#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update dhcp-5081.
#
# The text description of this plugin is (C) SUSE LLC.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(75814);
script_version("1.7");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/14");
script_cve_id("CVE-2011-2748", "CVE-2011-2749");
script_name(english:"openSUSE Security Update : dhcp (openSUSE-SU-2011:1021-1)");
script_summary(english:"Check for the dhcp-5081 patch");
script_set_attribute(
attribute:"synopsis",
value:"The remote openSUSE host is missing a security update."
);
script_set_attribute(
attribute:"description",
value:
"This update of dhcp fixes two Denial of Service (CVE-2011-2748,
CVE-2011-2749) vulnerabilities caused by specially crafted BOOTP
packets.
Also following bugs were fixed :
- Moved server pid files into chroot directory even chroot
is not used and create a link in /var/run, so it can
write one when started as user without chroot and avoid
stop problems when the chroot sysconfig setting changed
(bnc#712438).
- Fixed dhclient-script to not remove alias IP when it
didn't changed to not wipe out iptables connmark when
renewing the lease (bnc#700771). Thanks to James Carter
for the patch.
- Removed GPL licensed files (bind-*/contrib/dbus) from
bind.tgz to ensure, they're not used to build non-GPL
dhcp.
- Disabled log-info level messages in dhclient(6) quiet
mode to avoid excessive logging of non-critical messages
(bnc#711420)."
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=700771"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=711420"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=712438"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=712653"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=714004"
);
script_set_attribute(
attribute:"see_also",
value:"https://lists.opensuse.org/opensuse-updates/2011-09/msg00014.html"
);
script_set_attribute(attribute:"solution", value:"Update the affected dhcp packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:dhcp");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:dhcp-client");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:dhcp-client-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:dhcp-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:dhcp-debugsource");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:dhcp-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:dhcp-relay");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:dhcp-relay-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:dhcp-server");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:dhcp-server-debuginfo");
script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:11.4");
script_set_attribute(attribute:"patch_publication_date", value:"2011/08/30");
script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/13");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"SuSE Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE11\.4)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "11.4", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
ourarch = get_kb_item("Host/cpu");
if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
flag = 0;
if ( rpm_check(release:"SUSE11.4", reference:"dhcp-4.2.1-0.9.1") ) flag++;
if ( rpm_check(release:"SUSE11.4", reference:"dhcp-client-4.2.1-0.9.1") ) flag++;
if ( rpm_check(release:"SUSE11.4", reference:"dhcp-client-debuginfo-4.2.1-0.9.1") ) flag++;
if ( rpm_check(release:"SUSE11.4", reference:"dhcp-debuginfo-4.2.1-0.9.1") ) flag++;
if ( rpm_check(release:"SUSE11.4", reference:"dhcp-debugsource-4.2.1-0.9.1") ) flag++;
if ( rpm_check(release:"SUSE11.4", reference:"dhcp-devel-4.2.1-0.9.1") ) flag++;
if ( rpm_check(release:"SUSE11.4", reference:"dhcp-relay-4.2.1-0.9.1") ) flag++;
if ( rpm_check(release:"SUSE11.4", reference:"dhcp-relay-debuginfo-4.2.1-0.9.1") ) flag++;
if ( rpm_check(release:"SUSE11.4", reference:"dhcp-server-4.2.1-0.9.1") ) flag++;
if ( rpm_check(release:"SUSE11.4", reference:"dhcp-server-debuginfo-4.2.1-0.9.1") ) flag++;
if (flag)
{
if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
else security_hole(0);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "dhcp");
}
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation