5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.027 Low
EPSS
Percentile
90.5%
It was discovered that the xfs_metadump tool of the xfsprogs suite did not fully adhere to the standards of obfuscation described in its man page. In case a user with the necessary privileges used xfs_metadump and relied on the advertised obfuscation, the generated data could contain unexpected traces of potentially sensitive information.
(CVE-2012-2150)
The xfsprogs packages have been upgraded to upstream version 3.2.2, which provides a number of bug fixes and enhancements over the previous version. This release also includes updates present in upstream version 3.2.3, although it omits the mkfs.xfs default disk format change (for metadata checksumming) which is present upstream.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text is (C) Scientific Linux.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(87579);
script_version("2.4");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/14");
script_cve_id("CVE-2012-2150");
script_name(english:"Scientific Linux Security Update : xfsprogs on SL7.x x86_64 (20151119)");
script_summary(english:"Checks rpm output for the updated packages");
script_set_attribute(
attribute:"synopsis",
value:
"The remote Scientific Linux host is missing one or more security
updates."
);
script_set_attribute(
attribute:"description",
value:
"It was discovered that the xfs_metadump tool of the xfsprogs suite did
not fully adhere to the standards of obfuscation described in its man
page. In case a user with the necessary privileges used xfs_metadump
and relied on the advertised obfuscation, the generated data could
contain unexpected traces of potentially sensitive information.
(CVE-2012-2150)
The xfsprogs packages have been upgraded to upstream version 3.2.2,
which provides a number of bug fixes and enhancements over the
previous version. This release also includes updates present in
upstream version 3.2.3, although it omits the mkfs.xfs default disk
format change (for metadata checksumming) which is present upstream."
);
# https://listserv.fnal.gov/scripts/wa.exe?A2=ind1512&L=scientific-linux-errata&F=&S=&P=9537
script_set_attribute(
attribute:"see_also",
value:"http://www.nessus.org/u?1827b403"
);
script_set_attribute(attribute:"solution", value:"Update the affected packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:xfsprogs");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:xfsprogs-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:xfsprogs-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:xfsprogs-qa-devel");
script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux");
script_set_attribute(attribute:"vuln_publication_date", value:"2015/08/25");
script_set_attribute(attribute:"patch_publication_date", value:"2015/11/19");
script_set_attribute(attribute:"plugin_publication_date", value:"2015/12/22");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"Scientific Linux Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux");
os_ver = pregmatch(pattern: "Scientific Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Scientific Linux");
os_ver = os_ver[1];
if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Scientific Linux 7.x", "Scientific Linux " + os_ver);
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu);
if ("x86_64" >!< cpu) audit(AUDIT_ARCH_NOT, "x86_64", cpu);
flag = 0;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"xfsprogs-3.2.2-2.el7")) flag++;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"xfsprogs-debuginfo-3.2.2-2.el7")) flag++;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"xfsprogs-devel-3.2.2-2.el7")) flag++;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"xfsprogs-qa-devel-3.2.2-2.el7")) flag++;
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : rpm_report_get()
);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "xfsprogs / xfsprogs-debuginfo / xfsprogs-devel / xfsprogs-qa-devel");
}
Vendor | Product | Version | CPE |
---|---|---|---|
fermilab | scientific_linux | xfsprogs-debuginfo | p-cpe:/a:fermilab:scientific_linux:xfsprogs-debuginfo |
fermilab | scientific_linux | x-cpe:/o:fermilab:scientific_linux | |
fermilab | scientific_linux | xfsprogs-devel | p-cpe:/a:fermilab:scientific_linux:xfsprogs-devel |
fermilab | scientific_linux | xfsprogs-qa-devel | p-cpe:/a:fermilab:scientific_linux:xfsprogs-qa-devel |
fermilab | scientific_linux | xfsprogs | p-cpe:/a:fermilab:scientific_linux:xfsprogs |