{"id": "OPENVAS:1361412562310704169", "type": "openvas", "bulletinFamily": "scanner", "title": "Debian Security Advisory DSA 4169-1 (pcs - security update)", "description": "C\u00e9dric Buissart from Red Hat discovered an information disclosure bug in pcs, a\npacemaker command line interface and GUI. The REST interface normally doesn", "published": "2018-04-11T00:00:00", "modified": "2019-07-04T00:00:00", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310704169", "reporter": "Copyright (c) 2018 Greenbone Networks GmbH http://greenbone.net", "references": ["https://www.debian.org/security/2018/dsa-4169.html", "https://security-tracker.debian.org/tracker/pcs"], "cvelist": ["CVE-2018-1086"], "lastseen": "2019-07-04T18:55:46", "viewCount": 22, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2018-1086"]}, {"type": "centos", "idList": ["CESA-2018:1927", "CESA-2018:1060"]}, {"type": "redhat", "idList": ["RHSA-2018:1927", "RHSA-2018:1060"]}, {"type": "debian", "idList": ["DEBIAN:DSA-4169-1:6B65E", "DEBIAN:DSA-4339-1:24369"]}, {"type": "nessus", "idList": ["FEDORA_2018-CE5D7106D8.NASL", "DEBIAN_DSA-4169.NASL", "FEDORA_2018-57BBE74C6C.NASL", "CENTOS_RHSA-2018-1060.NASL", "NEWSTART_CGSL_NS-SA-2019-0143_PCS.NASL", "FEDORA_2018-BBFB0F5BC9.NASL", "ORACLELINUX_ELSA-2018-1060.NASL", "CENTOS_RHSA-2018-1927.NASL", "REDHAT-RHSA-2018-1927.NASL", "SL_20180619_PCS_ON_SL6_X.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310874371", "OPENVAS:1361412562310874369", "OPENVAS:1361412562310882895"]}, {"type": "fedora", "idList": ["FEDORA:07BC1604A72B", "FEDORA:3B896601B8F0", "FEDORA:6A24460567EF"]}, {"type": "oraclelinux", "idList": ["ELSA-2018-1060"]}, {"type": "amazon", "idList": ["ALAS2-2018-1005"]}], "modified": "2019-07-04T18:55:46", "rev": 2}, "score": {"value": 4.9, "vector": "NONE", "modified": "2019-07-04T18:55:46", "rev": 2}, "vulnersScore": 4.9}, "pluginID": "1361412562310704169", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Auto-generated from advisory DSA 4169-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2018 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License as published by\n# the Free Software Foundation; either version 2 of the License, or\n# (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.704169\");\n script_version(\"2019-07-04T09:25:28+0000\");\n script_cve_id(\"CVE-2018-1086\");\n script_name(\"Debian Security Advisory DSA 4169-1 (pcs - security update)\");\n script_tag(name:\"last_modification\", value:\"2019-07-04 09:25:28 +0000 (Thu, 04 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-04-11 00:00:00 +0200 (Wed, 11 Apr 2018)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://www.debian.org/security/2018/dsa-4169.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2018 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB9\");\n script_tag(name:\"affected\", value:\"pcs on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the stable distribution (stretch), this problem has been fixed in\nversion 0.9.155+dfsg-2+deb9u1.\n\nWe recommend that you upgrade your pcs packages.\");\n\n script_xref(name:\"URL\", value:\"https://security-tracker.debian.org/tracker/pcs\");\n script_tag(name:\"summary\", value:\"C\u00e9dric Buissart from Red Hat discovered an information disclosure bug in pcs, a\npacemaker command line interface and GUI. The REST interface normally doesn't\nallow passing --debug parameter to prevent information leak, but the check\nwasn't sufficient.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"pcs\", ver:\"0.9.155+dfsg-2+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "naslFamily": "Debian Local Security Checks"}

{"cve": [{"lastseen": "2021-02-02T06:52:24", "description": "pcs before versions 0.9.164 and 0.10 is vulnerable to a debug parameter removal bypass. REST interface of the pcsd service did not properly remove the pcs debug argument from the /run_pcs query, possibly disclosing sensitive information. A remote attacker with a valid token could use this flaw to elevate their privilege.", "edition": 5, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2018-04-12T16:29:00", "title": "CVE-2018-1086", "type": "cve", "cwe": ["CWE-200"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-1086"], "modified": "2019-10-09T23:38:00", "cpe": ["cpe:/a:clusterlabs:pacemaker_command_line_interface:0.9.164", "cpe:/o:redhat:enterprise_linux_server_eus:7.5", "cpe:/a:clusterlabs:pacemaker_command_line_interface:0.10", "cpe:/o:redhat:enterprise_linux_server_eus:7.6", "cpe:/o:debian:debian_linux:9.0"], "id": "CVE-2018-1086", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-1086", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:clusterlabs:pacemaker_command_line_interface:0.10:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe:2.3:a:clusterlabs:pacemaker_command_line_interface:0.9.164:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*"]}], "redhat": [{"lastseen": "2019-08-13T18:45:59", "bulletinFamily": "unix", "cvelist": ["CVE-2018-1086"], "description": "The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities.\n\nSecurity Fix(es):\n\n* pcs: Debug parameter removal bypass, allowing information disclosure (CVE-2018-1086)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.\n\nThis issue was discovered by Cedric Buissart (Red Hat).\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 6.10 Release Notes and Red Hat Enterprise Linux 6.10 Technical Notes linked from the References section.", "modified": "2018-06-19T07:58:12", "published": "2018-06-19T06:12:38", "id": "RHSA-2018:1927", "href": "https://access.redhat.com/errata/RHSA-2018:1927", "type": "redhat", "title": "(RHSA-2018:1927) Moderate: pcs security update", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-08-13T18:45:35", "bulletinFamily": "unix", "cvelist": ["CVE-2018-1000119", "CVE-2018-1079", "CVE-2018-1086"], "description": "The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities.\n\nSecurity Fix(es):\n\n* pcs: Privilege escalation via authorized user malicious REST call (CVE-2018-1079)\n\n* pcs: Debug parameter removal bypass, allowing information disclosure (CVE-2018-1086)\n\n* rack-protection: Timing attack in authenticity_token.rb (CVE-2018-1000119)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.\n\nThe CVE-2018-1079 issue was discovered by Ondrej Mular (Red Hat) and the CVE-2018-1086 issue was discovered by Cedric Buissart (Red Hat).", "modified": "2018-04-10T12:17:03", "published": "2018-04-10T12:05:05", "id": "RHSA-2018:1060", "href": "https://access.redhat.com/errata/RHSA-2018:1060", "type": "redhat", "title": "(RHSA-2018:1060) Important: pcs security update", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "centos": [{"lastseen": "2019-12-20T18:26:33", "bulletinFamily": "unix", "cvelist": ["CVE-2018-1086"], "description": "**CentOS Errata and Security Advisory** CESA-2018:1927\n\n\nThe pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities.\n\nSecurity Fix(es):\n\n* pcs: Debug parameter removal bypass, allowing information disclosure (CVE-2018-1086)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.\n\nThis issue was discovered by Cedric Buissart (Red Hat).\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 6.10 Release Notes and Red Hat Enterprise Linux 6.10 Technical Notes linked from the References section.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-cr-announce/2018-June/005287.html\n\n**Affected packages:**\npcs\n\n**Upstream details at:**\n", "edition": 3, "modified": "2018-06-21T11:55:57", "published": "2018-06-21T11:55:57", "id": "CESA-2018:1927", "href": "http://lists.centos.org/pipermail/centos-cr-announce/2018-June/005287.html", "title": "pcs security update", "type": "centos", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-12-08T03:37:17", "bulletinFamily": "unix", "cvelist": ["CVE-2018-1079", "CVE-2018-1086", "CVE-2018-1000119"], "description": "**CentOS Errata and Security Advisory** CESA-2018:1060\n\n\nThe pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities.\n\nSecurity Fix(es):\n\n* pcs: Privilege escalation via authorized user malicious REST call (CVE-2018-1079)\n\n* pcs: Debug parameter removal bypass, allowing information disclosure (CVE-2018-1086)\n\n* rack-protection: Timing attack in authenticity_token.rb (CVE-2018-1000119)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.\n\nThe CVE-2018-1079 issue was discovered by Ondrej Mular (Red Hat) and the CVE-2018-1086 issue was discovered by Cedric Buissart (Red Hat).\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2018-May/034931.html\n\n**Affected packages:**\npcs\npcs-snmp\n\n**Upstream details at:**\n", "edition": 4, "modified": "2018-05-30T18:24:25", "published": "2018-05-30T18:24:25", "id": "CESA-2018:1060", "href": "http://lists.centos.org/pipermail/centos-announce/2018-May/034931.html", "title": "pcs security update", "type": "centos", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "debian": [{"lastseen": "2019-05-30T02:21:36", "bulletinFamily": "unix", "cvelist": ["CVE-2018-1086"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4169-1 security@debian.org\nhttps://www.debian.org/security/ Yves-Alexis Perez\nApril 11, 2018 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : pcs\nCVE ID : CVE-2018-1086\nDebian Bug : 895313\n\nC\u00c3\u00a9dric Buissart from Red Hat discovered an information disclosure bug in pcs, a\npacemaker command line interface and GUI. The REST interface normally doesn&#x27;t\nallow passing --debug parameter to prevent information leak, but the check\nwasn&#x27;t sufficient.\n\nFor the stable distribution (stretch), this problem has been fixed in\nversion 0.9.155+dfsg-2+deb9u1.\n\nWe recommend that you upgrade your pcs packages.\n\nFor the detailed security status of pcs please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/pcs\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 2, "modified": "2018-04-11T08:36:37", "published": "2018-04-11T08:36:37", "id": "DEBIAN:DSA-4169-1:6B65E", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2018/msg00096.html", "title": "[SECURITY] [DSA 4169-1] pcs security update", "type": "debian", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-08-12T01:10:34", "bulletinFamily": "unix", "cvelist": ["CVE-2017-7519", "CVE-2018-1086", "CVE-2018-1129", "CVE-2018-1128"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4339-1 security@debian.org\nhttps://www.debian.org/security/ Moritz Muehlenhoff\nNovember 13, 2018 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : ceph\nCVE ID : CVE-2017-7519 CVE-2018-1086 CVE-2018-1128 CVE-2018-1129\n\nMultiple vulnerabilities were discovered in Ceph, a distributed storage\nand file system: The cephx authentication protocol was suspectible to\nreplay attacks and calculated signatures incorrectly, &quot;ceph mon&quot; did not\nvalidate capabilities for pool operations (resulting in potential\ncorruption or deletion of snapshot images) and a format string\nvulnerability in libradosstriper could result in denial of service.\n\nFor the stable distribution (stretch), these problems have been fixed in\nversion 10.2.11-1.\n\nWe recommend that you upgrade your ceph packages.\n\nFor the detailed security status of ceph please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/ceph\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 8, "modified": "2018-11-13T21:49:08", "published": "2018-11-13T21:49:08", "id": "DEBIAN:DSA-4339-1:24369", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2018/msg00271.html", "title": "[SECURITY] [DSA 4339-1] ceph security update", "type": "debian", "cvss": {"score": 5.4, "vector": "AV:A/AC:M/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2021-03-01T01:35:58", "description": "An update for pcs is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe pcs packages provide a command-line configuration system for the\nPacemaker and Corosync utilities.\n\nSecurity Fix(es) :\n\n* pcs: Debug parameter removal bypass, allowing information disclosure\n(CVE-2018-1086)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, and other related information, refer to the CVE page(s)\nlisted in the References section.\n\nThis issue was discovered by Cedric Buissart (Red Hat).\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 6.10 Release Notes and Red Hat Enterprise Linux 6.10\nTechnical Notes linked from the References section.", "edition": 25, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}, "published": "2018-06-22T00:00:00", "title": "CentOS 6 : pcs (CESA-2018:1927)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-1086"], "modified": "2021-03-02T00:00:00", "cpe": ["p-cpe:/a:centos:centos:pcs", "cpe:/o:centos:centos:6"], "id": "CENTOS_RHSA-2018-1927.NASL", "href": "https://www.tenable.com/plugins/nessus/110650", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2018:1927 and \n# CentOS Errata and Security Advisory 2018:1927 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(110650);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2019/12/31\");\n\n script_cve_id(\"CVE-2018-1086\");\n script_xref(name:\"RHSA\", value:\"2018:1927\");\n\n script_name(english:\"CentOS 6 : pcs (CESA-2018:1927)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for pcs is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe pcs packages provide a command-line configuration system for the\nPacemaker and Corosync utilities.\n\nSecurity Fix(es) :\n\n* pcs: Debug parameter removal bypass, allowing information disclosure\n(CVE-2018-1086)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, and other related information, refer to the CVE page(s)\nlisted in the References section.\n\nThis issue was discovered by Cedric Buissart (Red Hat).\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 6.10 Release Notes and Red Hat Enterprise Linux 6.10\nTechnical Notes linked from the References section.\"\n );\n # https://lists.centos.org/pipermail/centos-cr-announce/2018-June/005287.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4d9f14db\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected pcs package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-1086\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:pcs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/04/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/06/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/06/22\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 6.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-6\", reference:\"pcs-0.9.155-3.el6.centos\")) flag++;\n\n\nif (flag)\n{\n cr_plugin_caveat = '\\n' +\n 'NOTE: The security advisory associated with this vulnerability has a\\n' +\n 'fixed package version that may only be available in the continuous\\n' +\n 'release (CR) repository for CentOS, until it is present in the next\\n' +\n 'point release of CentOS.\\n\\n' +\n\n 'If an equal or higher package level does not exist in the baseline\\n' +\n 'repository for your major version of CentOS, then updates from the CR\\n' +\n 'repository will need to be applied in order to address the\\n' +\n 'vulnerability.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + cr_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"pcs\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-03-01T05:44:37", "description": "An update for pcs is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe pcs packages provide a command-line configuration system for the\nPacemaker and Corosync utilities.\n\nSecurity Fix(es) :\n\n* pcs: Debug parameter removal bypass, allowing information disclosure\n(CVE-2018-1086)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, and other related information, refer to the CVE page(s)\nlisted in the References section.\n\nThis issue was discovered by Cedric Buissart (Red Hat).\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 6.10 Release Notes and Red Hat Enterprise Linux 6.10\nTechnical Notes linked from the References section.", "edition": 25, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}, "published": "2018-06-19T00:00:00", "title": "RHEL 6 : pcs (RHSA-2018:1927)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-1086"], "modified": "2021-03-02T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:pcs-debuginfo", "p-cpe:/a:redhat:enterprise_linux:pcs", "cpe:/o:redhat:enterprise_linux:6"], "id": "REDHAT-RHSA-2018-1927.NASL", "href": "https://www.tenable.com/plugins/nessus/110605", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2018:1927. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(110605);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2019/10/24 15:35:45\");\n\n script_cve_id(\"CVE-2018-1086\");\n script_xref(name:\"RHSA\", value:\"2018:1927\");\n\n script_name(english:\"RHEL 6 : pcs (RHSA-2018:1927)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for pcs is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe pcs packages provide a command-line configuration system for the\nPacemaker and Corosync utilities.\n\nSecurity Fix(es) :\n\n* pcs: Debug parameter removal bypass, allowing information disclosure\n(CVE-2018-1086)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, and other related information, refer to the CVE page(s)\nlisted in the References section.\n\nThis issue was discovered by Cedric Buissart (Red Hat).\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 6.10 Release Notes and Red Hat Enterprise Linux 6.10\nTechnical Notes linked from the References section.\"\n );\n # https://access.redhat.com/documentation/en-US/red_hat_enterprise_linux/6/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?3d2572ef\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2018:1927\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-1086\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected pcs and / or pcs-debuginfo packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:pcs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:pcs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/04/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/06/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/06/19\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2018:1927\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"pcs-0.9.155-3.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"pcs-0.9.155-3.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"pcs-debuginfo-0.9.155-3.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"pcs-debuginfo-0.9.155-3.el6\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"pcs / pcs-debuginfo\");\n }\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-03-18T02:48:38", "description": "Security Fix(es) :\n\n - pcs: Debug parameter removal bypass, allowing\n information disclosure (CVE-2018-1086)", "edition": 13, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}, "published": "2018-07-03T00:00:00", "title": "Scientific Linux Security Update : pcs on SL6.x i386/x86_64 (20180619)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-1086"], "modified": "2018-07-03T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:pcs", "x-cpe:/o:fermilab:scientific_linux", "p-cpe:/a:fermilab:scientific_linux:pcs-debuginfo"], "id": "SL_20180619_PCS_ON_SL6_X.NASL", "href": "https://www.tenable.com/plugins/nessus/110889", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(110889);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/02/24\");\n\n script_cve_id(\"CVE-2018-1086\");\n\n script_name(english:\"Scientific Linux Security Update : pcs on SL6.x i386/x86_64 (20180619)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security Fix(es) :\n\n - pcs: Debug parameter removal bypass, allowing\n information disclosure (CVE-2018-1086)\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1807&L=scientific-linux-errata&F=&S=&P=75\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1c61984c\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected pcs and / or pcs-debuginfo packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:pcs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:pcs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/04/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/06/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/07/03\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 6.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL6\", reference:\"pcs-0.9.155-3.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"pcs-debuginfo-0.9.155-3.el6\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"pcs / pcs-debuginfo\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-01-17T12:03:54", "description": "The remote NewStart CGSL host, running version MAIN 4.05, has pcs packages installed that are affected by a\nvulnerability:\n\n - It was found that the REST interface of the pcsd service\n did not properly remove the pcs debug argument from the\n /run_pcs query, possibly disclosing sensitive\n information. A remote attacker with a valid token could\n use this flaw to elevate their privilege.\n (CVE-2018-1086)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.", "edition": 17, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}, "published": "2019-08-12T00:00:00", "title": "NewStart CGSL MAIN 4.05 : pcs Vulnerability (NS-SA-2019-0143)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-1086"], "modified": "2019-08-12T00:00:00", "cpe": [], "id": "NEWSTART_CGSL_NS-SA-2019-0143_PCS.NASL", "href": "https://www.tenable.com/plugins/nessus/127409", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from ZTE advisory NS-SA-2019-0143. The text\n# itself is copyright (C) ZTE, Inc.\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(127409);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2018-1086\");\n\n script_name(english:\"NewStart CGSL MAIN 4.05 : pcs Vulnerability (NS-SA-2019-0143)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote machine is affected by a vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote NewStart CGSL host, running version MAIN 4.05, has pcs packages installed that are affected by a\nvulnerability:\n\n - It was found that the REST interface of the pcsd service\n did not properly remove the pcs debug argument from the\n /run_pcs query, possibly disclosing sensitive\n information. A remote attacker with a valid token could\n use this flaw to elevate their privilege.\n (CVE-2018-1086)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/notice/NS-SA-2019-0143\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the vulnerable CGSL pcs packages. Note that updated packages may not be available yet. Please contact ZTE for\nmore information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-1086\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/04/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/07/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"NewStart CGSL Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/ZTE-CGSL/release\", \"Host/ZTE-CGSL/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/ZTE-CGSL/release\");\nif (isnull(release) || release !~ \"^CGSL (MAIN|CORE)\") audit(AUDIT_OS_NOT, \"NewStart Carrier Grade Server Linux\");\n\nif (release !~ \"CGSL MAIN 4.05\")\n audit(AUDIT_OS_NOT, 'NewStart CGSL MAIN 4.05');\n\nif (!get_kb_item(\"Host/ZTE-CGSL/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"NewStart Carrier Grade Server Linux\", cpu);\n\nflag = 0;\n\npkgs = {\n \"CGSL MAIN 4.05\": [\n \"pcs-0.9.155-3.el6.centos\",\n \"pcs-debuginfo-0.9.155-3.el6.centos\"\n ]\n};\npkg_list = pkgs[release];\n\nforeach (pkg in pkg_list)\n if (rpm_check(release:\"ZTE \" + release, reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"pcs\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-03-01T01:56:24", "description": "Cedric Buissart from Red Hat discovered an information disclosure bug\nin pcs, a pacemaker command line interface and GUI. The REST interface\nnormally doesn't allow passing --debug parameter to prevent\ninformation leak, but the check wasn't sufficient.", "edition": 28, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}, "published": "2018-04-12T00:00:00", "title": "Debian DSA-4169-1 : pcs - security update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-1086"], "modified": "2021-03-02T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:pcs", "cpe:/o:debian:debian_linux:9.0"], "id": "DEBIAN_DSA-4169.NASL", "href": "https://www.tenable.com/plugins/nessus/109003", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-4169. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(109003);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2019/03/21 10:55:56\");\n\n script_cve_id(\"CVE-2018-1086\");\n script_xref(name:\"DSA\", value:\"4169\");\n\n script_name(english:\"Debian DSA-4169-1 : pcs - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Cedric Buissart from Red Hat discovered an information disclosure bug\nin pcs, a pacemaker command line interface and GUI. The REST interface\nnormally doesn't allow passing --debug parameter to prevent\ninformation leak, but the check wasn't sufficient.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=895313\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/source-package/pcs\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/stretch/pcs\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2018/dsa-4169\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the pcs packages.\n\nFor the stable distribution (stretch), this problem has been fixed in\nversion 0.9.155+dfsg-2+deb9u1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:pcs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/04/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/04/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/04/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"9.0\", prefix:\"pcs\", reference:\"0.9.155+dfsg-2+deb9u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-01-07T10:21:03", "description": "Security fix for CVE-2018-1086 and CVE-2018-1079\n\nRebased to latest upstream sources\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 11, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}, "published": "2019-01-03T00:00:00", "title": "Fedora 28 : pcs (2018-bbfb0f5bc9)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-1079", "CVE-2018-1086"], "modified": "2019-01-03T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:pcs", "cpe:/o:fedoraproject:fedora:28"], "id": "FEDORA_2018-BBFB0F5BC9.NASL", "href": "https://www.tenable.com/plugins/nessus/120745", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2018-bbfb0f5bc9.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(120745);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2018-1079\", \"CVE-2018-1086\");\n script_xref(name:\"FEDORA\", value:\"2018-bbfb0f5bc9\");\n\n script_name(english:\"Fedora 28 : pcs (2018-bbfb0f5bc9)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security fix for CVE-2018-1086 and CVE-2018-1079\n\nRebased to latest upstream sources\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2018-bbfb0f5bc9\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected pcs package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:pcs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:28\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/04/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/04/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/01/03\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^28([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 28\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC28\", reference:\"pcs-0.9.164-1.fc28\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"pcs\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-01-07T10:18:23", "description": "Security fix for CVE-2018-1086 and CVE-2018-1079\n\nRebased to latest upstream sources\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 19, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}, "published": "2018-04-19T00:00:00", "title": "Fedora 27 : pcs (2018-57bbe74c6c)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-1079", "CVE-2018-1086"], "modified": "2018-04-19T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:27", "p-cpe:/a:fedoraproject:fedora:pcs"], "id": "FEDORA_2018-57BBE74C6C.NASL", "href": "https://www.tenable.com/plugins/nessus/109150", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2018-57bbe74c6c.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(109150);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2018-1079\", \"CVE-2018-1086\");\n script_xref(name:\"FEDORA\", value:\"2018-57bbe74c6c\");\n\n script_name(english:\"Fedora 27 : pcs (2018-57bbe74c6c)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security fix for CVE-2018-1086 and CVE-2018-1079\n\nRebased to latest upstream sources\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2018-57bbe74c6c\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected pcs package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:pcs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:27\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/04/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/04/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/04/19\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^27([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 27\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC27\", reference:\"pcs-0.9.164-1.fc27\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"pcs\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-01-07T10:21:41", "description": "Security fix for CVE-2018-1086 and CVE-2018-1079\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 19, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}, "published": "2018-04-19T00:00:00", "title": "Fedora 26 : pcs (2018-ce5d7106d8)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-1079", "CVE-2018-1086"], "modified": "2018-04-19T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:pcs", "cpe:/o:fedoraproject:fedora:26"], "id": "FEDORA_2018-CE5D7106D8.NASL", "href": "https://www.tenable.com/plugins/nessus/109152", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2018-ce5d7106d8.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(109152);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2018-1079\", \"CVE-2018-1086\");\n script_xref(name:\"FEDORA\", value:\"2018-ce5d7106d8\");\n\n script_name(english:\"Fedora 26 : pcs (2018-ce5d7106d8)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security fix for CVE-2018-1086 and CVE-2018-1079\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2018-ce5d7106d8\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected pcs package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:pcs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:26\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/04/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/04/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/04/19\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^26([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 26\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC26\", reference:\"pcs-0.9.160-2.fc26\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"pcs\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-03-18T02:48:28", "description": "Security Fix(es) :\n\n - pcs: Privilege escalation via authorized user malicious\n REST call (CVE-2018-1079)\n\n - pcs: Debug parameter removal bypass, allowing\n information disclosure (CVE-2018-1086)\n\n - rack-protection: Timing attack in authenticity_token.rb\n (CVE-2018-1000119)", "edition": 15, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}, "published": "2018-05-01T00:00:00", "title": "Scientific Linux Security Update : pcs on SL7.x x86_64 (20180410)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-1079", "CVE-2018-1086", "CVE-2018-1000119"], "modified": "2018-05-01T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:pcs-snmp", "p-cpe:/a:fermilab:scientific_linux:pcs", "x-cpe:/o:fermilab:scientific_linux", "p-cpe:/a:fermilab:scientific_linux:pcs-debuginfo"], "id": "SL_20180410_PCS_ON_SL7_X.NASL", "href": "https://www.tenable.com/plugins/nessus/109456", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(109456);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/02/24\");\n\n script_cve_id(\"CVE-2018-1000119\", \"CVE-2018-1079\", \"CVE-2018-1086\");\n\n script_name(english:\"Scientific Linux Security Update : pcs on SL7.x x86_64 (20180410)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security Fix(es) :\n\n - pcs: Privilege escalation via authorized user malicious\n REST call (CVE-2018-1079)\n\n - pcs: Debug parameter removal bypass, allowing\n information disclosure (CVE-2018-1086)\n\n - rack-protection: Timing attack in authenticity_token.rb\n (CVE-2018-1000119)\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1804&L=scientific-linux-errata&F=&S=&P=4049\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?78b26423\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected pcs, pcs-debuginfo and / or pcs-snmp packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:pcs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:pcs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:pcs-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/03/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/04/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/05/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 7.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"pcs-0.9.162-5.sl7_5.1\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"pcs-debuginfo-0.9.162-5.sl7_5.1\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"pcs-snmp-0.9.162-5.sl7_5.1\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"pcs / pcs-debuginfo / pcs-snmp\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-03-01T05:42:59", "description": "An update for pcs is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe pcs packages provide a command-line configuration system for the\nPacemaker and Corosync utilities.\n\nSecurity Fix(es) :\n\n* pcs: Privilege escalation via authorized user malicious REST call\n(CVE-2018-1079)\n\n* pcs: Debug parameter removal bypass, allowing information disclosure\n(CVE-2018-1086)\n\n* rack-protection: Timing attack in authenticity_token.rb\n(CVE-2018-1000119)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, and other related information, refer to the CVE page(s)\nlisted in the References section.\n\nThe CVE-2018-1079 issue was discovered by Ondrej Mular (Red Hat) and\nthe CVE-2018-1086 issue was discovered by Cedric Buissart (Red Hat).", "edition": 27, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}, "published": "2018-04-11T00:00:00", "title": "RHEL 7 : pcs (RHSA-2018:1060)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-1079", "CVE-2018-1086", "CVE-2018-1000119"], "modified": "2021-03-02T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:7", "p-cpe:/a:redhat:enterprise_linux:pcs-debuginfo", "p-cpe:/a:redhat:enterprise_linux:pcs", "p-cpe:/a:redhat:enterprise_linux:pcs-snmp"], "id": "REDHAT-RHSA-2018-1060.NASL", "href": "https://www.tenable.com/plugins/nessus/108996", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2018:1060. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(108996);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2019/10/24 15:35:44\");\n\n script_cve_id(\"CVE-2018-1000119\", \"CVE-2018-1079\", \"CVE-2018-1086\");\n script_xref(name:\"RHSA\", value:\"2018:1060\");\n\n script_name(english:\"RHEL 7 : pcs (RHSA-2018:1060)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for pcs is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe pcs packages provide a command-line configuration system for the\nPacemaker and Corosync utilities.\n\nSecurity Fix(es) :\n\n* pcs: Privilege escalation via authorized user malicious REST call\n(CVE-2018-1079)\n\n* pcs: Debug parameter removal bypass, allowing information disclosure\n(CVE-2018-1086)\n\n* rack-protection: Timing attack in authenticity_token.rb\n(CVE-2018-1000119)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, and other related information, refer to the CVE page(s)\nlisted in the References section.\n\nThe CVE-2018-1079 issue was discovered by Ondrej Mular (Red Hat) and\nthe CVE-2018-1086 issue was discovered by Cedric Buissart (Red Hat).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2018:1060\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-1079\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-1086\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-1000119\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected pcs, pcs-debuginfo and / or pcs-snmp packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:pcs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:pcs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:pcs-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/03/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/04/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/04/11\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2018:1060\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"pcs-0.9.162-5.el7_5.1\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"pcs-0.9.162-5.el7_5.1\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"pcs-debuginfo-0.9.162-5.el7_5.1\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"pcs-debuginfo-0.9.162-5.el7_5.1\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"pcs-snmp-0.9.162-5.el7_5.1\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"pcs-snmp-0.9.162-5.el7_5.1\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"pcs / pcs-debuginfo / pcs-snmp\");\n }\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "openvas": [{"lastseen": "2019-05-29T18:32:59", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-1079", "CVE-2018-1086"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2018-04-19T00:00:00", "id": "OPENVAS:1361412562310874371", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310874371", "type": "openvas", "title": "Fedora Update for pcs FEDORA-2018-ce5d7106d8", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_ce5d7106d8_pcs_fc26.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for pcs FEDORA-2018-ce5d7106d8\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.874371\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-04-19 08:55:19 +0200 (Thu, 19 Apr 2018)\");\n script_cve_id(\"CVE-2018-1086\", \"CVE-2018-1079\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for pcs FEDORA-2018-ce5d7106d8\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'pcs'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"pcs on Fedora 26\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"FEDORA\", value:\"2018-ce5d7106d8\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MFF6CJ3YITT3ADBIXXVVETFHH4IYTWF6\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC26\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC26\")\n{\n\n if ((res = isrpmvuln(pkg:\"pcs\", rpm:\"pcs~0.9.160~2.fc26\", rls:\"FC26\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-05-29T18:33:02", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-1079", "CVE-2018-1086"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2018-04-19T00:00:00", "id": "OPENVAS:1361412562310874369", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310874369", "type": "openvas", "title": "Fedora Update for pcs FEDORA-2018-57bbe74c6c", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_57bbe74c6c_pcs_fc27.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for pcs FEDORA-2018-57bbe74c6c\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.874369\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-04-19 08:55:01 +0200 (Thu, 19 Apr 2018)\");\n script_cve_id(\"CVE-2018-1086\", \"CVE-2018-1079\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for pcs FEDORA-2018-57bbe74c6c\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'pcs'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"pcs on Fedora 27\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"FEDORA\", value:\"2018-57bbe74c6c\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IFV7OMJDCU77BZ2X3C6SH3QVGAQLCM5R\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC27\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC27\")\n{\n\n if ((res = isrpmvuln(pkg:\"pcs\", rpm:\"pcs~0.9.164~1.fc27\", rls:\"FC27\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-05-29T18:33:26", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-1079", "CVE-2018-1086", "CVE-2018-1000119"], "description": "Check the version of pcs", "modified": "2019-03-08T00:00:00", "published": "2018-06-05T00:00:00", "id": "OPENVAS:1361412562310882895", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882895", "type": "openvas", "title": "CentOS Update for pcs CESA-2018:1060 centos7", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_CESA-2018_1060_pcs_centos7.nasl 14058 2019-03-08 13:25:52Z cfischer $\n#\n# CentOS Update for pcs CESA-2018:1060 centos7\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882895\");\n script_version(\"$Revision: 14058 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-08 14:25:52 +0100 (Fri, 08 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-06-05 14:03:24 +0530 (Tue, 05 Jun 2018)\");\n script_cve_id(\"CVE-2018-1079\", \"CVE-2018-1086\", \"CVE-2018-1000119\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for pcs CESA-2018:1060 centos7\");\n script_tag(name:\"summary\", value:\"Check the version of pcs\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"The pcs packages provide a command-line configuration system for the\nPacemaker and Corosync utilities.\n\nSecurity Fix(es):\n\n * pcs: Privilege escalation via authorized user malicious REST call\n(CVE-2018-1079)\n\n * pcs: Debug parameter removal bypass, allowing information disclosure\n(CVE-2018-1086)\n\n * rack-protection: Timing attack in authenticity_token.rb\n(CVE-2018-1000119)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, and other related information, refer to the CVE page(s) listed in\nthe References section.\n\nThe CVE-2018-1079 issue was discovered by Ondrej Mular (Red Hat) and the\nCVE-2018-1086 issue was discovered by Cedric Buissart (Red Hat).\");\n script_tag(name:\"affected\", value:\"pcs on CentOS 7\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"CESA\", value:\"2018:1060\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2018-May/022893.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS7\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS7\")\n{\n\n if ((res = isrpmvuln(pkg:\"pcs\", rpm:\"pcs~0.9.162~5.el7.centos.1\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pcs-snmp\", rpm:\"pcs-snmp~0.9.162~5.el7.centos.1\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "fedora": [{"lastseen": "2020-12-21T08:17:54", "bulletinFamily": "unix", "cvelist": ["CVE-2018-1079", "CVE-2018-1086"], "description": "pcs is a corosync and pacemaker configuration tool. It permits users to easily view, modify and create pacemaker based clusters. ", "modified": "2018-04-15T02:44:28", "published": "2018-04-15T02:44:28", "id": "FEDORA:07BC1604A72B", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 28 Update: pcs-0.9.164-1.fc28", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-12-21T08:17:54", "bulletinFamily": "unix", "cvelist": ["CVE-2018-1079", "CVE-2018-1086"], "description": "pcs is a corosync and pacemaker configuration tool. It permits users to easily view, modify and create pacemaker based clusters. ", "modified": "2018-04-19T00:07:28", "published": "2018-04-19T00:07:28", "id": "FEDORA:6A24460567EF", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 26 Update: pcs-0.9.160-2.fc26", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-12-21T08:17:54", "bulletinFamily": "unix", "cvelist": ["CVE-2018-1079", "CVE-2018-1086"], "description": "pcs is a corosync and pacemaker configuration tool. It permits users to easily view, modify and create pacemaker based clusters. ", "modified": "2018-04-19T00:32:14", "published": "2018-04-19T00:32:14", "id": "FEDORA:3B896601B8F0", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 27 Update: pcs-0.9.164-1.fc27", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "amazon": [{"lastseen": "2020-11-10T12:36:17", "bulletinFamily": "unix", "cvelist": ["CVE-2018-1079", "CVE-2018-1086", "CVE-2018-1000119"], "description": "**Issue Overview:**\n\nDebug parameter removal bypass, allowing information disclosure \nIt was found that the REST interface of the pcsd service did not properly remove the pcs debug argument from the /run_pcs query, possibly disclosing sensitive information. A remote attacker with a valid token could use this flaw to elevate their privilege. ([CVE-2018-1086 __](<https://access.redhat.com/security/cve/CVE-2018-1086>))\n\nTiming attack in authenticity_token.rb \nSinatra rack-protection versions 1.5.4 and 2.0.0.rc3 and earlier contains a timing attack vulnerability in the CSRF token checking that can result in signatures can be exposed. This attack appear to be exploitable via network connectivity to the ruby application. This vulnerability appears to have been fixed in 1.5.5 and 2.0.0. ([CVE-2018-1000119 __](<https://access.redhat.com/security/cve/CVE-2018-1000119>))\n\nPrivilege escalation via authorized user malicious REST call \nIt was found that the REST interface of the pcsd service did not properly sanitize the file name from the /remote/put_file query. If the /etc/booth directory exists, an authenticated attacker with write permissions could create or overwrite arbitrary files with arbitrary data outside of the /etc/booth directory, in the context of the pcsd process. ([CVE-2018-1079 __](<https://access.redhat.com/security/cve/CVE-2018-1079>))\n\n \n**Affected Packages:** \n\n\npcs\n\n \n**Issue Correction:** \nRun _yum update pcs_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n src: \n pcs-0.9.162-5.amzn2.1.1.src \n \n x86_64: \n pcs-0.9.162-5.amzn2.1.1.x86_64 \n pcs-snmp-0.9.162-5.amzn2.1.1.x86_64 \n pcs-debuginfo-0.9.162-5.amzn2.1.1.x86_64 \n \n \n", "edition": 1, "modified": "2018-04-26T17:41:00", "published": "2018-04-26T17:41:00", "id": "ALAS2-2018-1005", "href": "https://alas.aws.amazon.com/AL2/ALAS-2018-1005.html", "title": "Important: pcs", "type": "amazon", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:36:57", "bulletinFamily": "unix", "cvelist": ["CVE-2018-1079", "CVE-2018-1086", "CVE-2018-1000119"], "description": "[0.9.162-5.0.3.el7_5.1]\n- Unlike RHEL we DO have corosync/pacemaker for aarch64 on EL7\n- replace logo pcsd/public/favicon.ico in tarball\n- remove Source1 HAM-logo.png\n[0.9.162-5.el7_5.1]\n- Fixed CVE-2018-1086 pcs: Debug parameter removal bypass, allowing information disclosure\n- Fixed CVE-2018-1079 pcs: Privilege escalation via authorized user malicious REST call\n- Fixed CVE-2018-1000119 rack-protection: Timing attack in authenticity_token.rb\n- Resolves: rhbz#1557253", "edition": 5, "modified": "2018-04-30T00:00:00", "published": "2018-04-30T00:00:00", "id": "ELSA-2018-1060", "href": "http://linux.oracle.com/errata/ELSA-2018-1060.html", "title": "pcs security update", "type": "oraclelinux", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}]}