Scientific Linux Security Update : 389-ds-base on SL7.x x86_64 (20180306)

2018-03-0800:00:00

www.tenable.com

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

0.008 Low

EPSS

Percentile

81.3%

JSON

Security Fix(es) :

389-ds-base: remote Denial of Service (DoS) via search filters in SetUnicodeStringFromUTF_8 in collate.c (CVE-2018-1054)
389-ds-base: Authentication bypass due to lack of size check in slapi_ct_memcmp function in ch_malloc.c (CVE-2017-15135)

Bug Fix(es) :

Previously, if an administrator configured an index for an attribute with a specific matching rule in the ‘nsMatchingRule’ parameter, Directory Server did not use the retrieved indexer. As a consequence, Directory Server did not index the values of this attribute with the specified matching rules, and searches with extended filters were unindexed. With this update, Directory Server uses the retrieved indexer that processes the specified matching rule. As a result, searches using extended filters with a specified matching rule are now indexed.

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text is (C) Scientific Linux.
#

include("compat.inc");

if (description)
{
  script_id(107209);
  script_version("1.4");
  script_set_attribute(attribute:"plugin_modification_date", value:"2020/02/24");

  script_cve_id("CVE-2017-15135", "CVE-2018-1054");

  script_name(english:"Scientific Linux Security Update : 389-ds-base on SL7.x x86_64 (20180306)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Scientific Linux host is missing one or more security
updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Security Fix(es) :

  - 389-ds-base: remote Denial of Service (DoS) via search
    filters in SetUnicodeStringFromUTF_8 in collate.c
    (CVE-2018-1054)

  - 389-ds-base: Authentication bypass due to lack of size
    check in slapi_ct_memcmp function in ch_malloc.c
    (CVE-2017-15135)

Bug Fix(es) :

  - Previously, if an administrator configured an index for
    an attribute with a specific matching rule in the
    'nsMatchingRule' parameter, Directory Server did not use
    the retrieved indexer. As a consequence, Directory
    Server did not index the values of this attribute with
    the specified matching rules, and searches with extended
    filters were unindexed. With this update, Directory
    Server uses the retrieved indexer that processes the
    specified matching rule. As a result, searches using
    extended filters with a specified matching rule are now
    indexed."
  );
  # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1803&L=scientific-linux-errata&F=&S=&P=76
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?1f847d85"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:389-ds-base");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:389-ds-base-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:389-ds-base-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:389-ds-base-libs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:389-ds-base-snmp");
  script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux");

  script_set_attribute(attribute:"vuln_publication_date", value:"2018/01/24");
  script_set_attribute(attribute:"patch_publication_date", value:"2018/03/06");
  script_set_attribute(attribute:"plugin_publication_date", value:"2018/03/08");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Scientific Linux Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux");
os_ver = pregmatch(pattern: "Scientific Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Scientific Linux");
os_ver = os_ver[1];
if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Scientific Linux 7.x", "Scientific Linux " + os_ver);
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu);
if ("x86_64" >!< cpu) audit(AUDIT_ARCH_NOT, "x86_64", cpu);


flag = 0;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"389-ds-base-1.3.6.1-28.el7_4")) flag++;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"389-ds-base-debuginfo-1.3.6.1-28.el7_4")) flag++;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"389-ds-base-devel-1.3.6.1-28.el7_4")) flag++;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"389-ds-base-libs-1.3.6.1-28.el7_4")) flag++;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"389-ds-base-snmp-1.3.6.1-28.el7_4")) flag++;


if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_WARNING,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "389-ds-base / 389-ds-base-debuginfo / 389-ds-base-devel / etc");
}

VendorProductVersionCPE
fermilabscientific_linux389-ds-basep-cpe:/a:fermilab:scientific_linux:389-ds-base
fermilabscientific_linux389-ds-base-debuginfop-cpe:/a:fermilab:scientific_linux:389-ds-base-debuginfo
fermilabscientific_linux389-ds-base-develp-cpe:/a:fermilab:scientific_linux:389-ds-base-devel
fermilabscientific_linux389-ds-base-libsp-cpe:/a:fermilab:scientific_linux:389-ds-base-libs
fermilabscientific_linux389-ds-base-snmpp-cpe:/a:fermilab:scientific_linux:389-ds-base-snmp
fermilabscientific_linuxx-cpe:/o:fermilab:scientific_linux

Vendor	Product	Version	CPE
fermilab	scientific_linux	389-ds-base	p-cpe:/a:fermilab:scientific_linux:389-ds-base
fermilab	scientific_linux	389-ds-base-debuginfo	p-cpe:/a:fermilab:scientific_linux:389-ds-base-debuginfo
fermilab	scientific_linux	389-ds-base-devel	p-cpe:/a:fermilab:scientific_linux:389-ds-base-devel
fermilab	scientific_linux	389-ds-base-libs	p-cpe:/a:fermilab:scientific_linux:389-ds-base-libs
fermilab	scientific_linux	389-ds-base-snmp	p-cpe:/a:fermilab:scientific_linux:389-ds-base-snmp
fermilab	scientific_linux		x-cpe:/o:fermilab:scientific_linux