openSUSE 10 Security Update : gpg (gpg-2995)

2007-10-17T00:00:00
ID SUSE_GPG-2995.NASL
Type nessus
Reporter Tenable
Modified 2018-07-19T00:00:00

Description

When printing a text stream with a GPG signature it was possible for an attacker to create a stream with 'unsigned text, signed text' where both unsigned and signed text would be shown without distinction which one was signed and which part wasn't.

This is tracked by the Mitre CVE ID CVE-2007-1263.

The update introduces a new option

--allow-multiple-messages to print out such messages in the future, by default it only prints and handles the first one.

                                        
                                            #%NASL_MIN_LEVEL 70103

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update gpg-2995.
#
# The text description of this plugin is (C) SUSE LLC.
#

include("compat.inc");

if (description)
{
  script_id(27248);
  script_version ("1.9");
  script_cvs_date("Date: 2018/07/19 23:54:24");

  script_cve_id("CVE-2007-1263");

  script_name(english:"openSUSE 10 Security Update : gpg (gpg-2995)");
  script_summary(english:"Check for the gpg-2995 patch");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote openSUSE host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"When printing a text stream with a GPG signature it was possible for
an attacker to create a stream with 'unsigned text, signed text' where
both unsigned and signed text would be shown without distinction which
one was signed and which part wasn't.

This is tracked by the Mitre CVE ID CVE-2007-1263.

The update introduces a new option

--allow-multiple-messages to print out such messages in the future, by
default it only prints and handles the first one."
  );
  script_set_attribute(attribute:"solution", value:"Update the affected gpg package.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:gpg");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:10.1");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:10.2");

  script_set_attribute(attribute:"patch_publication_date", value:"2007/03/23");
  script_set_attribute(attribute:"plugin_publication_date", value:"2007/10/17");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2007-2018 Tenable Network Security, Inc.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE10\.1|SUSE10\.2)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "10.1 / 10.2", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

ourarch = get_kb_item("Host/cpu");
if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);

flag = 0;

if ( rpm_check(release:"SUSE10.1", reference:"gpg-1.4.2-23.16") ) flag++;
if ( rpm_check(release:"SUSE10.2", reference:"gpg-1.4.5-24.4") ) flag++;

if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "gpg");
}