ID OPENVAS:861316 Type openvas Reporter Copyright (C) 2009 Greenbone Networks GmbH Modified 2017-07-10T00:00:00
Description
Check for the Version of NetworkManager
###############################################################################
# OpenVAS Vulnerability Test
#
# Fedora Update for NetworkManager FEDORA-2007-0186
#
# Authors:
# System Generated Check
#
# Copyright:
# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
include("revisions-lib.inc");
tag_affected = "NetworkManager on Fedora 7";
tag_insight = "NetworkManager attempts to keep an active network connection available at all
times. It is intended only for the desktop use-case, and is not intended for
usage on servers. The point of NetworkManager is to make networking
configuration and setup as painless and automatic as possible. If using DHCP,
NetworkManager is _intended_ to replace default routes, obtain IP addresses
from a DHCP server, and change nameservers whenever it sees fit.";
tag_solution = "Please Install the Updated Packages.";
if(description)
{
script_xref(name : "URL" , value : "https://www.redhat.com/archives/fedora-package-announce/2007-June/msg00032.html");
script_id(861316);
script_cve_id("CVE-2007-2874");
script_version("$Revision: 6623 $");
script_tag(name:"last_modification", value:"$Date: 2017-07-10 08:10:20 +0200 (Mon, 10 Jul 2017) $");
script_tag(name:"creation_date", value:"2009-02-27 16:31:39 +0100 (Fri, 27 Feb 2009)");
script_tag(name:"cvss_base", value:"5.8");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:N/I:P/A:P");
script_xref(name: "FEDORA", value: "2007-0186");
script_name( "Fedora Update for NetworkManager FEDORA-2007-0186");
script_summary("Check for the Version of NetworkManager");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2009 Greenbone Networks GmbH");
script_family("Fedora Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/fedora", "ssh/login/rpms");
script_tag(name : "affected" , value : tag_affected);
script_tag(name : "insight" , value : tag_insight);
script_tag(name : "solution" , value : tag_solution);
script_tag(name:"qod_type", value:"package");
script_tag(name:"solution_type", value:"VendorFix");
exit(0);
}
include("pkg-lib-rpm.inc");
release = get_kb_item("ssh/login/release");
res = "";
if(release == NULL){
exit(0);
}
if(release == "FC7")
{
if ((res = isrpmvuln(pkg:"NetworkManager", rpm:"NetworkManager~0.6.5~3.fc7", rls:"FC7")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"NetworkManager", rpm:"NetworkManager~0.6.5~3.fc7", rls:"FC7")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"NetworkManager-debuginfo", rpm:"NetworkManager-debuginfo~0.6.5~3.fc7", rls:"FC7")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"NetworkManager-glib-devel", rpm:"NetworkManager-glib-devel~0.6.5~3.fc7", rls:"FC7")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"NetworkManager-glib", rpm:"NetworkManager-glib~0.6.5~3.fc7", rls:"FC7")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"NetworkManager-devel", rpm:"NetworkManager-devel~0.6.5~3.fc7", rls:"FC7")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"NetworkManager-gnome", rpm:"NetworkManager-gnome~0.6.5~3.fc7", rls:"FC7")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"NetworkManager-glib-devel", rpm:"NetworkManager-glib-devel~0.6.5~3.fc7", rls:"FC7")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"NetworkManager-debuginfo", rpm:"NetworkManager-debuginfo~0.6.5~3.fc7", rls:"FC7")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"NetworkManager-devel", rpm:"NetworkManager-devel~0.6.5~3.fc7", rls:"FC7")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"NetworkManager-gnome", rpm:"NetworkManager-gnome~0.6.5~3.fc7", rls:"FC7")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"NetworkManager-glib", rpm:"NetworkManager-glib~0.6.5~3.fc7", rls:"FC7")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"NetworkManager", rpm:"NetworkManager~0.6.5~3.fc7", rls:"FC7")) != NULL)
{
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99); # Not vulnerable.
exit(0);
}
{"id": "OPENVAS:861316", "type": "openvas", "bulletinFamily": "scanner", "title": "Fedora Update for NetworkManager FEDORA-2007-0186", "description": "Check for the Version of NetworkManager", "published": "2009-02-27T00:00:00", "modified": "2017-07-10T00:00:00", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=861316", "reporter": "Copyright (C) 2009 Greenbone Networks GmbH", "references": ["https://www.redhat.com/archives/fedora-package-announce/2007-June/msg00032.html", "2007-0186"], "cvelist": ["CVE-2007-2874"], "lastseen": "2017-07-25T10:56:28", "viewCount": 0, "enchantments": {"score": {"value": 5.5, "vector": "NONE", "modified": "2017-07-25T10:56:28", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2007-0186", "CVE-2007-2874"]}, {"type": "nessus", "idList": ["FEDORA_2007-0186.NASL"]}], "modified": "2017-07-25T10:56:28", "rev": 2}, "vulnersScore": 5.5}, "pluginID": "861316", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for NetworkManager FEDORA-2007-0186\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"NetworkManager on Fedora 7\";\ntag_insight = \"NetworkManager attempts to keep an active network connection available at all\n times. It is intended only for the desktop use-case, and is not intended for\n usage on servers. The point of NetworkManager is to make networking\n configuration and setup as painless and automatic as possible. If using DHCP,\n NetworkManager is _intended_ to replace default routes, obtain IP addresses\n from a DHCP server, and change nameservers whenever it sees fit.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2007-June/msg00032.html\");\n script_id(861316);\n script_cve_id(\"CVE-2007-2874\");\n script_version(\"$Revision: 6623 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:10:20 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 16:31:39 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"5.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:P\");\n script_xref(name: \"FEDORA\", value: \"2007-0186\");\n script_name( \"Fedora Update for NetworkManager FEDORA-2007-0186\");\n\n script_summary(\"Check for the Version of NetworkManager\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC7\")\n{\n\n if ((res = isrpmvuln(pkg:\"NetworkManager\", rpm:\"NetworkManager~0.6.5~3.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"NetworkManager\", rpm:\"NetworkManager~0.6.5~3.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"NetworkManager-debuginfo\", rpm:\"NetworkManager-debuginfo~0.6.5~3.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"NetworkManager-glib-devel\", rpm:\"NetworkManager-glib-devel~0.6.5~3.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"NetworkManager-glib\", rpm:\"NetworkManager-glib~0.6.5~3.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"NetworkManager-devel\", rpm:\"NetworkManager-devel~0.6.5~3.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"NetworkManager-gnome\", rpm:\"NetworkManager-gnome~0.6.5~3.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"NetworkManager-glib-devel\", rpm:\"NetworkManager-glib-devel~0.6.5~3.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"NetworkManager-debuginfo\", rpm:\"NetworkManager-debuginfo~0.6.5~3.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"NetworkManager-devel\", rpm:\"NetworkManager-devel~0.6.5~3.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"NetworkManager-gnome\", rpm:\"NetworkManager-gnome~0.6.5~3.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"NetworkManager-glib\", rpm:\"NetworkManager-glib~0.6.5~3.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"NetworkManager\", rpm:\"NetworkManager~0.6.5~3.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "naslFamily": "Fedora Local Security Checks"}
{"cve": [{"lastseen": "2021-02-02T05:31:24", "description": "Buffer overflow in the wpa_printf function in the debugging code in wpa_supplicant in the Fedora NetworkManager package before 0.6.5-3.fc7 allows user-assisted remote attackers to execute arbitrary code via malformed frames on a WPA2 network. NOTE: some of these details are obtained from third party information.", "edition": 6, "cvss3": {}, "published": "2007-07-27T21:30:00", "title": "CVE-2007-2874", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-2874"], "modified": "2011-03-08T02:55:00", "cpe": ["cpe:/o:redhat:fedora_core:0.6.5-3.fc7"], "id": "CVE-2007-2874", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-2874", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}, "cpe23": ["cpe:2.3:o:redhat:fedora_core:0.6.5-3.fc7:*:networkmanager:*:*:*:*:*"]}], "nessus": [{"lastseen": "2021-01-12T10:06:02", "description": "A buffer overflow flaw was found in the debugging code of Fedora's\nversion of wpa_supplicant. This can be triggered by those using\nNetworkManager.\n\nIt is recommended that users of wpa_supplicant or NetworkManager\nupdate to this package (and the accompanying wpa_supplicant packages)\nwhich removes the affected debug code.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 25, "published": "2007-11-06T00:00:00", "title": "Fedora 7 : NetworkManager-0.6.5-3.fc7 (2007-0186)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-2874"], "modified": "2007-11-06T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:7", "p-cpe:/a:fedoraproject:fedora:NetworkManager-gnome", "p-cpe:/a:fedoraproject:fedora:NetworkManager-debuginfo", "p-cpe:/a:fedoraproject:fedora:NetworkManager-glib", "p-cpe:/a:fedoraproject:fedora:NetworkManager-glib-devel", "p-cpe:/a:fedoraproject:fedora:NetworkManager", "p-cpe:/a:fedoraproject:fedora:NetworkManager-devel"], "id": "FEDORA_2007-0186.NASL", "href": "https://www.tenable.com/plugins/nessus/27655", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2007-0186.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(27655);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2007-2874\");\n script_xref(name:\"FEDORA\", value:\"2007-0186\");\n\n script_name(english:\"Fedora 7 : NetworkManager-0.6.5-3.fc7 (2007-0186)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A buffer overflow flaw was found in the debugging code of Fedora's\nversion of wpa_supplicant. This can be triggered by those using\nNetworkManager.\n\nIt is recommended that users of wpa_supplicant or NetworkManager\nupdate to this package (and the accompanying wpa_supplicant packages)\nwhich removes the affected debug code.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2007-June/001816.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?5896ca1f\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:NetworkManager\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:NetworkManager-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:NetworkManager-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:NetworkManager-glib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:NetworkManager-glib-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:NetworkManager-gnome\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:7\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/06/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/11/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 7.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC7\", reference:\"NetworkManager-0.6.5-3.fc7\")) flag++;\nif (rpm_check(release:\"FC7\", reference:\"NetworkManager-debuginfo-0.6.5-3.fc7\")) flag++;\nif (rpm_check(release:\"FC7\", reference:\"NetworkManager-devel-0.6.5-3.fc7\")) flag++;\nif (rpm_check(release:\"FC7\", reference:\"NetworkManager-glib-0.6.5-3.fc7\")) flag++;\nif (rpm_check(release:\"FC7\", reference:\"NetworkManager-glib-devel-0.6.5-3.fc7\")) flag++;\nif (rpm_check(release:\"FC7\", reference:\"NetworkManager-gnome-0.6.5-3.fc7\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"NetworkManager / NetworkManager-debuginfo / NetworkManager-devel / etc\");\n}\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}]}
