Lucene search
This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.SL_20151119_XFSPROGS_ON_SL7_X.NASLHistoryDec 22, 2015 - 12:00 a.m.
Scientific Linux Security Update : xfsprogs on SL7.x x86_64 (20151119)
2015-12-2200:00:00
This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
10
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.027 Low
EPSS
Percentile
90.5%
It was discovered that the xfs_metadump tool of the xfsprogs suite did not fully adhere to the standards of obfuscation described in its man page. In case a user with the necessary privileges used xfs_metadump and relied on the advertised obfuscation, the generated data could contain unexpected traces of potentially sensitive information.
(CVE-2012-2150)
The xfsprogs packages have been upgraded to upstream version 3.2.2, which provides a number of bug fixes and enhancements over the previous version. This release also includes updates present in upstream version 3.2.3, although it omits the mkfs.xfs default disk format change (for metadata checksumming) which is present upstream.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text is (C) Scientific Linux.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(87579);
script_version("2.4");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/14");
script_cve_id("CVE-2012-2150");
script_name(english:"Scientific Linux Security Update : xfsprogs on SL7.x x86_64 (20151119)");
script_summary(english:"Checks rpm output for the updated packages");
script_set_attribute(
attribute:"synopsis",
value:
"The remote Scientific Linux host is missing one or more security
updates."
);
script_set_attribute(
attribute:"description",
value:
"It was discovered that the xfs_metadump tool of the xfsprogs suite did
not fully adhere to the standards of obfuscation described in its man
page. In case a user with the necessary privileges used xfs_metadump
and relied on the advertised obfuscation, the generated data could
contain unexpected traces of potentially sensitive information.
(CVE-2012-2150)
The xfsprogs packages have been upgraded to upstream version 3.2.2,
which provides a number of bug fixes and enhancements over the
previous version. This release also includes updates present in
upstream version 3.2.3, although it omits the mkfs.xfs default disk
format change (for metadata checksumming) which is present upstream."
);
# https://listserv.fnal.gov/scripts/wa.exe?A2=ind1512&L=scientific-linux-errata&F=&S=&P=9537
script_set_attribute(
attribute:"see_also",
value:"http://www.nessus.org/u?1827b403"
);
script_set_attribute(attribute:"solution", value:"Update the affected packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:xfsprogs");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:xfsprogs-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:xfsprogs-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:xfsprogs-qa-devel");
script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux");
script_set_attribute(attribute:"vuln_publication_date", value:"2015/08/25");
script_set_attribute(attribute:"patch_publication_date", value:"2015/11/19");
script_set_attribute(attribute:"plugin_publication_date", value:"2015/12/22");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"Scientific Linux Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux");
os_ver = pregmatch(pattern: "Scientific Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Scientific Linux");
os_ver = os_ver[1];
if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Scientific Linux 7.x", "Scientific Linux " + os_ver);
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu);
if ("x86_64" >!< cpu) audit(AUDIT_ARCH_NOT, "x86_64", cpu);
flag = 0;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"xfsprogs-3.2.2-2.el7")) flag++;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"xfsprogs-debuginfo-3.2.2-2.el7")) flag++;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"xfsprogs-devel-3.2.2-2.el7")) flag++;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"xfsprogs-qa-devel-3.2.2-2.el7")) flag++;
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : rpm_report_get()
);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "xfsprogs / xfsprogs-debuginfo / xfsprogs-devel / xfsprogs-qa-devel");
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| fermilab | scientific_linux | xfsprogs-debuginfo | p-cpe:/a:fermilab:scientific_linux:xfsprogs-debuginfo |
| fermilab | scientific_linux | x-cpe:/o:fermilab:scientific_linux | |
| fermilab | scientific_linux | xfsprogs-devel | p-cpe:/a:fermilab:scientific_linux:xfsprogs-devel |
| fermilab | scientific_linux | xfsprogs-qa-devel | p-cpe:/a:fermilab:scientific_linux:xfsprogs-qa-devel |
| fermilab | scientific_linux | xfsprogs | p-cpe:/a:fermilab:scientific_linux:xfsprogs |
Related
nessus
nessus
RHEL 7 : xfsprogs (RHSA-2015:2151)
2015-11-20 00:00:00
Oracle Linux 7 : xfsprogs (ELSA-2015-2151)
2015-11-24 00:00:00
Fedora 23 : xfsprogs-3.2.4-1.fc23 (2015-12380)
2015-08-20 00:00:00
fedora
fedora
[SECURITY] Fedora 21 Update: xfsprogs-3.2.2-2.fc21
2015-08-19 08:11:27
[SECURITY] Fedora 23 Update: xfsprogs-3.2.4-1.fc23
2015-08-19 08:10:26
[SECURITY] Fedora 22 Update: xfsprogs-3.2.2-2.fc22
2015-08-12 07:02:26
ubuntucve
ubuntucve
CVE-2012-2150
2015-08-25 00:00:00
openvas
openvas
Fedora Update for xfsprogs FEDORA-2015-12406
2015-08-20 00:00:00
SUSE: Security Advisory (SUSE-SU-2015:2383-1)
2021-06-09 00:00:00
Mageia: Security Advisory (MGASA-2015-0361)
2015-10-15 00:00:00
nvd
nvd
CVE-2012-2150
2015-08-25 17:59:00
cve
cve
CVE-2012-2150
2015-08-25 17:59:00
amazon
amazon
Low: xfsprogs
2015-12-14 10:00:00
oraclelinux
oraclelinux
xfsprogs security, bug fix and enhancement update
2015-11-23 00:00:00
redhat
redhat
(RHSA-2015:2151) Low: xfsprogs security, bug fix and enhancement update
2015-11-19 13:48:40
debiancve
debiancve
CVE-2012-2150
2015-08-25 17:59:00
prion
prion
Information disclosure
2015-08-25 17:59:00
cvelist
cvelist
CVE-2012-2150
2015-08-25 17:00:00
centos
centos
xfsprogs security update
2015-11-30 19:56:08
ibm
ibm
mageia
mageia
Updated xfsprogs packages fix CVE-2012-2150
2015-09-14 00:58:30
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.027 Low
EPSS
Percentile
90.5%
Related for SL_20151119_XFSPROGS_ON_SL7_X.NASL