Scientific Linux Security Update : nautilus on SL7.x x86_64 (20180125)

2018-01-2500:00:00

www.tenable.com

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

0.002 Low

EPSS

Percentile

54.7%

JSON

Security Fix(es) :

An untrusted .desktop file with executable permission set could choose its displayed name and icon, and execute commands without warning when opened by the user. An attacker could use this flaw to trick a user into opening a .desktop file disguised as a document, such as a PDF, and execute arbitrary commands.
(CVE-2017-14604)

Note: This update will change the behavior of Nautilus. Nautilus will now prompt the user for confirmation when executing an untrusted .desktop file for the first time, and then add it to the trusted file list. Desktop files stored in the system directory, as specified by the XDG_DATA_DIRS environment variable, are always considered trusted and executed without prompt.

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text is (C) Scientific Linux.
#

include("compat.inc");

if (description)
{
  script_id(106341);
  script_version("1.3");
  script_set_attribute(attribute:"plugin_modification_date", value:"2020/02/24");

  script_cve_id("CVE-2017-14604");

  script_name(english:"Scientific Linux Security Update : nautilus on SL7.x x86_64 (20180125)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Scientific Linux host is missing one or more security
updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Security Fix(es) :

  - An untrusted .desktop file with executable permission
    set could choose its displayed name and icon, and
    execute commands without warning when opened by the
    user. An attacker could use this flaw to trick a user
    into opening a .desktop file disguised as a document,
    such as a PDF, and execute arbitrary commands.
    (CVE-2017-14604)

Note: This update will change the behavior of Nautilus. Nautilus will
now prompt the user for confirmation when executing an untrusted
.desktop file for the first time, and then add it to the trusted file
list. Desktop files stored in the system directory, as specified by
the XDG_DATA_DIRS environment variable, are always considered trusted
and executed without prompt."
  );
  # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1801&L=scientific-linux-errata&F=&S=&P=9492
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?dec1e4a9"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:N/I:P/A:N");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:nautilus");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:nautilus-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:nautilus-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:nautilus-extensions");
  script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux");

  script_set_attribute(attribute:"vuln_publication_date", value:"2017/09/20");
  script_set_attribute(attribute:"patch_publication_date", value:"2018/01/25");
  script_set_attribute(attribute:"plugin_publication_date", value:"2018/01/25");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Scientific Linux Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux");
os_ver = pregmatch(pattern: "Scientific Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Scientific Linux");
os_ver = os_ver[1];
if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Scientific Linux 7.x", "Scientific Linux " + os_ver);
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu);
if ("x86_64" >!< cpu) audit(AUDIT_ARCH_NOT, "x86_64", cpu);


flag = 0;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"nautilus-3.22.3-4.el7_4")) flag++;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"nautilus-debuginfo-3.22.3-4.el7_4")) flag++;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"nautilus-devel-3.22.3-4.el7_4")) flag++;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"nautilus-extensions-3.22.3-4.el7_4")) flag++;


if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_WARNING,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "nautilus / nautilus-debuginfo / nautilus-devel / etc");
}

VendorProductVersionCPE
fermilabscientific_linuxnautilusp-cpe:/a:fermilab:scientific_linux:nautilus
fermilabscientific_linuxnautilus-debuginfop-cpe:/a:fermilab:scientific_linux:nautilus-debuginfo
fermilabscientific_linuxnautilus-develp-cpe:/a:fermilab:scientific_linux:nautilus-devel
fermilabscientific_linuxnautilus-extensionsp-cpe:/a:fermilab:scientific_linux:nautilus-extensions
fermilabscientific_linuxx-cpe:/o:fermilab:scientific_linux

Vendor	Product	Version	CPE
fermilab	scientific_linux	nautilus	p-cpe:/a:fermilab:scientific_linux:nautilus
fermilab	scientific_linux	nautilus-debuginfo	p-cpe:/a:fermilab:scientific_linux:nautilus-debuginfo
fermilab	scientific_linux	nautilus-devel	p-cpe:/a:fermilab:scientific_linux:nautilus-devel
fermilab	scientific_linux	nautilus-extensions	p-cpe:/a:fermilab:scientific_linux:nautilus-extensions
fermilab	scientific_linux		x-cpe:/o:fermilab:scientific_linux