daemon to crash. Note that by default tcsd accepts requests on localhost only. (CVE-2012-0698)

The trousers package has been upgraded to upstream version 0.3.13, which provides a number of bug fixes and enhancements over the previous version, including corrected internal symbol names to avoid collisions with other applications, fixed memory leaks, added IPv6 support, fixed buffer handling in tcsd, as well as changed the license to BSD.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text is (C) Scientific Linux.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(78642);
  script_version("1.5");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/14");

  script_cve_id("CVE-2012-0698");

  script_name(english:"Scientific Linux Security Update : trousers on SL6.x i386/x86_64 (20141014)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Scientific Linux host is missing one or more security
updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"A flaw was found in the way tcsd, the daemon that manages Trusted
Computing resources, processed incoming TCP packets. A remote attacker
could send a specially crafted TCP packet that, when processed by
tcsd, could cause the daemon to crash. Note that by default tcsd
accepts requests on localhost only. (CVE-2012-0698)

The trousers package has been upgraded to upstream version 0.3.13,
which provides a number of bug fixes and enhancements over the
previous version, including corrected internal symbol names to avoid
collisions with other applications, fixed memory leaks, added IPv6
support, fixed buffer handling in tcsd, as well as changed the license
to BSD."
  );
  # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1410&L=scientific-linux-errata&T=0&P=1572
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?e905372b"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:trousers");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:trousers-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:trousers-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:trousers-static");
  script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux");

  script_set_attribute(attribute:"vuln_publication_date", value:"2012/11/26");
  script_set_attribute(attribute:"patch_publication_date", value:"2014/10/14");
  script_set_attribute(attribute:"plugin_publication_date", value:"2014/10/23");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Scientific Linux Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux");
os_ver = pregmatch(pattern: "Scientific Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Scientific Linux");
os_ver = os_ver[1];
if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Scientific Linux 6.x", "Scientific Linux " + os_ver);
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu);


flag = 0;
if (rpm_check(release:"SL6", reference:"trousers-0.3.13-2.el6")) flag++;
if (rpm_check(release:"SL6", reference:"trousers-debuginfo-0.3.13-2.el6")) flag++;
if (rpm_check(release:"SL6", reference:"trousers-devel-0.3.13-2.el6")) flag++;
if (rpm_check(release:"SL6", reference:"trousers-static-0.3.13-2.el6")) flag++;


if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_WARNING,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "trousers / trousers-debuginfo / trousers-devel / trousers-static");
}
VendorProductVersionCPE
fermilabscientific_linuxtrousersp-cpe:/a:fermilab:scientific_linux:trousers
fermilabscientific_linuxtrousers-debuginfop-cpe:/a:fermilab:scientific_linux:trousers-debuginfo
fermilabscientific_linuxtrousers-develp-cpe:/a:fermilab:scientific_linux:trousers-devel
fermilabscientific_linuxtrousers-staticp-cpe:/a:fermilab:scientific_linux:trousers-static
fermilabscientific_linuxx-cpe:/o:fermilab:scientific_linux

Related

nessus 6
securityvulns 2
redhat 1
openvas 6
debiancve 1
packetstorm 1
oraclelinux 1
cve 1
centos 1
debian 1
ubuntucve 1
prion 1
fedora 1
veracode 1
nessus
nessus
Fedora 17 : trousers-0.3.9-1.fc17 (2012-12973)
2012-09-10 00:00:00
CentOS 6 : trousers (CESA-2014:1507)
2014-11-12 00:00:00
Oracle Linux 6 : trousers (ELSA-2014-1507)
2014-10-17 00:00:00
securityvulns
securityvulns
[SECURITY] [DSA 2576-1] trousers security update
2012-11-26 00:00:00
trousers DoS
2012-11-26 00:00:00
redhat
redhat
(RHSA-2014:1507) Low: trousers security, bug fix, and enhancement update
2014-10-14 00:00:00
openvas
openvas
Fedora Update for trousers FEDORA-2012-12973
2012-09-11 00:00:00
Oracle: Security Advisory (ELSA-2014-1507)
2015-10-06 00:00:00
RedHat Update for trousers RHSA-2014:1507-02
2014-10-15 00:00:00
debiancve
debiancve
CVE-2012-0698
2012-11-26 12:45:00
packetstorm
packetstorm
TrouSerS Denial Of Service
2012-11-23 00:00:00
oraclelinux
oraclelinux
trousers security, bug fix, and enhancement update
2014-10-15 00:00:00
cve
cve
CVE-2012-0698
2012-11-26 12:45:00
centos
centos
trousers security update
2014-10-20 18:11:03
debian
debian
[SECURITY] [DSA 2576-1] trousers security update
2012-11-23 06:27:58
ubuntucve
ubuntucve
CVE-2012-0698
2012-11-26 00:00:00
prion
prion
Code injection
2012-11-26 12:45:00
fedora
fedora
[SECURITY] Fedora 17 Update: trousers-0.3.9-1.fc17
2012-09-07 11:26:47
veracode
veracode
Denial Of Service (DoS)
2019-01-15 09:02:21
JSON
Related for SL_20141014_TROUSERS_ON_SL6_X.NASL
nessus6securityvulns2redhat1openvas6debiancve1packetstorm1oraclelinux1cve1centos1debian1ubuntucve1prion1fedora1veracode1