Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
openvasCopyright (C) 2012 Greenbone AGOPENVAS:1361412562310870580
HistoryApr 05, 2012 - 12:00 a.m.

RedHat Update for rpm RHSA-2012:0451-01

2012-04-0500:00:00
Copyright (C) 2012 Greenbone AG
plugins.openvas.org
18

8.6 High

AI Score

Confidence

High

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.056 Low

EPSS

Percentile

93.2%

JSON

The remote host is missing an update for the

# SPDX-FileCopyrightText: 2012 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

if(description)
{
  script_xref(name:"URL", value:"https://www.redhat.com/archives/rhsa-announce/2012-April/msg00001.html");
  script_oid("1.3.6.1.4.1.25623.1.0.870580");
  script_tag(name:"cvss_base", value:"6.8");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:P/I:P/A:P");
  script_version("2024-03-21T05:06:54+0000");
  script_tag(name:"last_modification", value:"2024-03-21 05:06:54 +0000 (Thu, 21 Mar 2024)");
  script_tag(name:"creation_date", value:"2012-04-05 10:19:41 +0530 (Thu, 05 Apr 2012)");
  script_cve_id("CVE-2012-0060", "CVE-2012-0061", "CVE-2012-0815");
  script_xref(name:"RHSA", value:"2012:0451-01");
  script_name("RedHat Update for rpm RHSA-2012:0451-01");

  script_tag(name:"summary", value:"The remote host is missing an update for the 'rpm'
  package(s) announced via the referenced advisory.");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2012 Greenbone AG");
  script_family("Red Hat Local Security Checks");
  script_dependencies("gather-package-list.nasl");
  script_mandatory_keys("ssh/login/rhel", "ssh/login/rpms", re:"ssh/login/release=RHENT_5");
  script_tag(name:"affected", value:"rpm on Red Hat Enterprise Linux (v. 5 server)");
  script_tag(name:"solution", value:"Please Install the Updated Packages.");
  script_tag(name:"insight", value:"The RPM Package Manager (RPM) is a command-line driven package management
  system capable of installing, uninstalling, verifying, querying, and
  updating software packages.

  Multiple flaws were found in the way RPM parsed package file headers. An
  attacker could create a specially-crafted RPM package that, when its
  package header was accessed, or during package signature verification,
  could cause an application using the RPM library (such as the rpm command
  line tool, or the yum and up2date package managers) to crash or,
  potentially, execute arbitrary code. (CVE-2012-0060, CVE-2012-0061,
  CVE-2012-0815)

  Note: Although an RPM package can, by design, execute arbitrary code when
  installed, this issue would allow a specially-crafted RPM package to
  execute arbitrary code before its digital signature has been verified.
  Package downloads from the Red Hat Network are protected by the use of a
  secure HTTPS connection in addition to the RPM package signature checks.

  All RPM users should upgrade to these updated packages, which contain a
  backported patch to correct these issues. All running applications linked
  against the RPM library must be restarted for this update to take effect.");
  script_tag(name:"qod_type", value:"package");
  script_tag(name:"solution_type", value:"VendorFix");

  exit(0);
}

include("revisions-lib.inc");
include("pkg-lib-rpm.inc");

release = rpm_get_ssh_release();
if(!release) exit(0);

res = "";

if(release == "RHENT_5")
{

  if ((res = isrpmvuln(pkg:"popt", rpm:"popt~1.10.2.3~28.el5_8", rls:"RHENT_5")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"rpm", rpm:"rpm~4.4.2.3~28.el5_8", rls:"RHENT_5")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"rpm-apidocs", rpm:"rpm-apidocs~4.4.2.3~28.el5_8", rls:"RHENT_5")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"rpm-build", rpm:"rpm-build~4.4.2.3~28.el5_8", rls:"RHENT_5")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"rpm-debuginfo", rpm:"rpm-debuginfo~4.4.2.3~28.el5_8", rls:"RHENT_5")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"rpm-devel", rpm:"rpm-devel~4.4.2.3~28.el5_8", rls:"RHENT_5")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"rpm-libs", rpm:"rpm-libs~4.4.2.3~28.el5_8", rls:"RHENT_5")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"rpm-python", rpm:"rpm-python~4.4.2.3~28.el5_8", rls:"RHENT_5")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if (__pkg_match) exit(99);
  exit(0);
}

Related

openvas 24
nessus 23
redhat 2
oraclelinux 1
centos 1
fedora 3
amazon 1
ubuntu 1
osv 1
debian 1
gentoo 1
veracode 3
ubuntucve 3
cve 4
prion 3
debiancve 3
vmware 2
openvas
openvas
Fedora Update for rpm FEDORA-2012-5421
2012-04-23 00:00:00
Amazon Linux: Security Advisory (ALAS-2012-61)
2015-09-08 00:00:00
CentOS Update for popt CESA-2012:0451 centos5
2012-07-30 00:00:00
nessus
nessus
Mandriva Linux Security Advisory : rpm (MDVSA-2012:056)
2012-04-12 00:00:00
Scientific Linux Security Update : rpm on SL5.x, SL6.x i386/x86_64 (20120403)
2012-08-01 00:00:00
Amazon Linux AMI : rpm (ALAS-2012-61)
2013-09-04 00:00:00
redhat
redhat
(RHSA-2012:0451) Important: rpm security update
2012-04-03 00:00:00
(RHSA-2012:0531) Important: rhev-hypervisor6 security and bug fix update
2012-04-30 00:00:00
oraclelinux
oraclelinux
rpm security update
2012-04-03 00:00:00
centos
centos
popt, rpm security update
2012-04-03 17:07:58
fedora
fedora
[SECURITY] Fedora 17 Update: rpm-4.9.1.3-1.fc17
2012-04-12 03:27:10
[SECURITY] Fedora 16 Update: rpm-4.9.1.3-1.fc16
2012-04-22 03:42:55
[SECURITY] Fedora 15 Update: rpm-4.9.1.3-1.fc15
2012-04-22 03:24:37
amazon
amazon
Important: rpm
2012-04-05 12:49:00
ubuntu
ubuntu
RPM vulnerabilities
2013-01-17 00:00:00
osv
osv
rpm - security update
2015-01-28 00:00:00
debian
debian
[SECURITY] [DLA 140-1] rpm security update
2015-01-28 18:07:09
gentoo
gentoo
RPM: Multiple vulnerabilities
2012-06-24 00:00:00
veracode
veracode
Arbitrary Code Execution
2020-04-10 01:10:31
Arbitrary Code Execution
2020-04-10 01:10:31
Arbitrary Code Execution
2020-04-10 01:10:31
ubuntucve
ubuntucve
CVE-2012-0060
2012-04-03 00:00:00
CVE-2012-0061
2012-04-03 00:00:00
CVE-2012-0815
2012-04-03 00:00:00
cve
cve
CVE-2012-0060
2012-06-04 20:55:00
CVE-2012-0061
2012-06-04 20:55:00
CVE-2012-0815
2012-06-04 20:55:00
prion
prion
Design/Logic Flaw
2012-06-04 20:55:00
Hardcoded credentials
2012-06-04 20:55:00
Hardcoded credentials
2012-06-04 20:55:00
debiancve
debiancve
CVE-2012-0061
2012-06-04 20:55:00
CVE-2012-0060
2012-06-04 20:55:00
CVE-2012-0815
2012-06-04 20:55:00
vmware
vmware
VMware vSphere and vCOps updates to third party libraries
2012-08-30 00:00:00
VMware vSphere and vCOps updates to third party libraries
2012-08-30 00:00:00

8.6 High

AI Score

Confidence

High

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.056 Low

EPSS

Percentile

93.2%

JSON
Related for OPENVAS:1361412562310870580
openvas24nessus23redhat2oraclelinux1centos1fedora3amazon1ubuntu1osv1debian1gentoo1veracode3ubuntucve3cve4prion3debiancve3vmware2