ID OPENVAS:136141256231063130 Type openvas Reporter Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com Modified 2018-04-06T00:00:00
Description
The remote host is missing an update to am-utils
announced via advisory FEDORA-2008-10755.
# OpenVAS Vulnerability Test
# $Id: fcore_2008_10755.nasl 9350 2018-04-06 07:03:33Z cfischer $
# Description: Auto-generated from advisory FEDORA-2008-10755 (am-utils)
#
# Authors:
# Thomas Reinke <reinke@securityspace.com>
#
# Copyright:
# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com
# Text descriptions are largely excerpted from the referenced
# advisory, and are Copyright (c) the respective author(s)
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2,
# or at your option, GNU General Public License version 3,
# as published by the Free Software Foundation
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
#
include("revisions-lib.inc");
tag_insight = "ChangeLog:
* Tue Dec 2 2008 Karel Zak 5:6.1.5-8.1
- fix #450754 - Amd does not work with 2.6.25 (thanks to Philippe Troin)
- fix #435420 - CVE-2008-1078 am-utils: insecure usage of temporary files
- fix autotools stuff";
tag_solution = "Apply the appropriate updates.
This update can be installed with the yum update program. Use
su -c 'yum update am-utils' at the command line.
For more information, refer to Managing Software with yum,
available at http://docs.fedoraproject.org/yum/.
https://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2008-10755";
tag_summary = "The remote host is missing an update to am-utils
announced via advisory FEDORA-2008-10755.";
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.63130");
script_version("$Revision: 9350 $");
script_tag(name:"last_modification", value:"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $");
script_tag(name:"creation_date", value:"2009-01-07 23:16:01 +0100 (Wed, 07 Jan 2009)");
script_cve_id("CVE-2008-1078");
script_tag(name:"cvss_base", value:"7.2");
script_tag(name:"cvss_base_vector", value:"AV:L/AC:L/Au:N/C:C/I:C/A:C");
script_name("Fedora Core 9 FEDORA-2008-10755 (am-utils)");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com");
script_family("Fedora Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/fedora", "ssh/login/rpms");
script_tag(name : "insight" , value : tag_insight);
script_tag(name : "solution" , value : tag_solution);
script_tag(name : "summary" , value : tag_summary);
script_tag(name:"qod_type", value:"package");
script_tag(name:"solution_type", value:"VendorFix");
script_xref(name : "URL" , value : "https://bugzilla.redhat.com/show_bug.cgi?id=435420");
exit(0);
}
#
# The script code starts here
#
include("pkg-lib-rpm.inc");
res = "";
report = "";
if ((res = isrpmvuln(pkg:"am-utils", rpm:"am-utils~6.1.5~8.1.fc9", rls:"FC9")) != NULL) {
report += res;
}
if ((res = isrpmvuln(pkg:"am-utils-debuginfo", rpm:"am-utils-debuginfo~6.1.5~8.1.fc9", rls:"FC9")) != NULL) {
report += res;
}
if (report != "") {
security_message(data:report);
} else if (__pkg_match) {
exit(99); # Not vulnerable.
}
{"pluginID": "136141256231063130", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: fcore_2008_10755.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory FEDORA-2008-10755 (am-utils)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"ChangeLog:\n\n* Tue Dec 2 2008 Karel Zak 5:6.1.5-8.1\n- fix #450754 - Amd does not work with 2.6.25 (thanks to Philippe Troin)\n- fix #435420 - CVE-2008-1078 am-utils: insecure usage of temporary files\n- fix autotools stuff\";\ntag_solution = \"Apply the appropriate updates.\n\nThis update can be installed with the yum update program. Use \nsu -c 'yum update am-utils' at the command line.\nFor more information, refer to Managing Software with yum,\navailable at http://docs.fedoraproject.org/yum/.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2008-10755\";\ntag_summary = \"The remote host is missing an update to am-utils\nannounced via advisory FEDORA-2008-10755.\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.63130\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-01-07 23:16:01 +0100 (Wed, 07 Jan 2009)\");\n script_cve_id(\"CVE-2008-1078\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Fedora Core 9 FEDORA-2008-10755 (am-utils)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=435420\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"am-utils\", rpm:\"am-utils~6.1.5~8.1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"am-utils-debuginfo\", rpm:\"am-utils-debuginfo~6.1.5~8.1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "history": [], "description": "The remote host is missing an update to am-utils\nannounced via advisory FEDORA-2008-10755.", "reporter": "Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231063130", "type": "openvas", "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cvelist", "hash": "99178f17f1fb83e8e802dea28cc862e7"}, {"key": "cvss", "hash": "cfd16da9581e0c21db590e40dfd9e493"}, {"key": "description", "hash": "b0cf3b2c0e71a2b81ddb27ad11446032"}, {"key": "href", "hash": "56e417247b53daab8152b5acccdae045"}, {"key": "modified", "hash": "4fb7fd6149697e74d091717ea3f1ca84"}, {"key": "naslFamily", "hash": "be931514784f88df80712740ad2723e7"}, {"key": "pluginID", "hash": "9c5a75b7e98d39323720aad919e159d6"}, {"key": "published", "hash": "277e99683f1a757acb4eb2ef921a032a"}, {"key": "references", "hash": "a039e885eeafe6eb43c0c5a2f927623e"}, {"key": "reporter", "hash": "b778055b37159119ce97e96620d4ff56"}, {"key": "sourceData", "hash": "0703427fe77781bec4a5edae55b2b51c"}, {"key": "title", "hash": "d965998834cd1a0943cae45ca22262cf"}, {"key": "type", "hash": "47c1f692ea47a21f716dad07043ade01"}], "viewCount": 1, "references": ["https://bugzilla.redhat.com/show_bug.cgi?id=435420"], "lastseen": "2018-04-06T11:40:45", "published": "2009-01-07T00:00:00", "naslFamily": "Fedora Local Security Checks", "objectVersion": "1.3", "cvelist": ["CVE-2008-1078"], "id": "OPENVAS:136141256231063130", "hash": "4cca133c2233feaf1c2bd301fe8918a21bc990d2535729bcf28ff5e40a77552e", "modified": "2018-04-06T00:00:00", "title": "Fedora Core 9 FEDORA-2008-10755 (am-utils)", "edition": 1, "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "bulletinFamily": "scanner", "enchantments": {"score": {"vector": "NONE", "value": 5.0}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2008-1078"]}, {"type": "nessus", "idList": ["GENTOO_GLSA-200804-09.NASL", "FEDORA_2008-10755.NASL"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:8892", "SECURITYVULNS:DOC:19622"]}, {"type": "openvas", "idList": ["OPENVAS:60809", "OPENVAS:63130"]}, {"type": "gentoo", "idList": ["GLSA-200804-09"]}], "modified": "2018-04-06T11:40:45"}, "vulnersScore": 5.0}}
{"cve": [{"lastseen": "2018-10-12T11:33:45", "bulletinFamily": "NVD", "description": "expn in the am-utils and net-fs packages for Gentoo, rPath Linux, and other distributions, allows local users to overwrite arbitrary files via a symlink attack on the expn[PID] temporary file. NOTE: this is the same issue as CVE-2003-0308.1.", "modified": "2018-10-11T16:29:22", "published": "2008-02-28T21:44:00", "id": "CVE-2008-1078", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-1078", "title": "CVE-2008-1078", "type": "cve", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2019-01-16T20:08:15", "bulletinFamily": "scanner", "description": "The remote host is affected by the vulnerability described in GLSA-200804-09\n(am-utils: Insecure temporary file creation)\n\n Tavis Ormandy discovered that, when creating temporary files, the\n 'expn' utility does not check whether the file already exists.\nImpact :\n\n A local attacker could exploit the vulnerability via a symlink attack\n to overwrite arbitrary files.\nWorkaround :\n\n There is no known workaround at this time.", "modified": "2018-08-10T00:00:00", "published": "2008-04-17T00:00:00", "id": "GENTOO_GLSA-200804-09.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=31956", "title": "GLSA-200804-09 : am-utils: Insecure temporary file creation", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200804-09.\n#\n# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(31956);\n script_version(\"1.14\");\n script_cvs_date(\"Date: 2018/08/10 18:07:07\");\n\n script_cve_id(\"CVE-2008-1078\");\n script_xref(name:\"GLSA\", value:\"200804-09\");\n\n script_name(english:\"GLSA-200804-09 : am-utils: Insecure temporary file creation\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200804-09\n(am-utils: Insecure temporary file creation)\n\n Tavis Ormandy discovered that, when creating temporary files, the\n 'expn' utility does not check whether the file already exists.\n \nImpact :\n\n A local attacker could exploit the vulnerability via a symlink attack\n to overwrite arbitrary files.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200804-09\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All am-utils users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-fs/am-utils-6.1.5'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(59);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:am-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/04/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/04/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"net-fs/am-utils\", unaffected:make_list(\"ge 6.1.5\"), vulnerable:make_list(\"lt 6.1.5\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"am-utils\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-01-16T20:08:51", "bulletinFamily": "scanner", "description": "- Tue Dec 2 2008 Karel Zak <kzak at redhat.com>\n 5:6.1.5-8.1\n\n - fix #450754 - Amd does not work with 2.6.25 (thanks to\n Philippe Troin)\n\n - fix #435420 - CVE-2008-1078 am-utils: insecure usage\n of temporary files\n\n - fix autotools stuff\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2018-11-28T00:00:00", "published": "2009-01-16T00:00:00", "id": "FEDORA_2008-10755.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=35385", "title": "Fedora 9 : am-utils-6.1.5-8.1.fc9 (2008-10755)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2008-10755.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(35385);\n script_version (\"1.14\");\n script_cvs_date(\"Date: 2018/11/28 22:47:42\");\n\n script_cve_id(\"CVE-2008-1078\");\n script_bugtraq_id(28044);\n script_xref(name:\"FEDORA\", value:\"2008-10755\");\n\n script_name(english:\"Fedora 9 : am-utils-6.1.5-8.1.fc9 (2008-10755)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Tue Dec 2 2008 Karel Zak <kzak at redhat.com>\n 5:6.1.5-8.1\n\n - fix #450754 - Amd does not work with 2.6.25 (thanks to\n Philippe Troin)\n\n - fix #435420 - CVE-2008-1078 am-utils: insecure usage\n of temporary files\n\n - fix autotools stuff\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=435420\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2009-January/018714.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?42f647cc\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected am-utils package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:ND\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(59);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:am-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:9\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/12/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/01/16\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^9([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 9.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC9\", reference:\"am-utils-6.1.5-8.1.fc9\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"am-utils\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:29", "bulletinFamily": "software", "description": "expn utility unsafe temporary files creation.", "modified": "2008-04-14T00:00:00", "published": "2008-04-14T00:00:00", "id": "SECURITYVULNS:VULN:8892", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:8892", "title": "am-utils symbolic links security vulnerability", "type": "securityvulns", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:25", "bulletinFamily": "software", "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\r\nGentoo Linux Security Advisory GLSA 200804-09\r\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\r\n http://security.gentoo.org/\r\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\r\n\r\n Severity: Normal\r\n Title: am-utils: Insecure temporary file creation\r\n Date: April 10, 2008\r\n Bugs: #210158\r\n ID: 200804-09\r\n\r\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\r\n\r\nSynopsis\r\n========\r\n\r\nam-utils creates temporary files insecurely allowing local users to\r\noverwrite arbitrary files via a symlink attack.\r\n\r\nBackground\r\n==========\r\n\r\nam-utils is a collection of utilities for use with the Berkeley\r\nAutomounter.\r\n\r\nAffected packages\r\n=================\r\n\r\n -------------------------------------------------------------------\r\n Package / Vulnerable / Unaffected\r\n -------------------------------------------------------------------\r\n 1 net-fs/am-utils < 6.1.5 >= 6.1.5\r\n\r\nDescription\r\n===========\r\n\r\nTavis Ormandy discovered that, when creating temporary files, the\r\n'expn' utility does not check whether the file already exists.\r\n\r\nImpact\r\n======\r\n\r\nA local attacker could exploit the vulnerability via a symlink attack\r\nto overwrite arbitrary files.\r\n\r\nWorkaround\r\n==========\r\n\r\nThere is no known workaround at this time.\r\n\r\nResolution\r\n==========\r\n\r\nAll am-utils users should upgrade to the latest version:\r\n\r\n # emerge --sync\r\n # emerge --ask --oneshot --verbose ">=net-fs/am-utils-6.1.5"\r\n\r\nReferences\r\n==========\r\n\r\n [ 1 ] CVE-2008-1078\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1078\r\n\r\nAvailability\r\n============\r\n\r\nThis GLSA and any updates to it are available for viewing at\r\nthe Gentoo Security Website:\r\n\r\n http://security.gentoo.org/glsa/glsa-200804-09.xml\r\n\r\nConcerns?\r\n=========\r\n\r\nSecurity is a primary focus of Gentoo Linux and ensuring the\r\nconfidentiality and security of our users machines is of utmost\r\nimportance to us. Any security concerns should be addressed to\r\nsecurity@gentoo.org or alternatively, you may file a bug at\r\nhttp://bugs.gentoo.org.\r\n\r\nLicense\r\n=======\r\n\r\nCopyright 2008 Gentoo Foundation, Inc; referenced text\r\nbelongs to its owner(s).\r\n\r\nThe contents of this document are licensed under the\r\nCreative Commons - Attribution / Share Alike license.\r\n\r\nhttp://creativecommons.org/licenses/by-sa/2.5\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v2.0.7 (GNU/Linux)\r\nComment: Using GnuPG with Mozilla - http://enigmail.mozdev.org\r\n\r\niD8DBQFH/nY/uhJ+ozIKI5gRArfpAKCZ53ZEUZJA6a3qPX0Dlnn6SQyNKwCdHtj0\r\nf1YXGG/CnRhI5f5WtWEIjlo=\r\n=1SAy\r\n-----END PGP SIGNATURE-----", "modified": "2008-04-14T00:00:00", "published": "2008-04-14T00:00:00", "id": "SECURITYVULNS:DOC:19622", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:19622", "title": "[ GLSA 200804-09 ] am-utils: Insecure temporary file creation", "type": "securityvulns", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:50", "bulletinFamily": "unix", "description": "### Background\n\nam-utils is a collection of utilities for use with the Berkeley Automounter. \n\n### Description\n\nTavis Ormandy discovered that, when creating temporary files, the 'expn' utility does not check whether the file already exists. \n\n### Impact\n\nA local attacker could exploit the vulnerability via a symlink attack to overwrite arbitrary files. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll am-utils users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-fs/am-utils-6.1.5\"", "modified": "2008-04-10T00:00:00", "published": "2008-04-10T00:00:00", "id": "GLSA-200804-09", "href": "https://security.gentoo.org/glsa/200804-09", "type": "gentoo", "title": "am-utils: Insecure temporary file creation", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "openvas": [{"lastseen": "2017-07-24T12:49:51", "bulletinFamily": "scanner", "description": "The remote host is missing updates announced in\nadvisory GLSA 200804-09.", "modified": "2017-07-07T00:00:00", "published": "2008-09-24T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=60809", "id": "OPENVAS:60809", "title": "Gentoo Security Advisory GLSA 200804-09 (am-utils)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"am-utils creates temporary files insecurely allowing local users to\noverwrite arbitrary files via a symlink attack.\";\ntag_solution = \"All am-utils users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-fs/am-utils-6.1.5'\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20200804-09\nhttp://bugs.gentoo.org/show_bug.cgi?id=210158\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 200804-09.\";\n\n \n\nif(description)\n{\n script_id(60809);\n script_version(\"$Revision: 6596 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:21:37 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-24 21:14:03 +0200 (Wed, 24 Sep 2008)\");\n script_cve_id(\"CVE-2008-1078\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Gentoo Security Advisory GLSA 200804-09 (am-utils)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"net-fs/am-utils\", unaffected: make_list(\"ge 6.1.5\"), vulnerable: make_list(\"lt 6.1.5\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:57:16", "bulletinFamily": "scanner", "description": "The remote host is missing an update to am-utils\nannounced via advisory FEDORA-2008-10755.", "modified": "2017-07-10T00:00:00", "published": "2009-01-07T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=63130", "id": "OPENVAS:63130", "title": "Fedora Core 9 FEDORA-2008-10755 (am-utils)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: fcore_2008_10755.nasl 6624 2017-07-10 06:11:55Z cfischer $\n# Description: Auto-generated from advisory FEDORA-2008-10755 (am-utils)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"ChangeLog:\n\n* Tue Dec 2 2008 Karel Zak 5:6.1.5-8.1\n- fix #450754 - Amd does not work with 2.6.25 (thanks to Philippe Troin)\n- fix #435420 - CVE-2008-1078 am-utils: insecure usage of temporary files\n- fix autotools stuff\";\ntag_solution = \"Apply the appropriate updates.\n\nThis update can be installed with the yum update program. Use \nsu -c 'yum update am-utils' at the command line.\nFor more information, refer to Managing Software with yum,\navailable at http://docs.fedoraproject.org/yum/.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2008-10755\";\ntag_summary = \"The remote host is missing an update to am-utils\nannounced via advisory FEDORA-2008-10755.\";\n\n\n\nif(description)\n{\n script_id(63130);\n script_version(\"$Revision: 6624 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:11:55 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-01-07 23:16:01 +0100 (Wed, 07 Jan 2009)\");\n script_cve_id(\"CVE-2008-1078\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Fedora Core 9 FEDORA-2008-10755 (am-utils)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=435420\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"am-utils\", rpm:\"am-utils~6.1.5~8.1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"am-utils-debuginfo\", rpm:\"am-utils-debuginfo~6.1.5~8.1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}