Search...

Fedora Update for cumin FEDORA-2012-17854

2012-11-23T00:00:00

ID OPENVAS:864879
Type openvas
Reporter Copyright (c) 2012 Greenbone Networks GmbH
Modified 2017-12-29T00:00:00

Description

Check for the Version of cumin

                                        
                                            ###############################################################################
# OpenVAS Vulnerability Test
#
# Fedora Update for cumin FEDORA-2012-17854
#
# Authors:
# System Generated Check
#
# Copyright:
# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################

include("revisions-lib.inc");
tag_affected = "cumin on Fedora 16";
tag_insight = "Cumin is the MRG management web console.  It provides a unified
  management interface for the Messaging, Realtime and Grid components
  of MRG.";
tag_solution = "Please Install the Updated Packages.";



if(description)
{
  script_xref(name : "URL" , value : "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092543.html");
  script_id(864879);
  script_version("$Revision: 8257 $");
  script_tag(name:"last_modification", value:"$Date: 2017-12-29 07:29:46 +0100 (Fri, 29 Dec 2017) $");
  script_tag(name:"creation_date", value:"2012-11-23 11:34:46 +0530 (Fri, 23 Nov 2012)");
  script_cve_id("CVE-2012-2683", "CVE-2012-2684");
  script_tag(name:"cvss_base", value:"7.5");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_xref(name: "FEDORA", value: "2012-17854");
  script_name("Fedora Update for cumin FEDORA-2012-17854");

  script_tag(name: "summary" , value: "Check for the Version of cumin");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (c) 2012 Greenbone Networks GmbH");
  script_family("Fedora Local Security Checks");
  script_dependencies("gather-package-list.nasl");
  script_mandatory_keys("ssh/login/fedora", "ssh/login/rpms");
  script_tag(name : "affected" , value : tag_affected);
  script_tag(name : "insight" , value : tag_insight);
  script_tag(name : "solution" , value : tag_solution);
  script_tag(name:"qod_type", value:"package");
  script_tag(name:"solution_type", value:"VendorFix");
  exit(0);
}


include("pkg-lib-rpm.inc");

release = get_kb_item("ssh/login/release");

res = "";
if(release == NULL){
  exit(0);
}

if(release == "FC16")
{

  if ((res = isrpmvuln(pkg:"cumin", rpm:"cumin~0.1.5522~4.fc16", rls:"FC16")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if (__pkg_match) exit(99); # Not vulnerable.
  exit(0);
}

JSON Vulners Source

Initial Source

{"id": "OPENVAS:864879", "type": "openvas", "bulletinFamily": "scanner", "title": "Fedora Update for cumin FEDORA-2012-17854", "description": "Check for the Version of cumin", "published": "2012-11-23T00:00:00", "modified": "2017-12-29T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=864879", "reporter": "Copyright (c) 2012 Greenbone Networks GmbH", "references": ["2012-17854", "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092543.html"], "cvelist": ["CVE-2012-2684", "CVE-2012-2683"], "lastseen": "2018-01-02T10:58:12", "viewCount": 0, "enchantments": {"score": {"value": 6.6, "vector": "NONE", "modified": "2018-01-02T10:58:12", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2012-2683", "CVE-2012-2684"]}, {"type": "openvas", "idList": ["OPENVAS:864876", "OPENVAS:1361412562310864876", "OPENVAS:865455", "OPENVAS:1361412562310864879", "OPENVAS:1361412562310865455"]}, {"type": "nessus", "idList": ["REDHAT-RHSA-2012-1278.NASL", "REDHAT-RHSA-2012-1281.NASL", "FEDORA_2012-17863.NASL", "FEDORA_2012-17834.NASL", "FEDORA_2012-17854.NASL"]}, {"type": "redhat", "idList": ["RHSA-2012:1281", "RHSA-2012:1278"]}], "modified": "2018-01-02T10:58:12", "rev": 2}, "vulnersScore": 6.6}, "pluginID": "864879", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for cumin FEDORA-2012-17854\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"cumin on Fedora 16\";\ntag_insight = \"Cumin is the MRG management web console. It provides a unified\n management interface for the Messaging, Realtime and Grid components\n of MRG.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092543.html\");\n script_id(864879);\n script_version(\"$Revision: 8257 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-29 07:29:46 +0100 (Fri, 29 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-11-23 11:34:46 +0530 (Fri, 23 Nov 2012)\");\n script_cve_id(\"CVE-2012-2683\", \"CVE-2012-2684\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"FEDORA\", value: \"2012-17854\");\n script_name(\"Fedora Update for cumin FEDORA-2012-17854\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of cumin\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC16\")\n{\n\n if ((res = isrpmvuln(pkg:\"cumin\", rpm:\"cumin~0.1.5522~4.fc16\", rls:\"FC16\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "naslFamily": "Fedora Local Security Checks"}

{"cve": [{"lastseen": "2020-12-09T19:47:20", "description": "Multiple cross-site scripting (XSS) vulnerabilities in Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to (1) \"error message displays\" or (2) \"in source HTML on certain pages.\"", "edition": 5, "cvss3": {}, "published": "2012-09-28T17:55:00", "title": "CVE-2012-2683", "type": "cve", "cwe": ["CWE-79"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-2683"], "modified": "2017-08-29T01:31:00", "cpe": ["cpe:/a:trevor_mckay:cumin:0.1.5105-1", "cpe:/a:trevor_mckay:cumin:0.1.5137-2", "cpe:/a:trevor_mckay:cumin:0.1.4410-2", "cpe:/a:trevor_mckay:cumin:0.1.4794-1", "cpe:/a:trevor_mckay:cumin:0.1.4369-1", "cpe:/a:trevor_mckay:cumin:0.1.5054-1", "cpe:/a:trevor_mckay:cumin:0.1.5137-4", "cpe:/a:trevor_mckay:cumin:0.1.5192-4", "cpe:/a:trevor_mckay:cumin:0.1.4916-1", "cpe:/a:trevor_mckay:cumin:0.1.5037-1", "cpe:/a:trevor_mckay:cumin:0.1.5033-1", "cpe:/a:trevor_mckay:cumin:0.1.5098-2", "cpe:/a:trevor_mckay:cumin:0.1.5068-1", "cpe:/a:trevor_mckay:cumin:0.1.4494-1", "cpe:/a:redhat:enterprise_mrg:2.0", "cpe:/a:trevor_mckay:cumin:0.1.5137-3", "cpe:/a:trevor_mckay:cumin:0.1.3160-1", "cpe:/a:trevor_mckay:cumin:0.1.5092-1", "cpe:/a:trevor_mckay:cumin:0.1.5192-1", "cpe:/a:trevor_mckay:cumin:0.1.5137-1", "cpe:/a:trevor_mckay:cumin:0.1.5137-5"], "id": "CVE-2012-2683", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2683", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:trevor_mckay:cumin:0.1.5137-1:*:*:*:*:*:*:*", "cpe:2.3:a:trevor_mckay:cumin:0.1.4916-1:*:*:*:*:*:*:*", "cpe:2.3:a:trevor_mckay:cumin:0.1.5092-1:*:*:*:*:*:*:*", "cpe:2.3:a:trevor_mckay:cumin:0.1.5137-3:*:*:*:*:*:*:*", "cpe:2.3:a:trevor_mckay:cumin:0.1.5068-1:*:*:*:*:*:*:*", "cpe:2.3:a:trevor_mckay:cumin:0.1.5137-4:*:*:*:*:*:*:*", "cpe:2.3:a:trevor_mckay:cumin:0.1.5192-1:*:*:*:*:*:*:*", "cpe:2.3:a:trevor_mckay:cumin:0.1.4410-2:*:*:*:*:*:*:*", "cpe:2.3:a:trevor_mckay:cumin:0.1.4369-1:*:*:*:*:*:*:*", "cpe:2.3:a:trevor_mckay:cumin:0.1.5137-5:*:*:*:*:*:*:*", "cpe:2.3:a:trevor_mckay:cumin:0.1.4494-1:*:*:*:*:*:*:*", "cpe:2.3:a:trevor_mckay:cumin:0.1.5105-1:*:*:*:*:*:*:*", "cpe:2.3:a:trevor_mckay:cumin:0.1.5054-1:*:*:*:*:*:*:*", "cpe:2.3:a:trevor_mckay:cumin:0.1.3160-1:*:*:*:*:*:*:*", "cpe:2.3:a:trevor_mckay:cumin:0.1.4794-1:*:*:*:*:*:*:*", "cpe:2.3:a:trevor_mckay:cumin:0.1.5137-2:*:*:*:*:*:*:*", "cpe:2.3:a:trevor_mckay:cumin:0.1.5192-4:*:*:*:*:*:*:*", "cpe:2.3:a:trevor_mckay:cumin:0.1.5037-1:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:enterprise_mrg:2.0:*:*:*:*:*:*:*", "cpe:2.3:a:trevor_mckay:cumin:0.1.5098-2:*:*:*:*:*:*:*", "cpe:2.3:a:trevor_mckay:cumin:0.1.5033-1:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T19:47:20", "description": "Multiple SQL injection vulnerabilities in the get_sample_filters_by_signature function in Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, allow remote attackers to execute arbitrary SQL commands via the (1) agent or (2) object id.", "edition": 5, "cvss3": {}, "published": "2012-09-28T17:55:00", "title": "CVE-2012-2684", "type": "cve", "cwe": ["CWE-89"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-2684"], "modified": "2013-11-25T04:25:00", "cpe": ["cpe:/a:trevor_mckay:cumin:0.1.5105-1", "cpe:/a:trevor_mckay:cumin:0.1.5137-2", "cpe:/a:trevor_mckay:cumin:0.1.4410-2", "cpe:/a:trevor_mckay:cumin:0.1.4794-1", "cpe:/a:trevor_mckay:cumin:0.1.4369-1", "cpe:/a:trevor_mckay:cumin:0.1.5054-1", "cpe:/a:trevor_mckay:cumin:0.1.5137-4", "cpe:/a:trevor_mckay:cumin:0.1.5192-4", "cpe:/a:trevor_mckay:cumin:0.1.4916-1", "cpe:/a:trevor_mckay:cumin:0.1.5037-1", "cpe:/a:trevor_mckay:cumin:0.1.5033-1", "cpe:/a:trevor_mckay:cumin:0.1.5098-2", "cpe:/a:trevor_mckay:cumin:0.1.5068-1", "cpe:/a:trevor_mckay:cumin:0.1.4494-1", "cpe:/a:redhat:enterprise_mrg:2.0", "cpe:/a:trevor_mckay:cumin:0.1.5137-3", "cpe:/a:trevor_mckay:cumin:0.1.3160-1", "cpe:/a:trevor_mckay:cumin:0.1.5092-1", "cpe:/a:trevor_mckay:cumin:0.1.5192-1", "cpe:/a:trevor_mckay:cumin:0.1.5137-1", "cpe:/a:trevor_mckay:cumin:0.1.5137-5"], "id": "CVE-2012-2684", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2684", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:trevor_mckay:cumin:0.1.5137-1:*:*:*:*:*:*:*", "cpe:2.3:a:trevor_mckay:cumin:0.1.4916-1:*:*:*:*:*:*:*", "cpe:2.3:a:trevor_mckay:cumin:0.1.5092-1:*:*:*:*:*:*:*", "cpe:2.3:a:trevor_mckay:cumin:0.1.5137-3:*:*:*:*:*:*:*", "cpe:2.3:a:trevor_mckay:cumin:0.1.5068-1:*:*:*:*:*:*:*", "cpe:2.3:a:trevor_mckay:cumin:0.1.5137-4:*:*:*:*:*:*:*", "cpe:2.3:a:trevor_mckay:cumin:0.1.5192-1:*:*:*:*:*:*:*", "cpe:2.3:a:trevor_mckay:cumin:0.1.4410-2:*:*:*:*:*:*:*", "cpe:2.3:a:trevor_mckay:cumin:0.1.4369-1:*:*:*:*:*:*:*", "cpe:2.3:a:trevor_mckay:cumin:0.1.5137-5:*:*:*:*:*:*:*", "cpe:2.3:a:trevor_mckay:cumin:0.1.4494-1:*:*:*:*:*:*:*", "cpe:2.3:a:trevor_mckay:cumin:0.1.5105-1:*:*:*:*:*:*:*", "cpe:2.3:a:trevor_mckay:cumin:0.1.5054-1:*:*:*:*:*:*:*", "cpe:2.3:a:trevor_mckay:cumin:0.1.3160-1:*:*:*:*:*:*:*", "cpe:2.3:a:trevor_mckay:cumin:0.1.4794-1:*:*:*:*:*:*:*", "cpe:2.3:a:trevor_mckay:cumin:0.1.5137-2:*:*:*:*:*:*:*", "cpe:2.3:a:trevor_mckay:cumin:0.1.5192-4:*:*:*:*:*:*:*", "cpe:2.3:a:trevor_mckay:cumin:0.1.5037-1:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:enterprise_mrg:2.0:*:*:*:*:*:*:*", "cpe:2.3:a:trevor_mckay:cumin:0.1.5098-2:*:*:*:*:*:*:*", "cpe:2.3:a:trevor_mckay:cumin:0.1.5033-1:*:*:*:*:*:*:*"]}], "openvas": [{"lastseen": "2019-05-29T18:38:08", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-2684", "CVE-2012-2683"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2013-03-15T00:00:00", "id": "OPENVAS:1361412562310865455", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310865455", "type": "openvas", "title": "Fedora Update for cumin FEDORA-2012-17834", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for cumin FEDORA-2012-17834\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_tag(name:\"affected\", value:\"cumin on Fedora 18\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2013-March/100097.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.865455\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2013-03-15 09:48:49 +0530 (Fri, 15 Mar 2013)\");\n script_cve_id(\"CVE-2012-2683\", \"CVE-2012-2684\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"FEDORA\", value:\"2012-17834\");\n script_name(\"Fedora Update for cumin FEDORA-2012-17834\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'cumin'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC18\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC18\")\n{\n\n if ((res = isrpmvuln(pkg:\"cumin\", rpm:\"cumin~0.1.5522~4.fc18\", rls:\"FC18\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2018-01-03T10:56:41", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-2684", "CVE-2012-2683"], "description": "Check for the Version of cumin", "modified": "2018-01-03T00:00:00", "published": "2012-11-23T00:00:00", "id": "OPENVAS:864876", "href": "http://plugins.openvas.org/nasl.php?oid=864876", "type": "openvas", "title": "Fedora Update for cumin FEDORA-2012-17863", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for cumin FEDORA-2012-17863\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"cumin on Fedora 17\";\ntag_insight = \"Cumin is the MRG management web console. It provides a unified\n management interface for the Messaging, Realtime and Grid components\n of MRG.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092562.html\");\n script_id(864876);\n script_version(\"$Revision: 8273 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-03 07:29:19 +0100 (Wed, 03 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-11-23 11:34:21 +0530 (Fri, 23 Nov 2012)\");\n script_cve_id(\"CVE-2012-2683\", \"CVE-2012-2684\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"FEDORA\", value: \"2012-17863\");\n script_name(\"Fedora Update for cumin FEDORA-2012-17863\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of cumin\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC17\")\n{\n\n if ((res = isrpmvuln(pkg:\"cumin\", rpm:\"cumin~0.1.5522~4.fc17\", rls:\"FC17\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:38:55", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-2684", "CVE-2012-2683"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2012-11-23T00:00:00", "id": "OPENVAS:1361412562310864876", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310864876", "type": "openvas", "title": "Fedora Update for cumin FEDORA-2012-17863", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for cumin FEDORA-2012-17863\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092562.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.864876\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-11-23 11:34:21 +0530 (Fri, 23 Nov 2012)\");\n script_cve_id(\"CVE-2012-2683\", \"CVE-2012-2684\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"FEDORA\", value:\"2012-17863\");\n script_name(\"Fedora Update for cumin FEDORA-2012-17863\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'cumin'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC17\");\n script_tag(name:\"affected\", value:\"cumin on Fedora 17\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC17\")\n{\n\n if ((res = isrpmvuln(pkg:\"cumin\", rpm:\"cumin~0.1.5522~4.fc17\", rls:\"FC17\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2018-01-26T11:09:47", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-2684", "CVE-2012-2683"], "description": "Check for the Version of cumin", "modified": "2018-01-26T00:00:00", "published": "2013-03-15T00:00:00", "id": "OPENVAS:865455", "href": "http://plugins.openvas.org/nasl.php?oid=865455", "type": "openvas", "title": "Fedora Update for cumin FEDORA-2012-17834", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for cumin FEDORA-2012-17834\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\ntag_solution = \"Please Install the Updated Packages.\";\ntag_insight = \"Cumin is the MRG management web console. It provides a unified\n management interface for the Messaging, Realtime and Grid components\n of MRG.\";\ntag_affected = \"cumin on Fedora 18\";\n\n\n\n\nif(description)\n{\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2013-March/100097.html\");\n script_id(865455);\n script_version(\"$Revision: 8542 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-26 07:57:28 +0100 (Fri, 26 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-03-15 09:48:49 +0530 (Fri, 15 Mar 2013)\");\n script_cve_id(\"CVE-2012-2683\", \"CVE-2012-2684\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"FEDORA\", value: \"2012-17834\");\n script_name(\"Fedora Update for cumin FEDORA-2012-17834\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of cumin\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC18\")\n{\n\n if ((res = isrpmvuln(pkg:\"cumin\", rpm:\"cumin~0.1.5522~4.fc18\", rls:\"FC18\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:39:11", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-2684", "CVE-2012-2683"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2012-11-23T00:00:00", "id": "OPENVAS:1361412562310864879", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310864879", "type": "openvas", "title": "Fedora Update for cumin FEDORA-2012-17854", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for cumin FEDORA-2012-17854\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092543.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.864879\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-11-23 11:34:46 +0530 (Fri, 23 Nov 2012)\");\n script_cve_id(\"CVE-2012-2683\", \"CVE-2012-2684\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"FEDORA\", value:\"2012-17854\");\n script_name(\"Fedora Update for cumin FEDORA-2012-17854\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'cumin'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC16\");\n script_tag(name:\"affected\", value:\"cumin on Fedora 16\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC16\")\n{\n\n if ((res = isrpmvuln(pkg:\"cumin\", rpm:\"cumin~0.1.5522~4.fc16\", rls:\"FC16\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "fedora": [{"lastseen": "2020-12-21T08:17:51", "bulletinFamily": "unix", "cvelist": ["CVE-2012-2683", "CVE-2012-2684"], "description": "Cumin is the MRG management web console. It provides a unified management interface for the Messaging, Realtime and Grid components of MRG. ", "modified": "2012-11-20T03:04:01", "published": "2012-11-20T03:04:01", "id": "FEDORA:D699420A24", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 16 Update: cumin-0.1.5522-4.fc16", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:51", "bulletinFamily": "unix", "cvelist": ["CVE-2012-2683", "CVE-2012-2684"], "description": "Cumin is the MRG management web console. It provides a unified management interface for the Messaging, Realtime and Grid components of MRG. ", "modified": "2012-11-20T03:15:52", "published": "2012-11-20T03:15:52", "id": "FEDORA:9A54C20692", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 17 Update: cumin-0.1.5522-4.fc17", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:51", "bulletinFamily": "unix", "cvelist": ["CVE-2012-2683", "CVE-2012-2684"], "description": "Cumin is the MRG management web console. It provides a unified management interface for the Messaging, Realtime and Grid components of MRG. ", "modified": "2013-03-14T02:55:27", "published": "2013-03-14T02:55:27", "id": "FEDORA:2D2D6213A8", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 18 Update: cumin-0.1.5522-4.fc18", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2021-01-12T10:10:11", "description": "Latest build adds a missing dependency on python-saslwrapper and\nmissing upgrade scripts in addition to a patch for BZ842286. The\nprevious version of the spec file did not install cumin-report and was\nmissing a dependency on pymongo. This release contains many bug fixes\n(logged against Cumin in RHEL MRG but applying to Fedora as well).\nThere are also many security enhancements but it is not just a\nsecurity release.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 14, "published": "2012-11-20T00:00:00", "title": "Fedora 17 : cumin-0.1.5522-4.fc17 (2012-17863)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-2684", "CVE-2012-2683"], "modified": "2012-11-20T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:17", "p-cpe:/a:fedoraproject:fedora:cumin"], "id": "FEDORA_2012-17863.NASL", "href": "https://www.tenable.com/plugins/nessus/62971", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2012-17863.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(62971);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2012-2683\", \"CVE-2012-2684\");\n script_bugtraq_id(55618);\n script_xref(name:\"FEDORA\", value:\"2012-17863\");\n\n script_name(english:\"Fedora 17 : cumin-0.1.5522-4.fc17 (2012-17863)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Latest build adds a missing dependency on python-saslwrapper and\nmissing upgrade scripts in addition to a patch for BZ842286. The\nprevious version of the spec file did not install cumin-report and was\nmissing a dependency on pymongo. This release contains many bug fixes\n(logged against Cumin in RHEL MRG but applying to Fedora as well).\nThere are also many security enhancements but it is not just a\nsecurity release.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=830243\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=830245\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2012-November/092562.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d192c54e\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected cumin package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:cumin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:17\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/11/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/11/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^17([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 17.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC17\", reference:\"cumin-0.1.5522-4.fc17\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"cumin\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-12T10:10:11", "description": "Latest build adds a missing dependency on python-saslwrapper and\nmissing upgrade scripts in addition to a patch for BZ842286. The\nprevious version of the spec file did not install cumin-report and was\nmissing a dependency on pymongo. This release contains many bug fixes\n(logged against Cumin in RHEL MRG but applying to Fedora as well).\nThere are also many security enhancements but it is not just a\nsecurity release.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 14, "published": "2012-11-20T00:00:00", "title": "Fedora 16 : cumin-0.1.5522-4.fc16 (2012-17854)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-2684", "CVE-2012-2683"], "modified": "2012-11-20T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:16", "p-cpe:/a:fedoraproject:fedora:cumin"], "id": "FEDORA_2012-17854.NASL", "href": "https://www.tenable.com/plugins/nessus/62970", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2012-17854.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(62970);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2012-2683\", \"CVE-2012-2684\");\n script_bugtraq_id(55618);\n script_xref(name:\"FEDORA\", value:\"2012-17854\");\n\n script_name(english:\"Fedora 16 : cumin-0.1.5522-4.fc16 (2012-17854)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Latest build adds a missing dependency on python-saslwrapper and\nmissing upgrade scripts in addition to a patch for BZ842286. The\nprevious version of the spec file did not install cumin-report and was\nmissing a dependency on pymongo. This release contains many bug fixes\n(logged against Cumin in RHEL MRG but applying to Fedora as well).\nThere are also many security enhancements but it is not just a\nsecurity release.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=830243\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=830245\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2012-November/092543.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?9e810967\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected cumin package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:cumin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:16\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/11/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/11/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^16([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 16.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC16\", reference:\"cumin-0.1.5522-4.fc16\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"cumin\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-12T10:10:11", "description": "Latest build adds a missing dependency on python-saslwrapper and\nmissing upgrade scripts in addition to a patch for BZ842286. The\nprevious version of the spec file did not install cumin-report and was\nmissing a dependency on pymongo. This release contains many bug fixes\n(logged against Cumin in RHEL MRG but applying to Fedora as well).\nThere are also many security enhancements but it is not just a\nsecurity release.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 14, "published": "2013-03-14T00:00:00", "title": "Fedora 18 : cumin-0.1.5522-4.fc18 (2012-17834)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-2684", "CVE-2012-2683"], "modified": "2013-03-14T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:18", "p-cpe:/a:fedoraproject:fedora:cumin"], "id": "FEDORA_2012-17834.NASL", "href": "https://www.tenable.com/plugins/nessus/65531", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2012-17834.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(65531);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2012-2683\", \"CVE-2012-2684\");\n script_bugtraq_id(55618);\n script_xref(name:\"FEDORA\", value:\"2012-17834\");\n\n script_name(english:\"Fedora 18 : cumin-0.1.5522-4.fc18 (2012-17834)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Latest build adds a missing dependency on python-saslwrapper and\nmissing upgrade scripts in addition to a patch for BZ842286. The\nprevious version of the spec file did not install cumin-report and was\nmissing a dependency on pymongo. This release contains many bug fixes\n(logged against Cumin in RHEL MRG but applying to Fedora as well).\nThere are also many security enhancements but it is not just a\nsecurity release.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=830243\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=830245\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-March/100097.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?0ae91304\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected cumin package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:cumin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:18\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/11/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/03/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^18([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 18.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC18\", reference:\"cumin-0.1.5522-4.fc18\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"cumin\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-17T13:11:09", "description": "Updated Grid component packages that fix several security issues, add\nvarious enhancements and fix multiple bugs are now available for Red\nHat Enterprise MRG 2 for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nRed Hat Enterprise MRG (Messaging, Realtime, and Grid) is a\nnext-generation IT infrastructure for enterprise computing. MRG offers\nincreased performance, reliability, interoperability, and faster\ncomputing for enterprise customers.\n\nA number of unprotected resources (web pages, export functionality,\nimage viewing) were found in Cumin. An unauthenticated user could\nbypass intended access restrictions, resulting in information\ndisclosure. (CVE-2012-2680)\n\nCumin could generate weak session keys, potentially allowing remote\nattackers to predict session keys and obtain unauthorized access to\nCumin. (CVE-2012-2681)\n\nMultiple cross-site scripting flaws in Cumin could allow remote\nattackers to inject arbitrary web script on a web page displayed by\nCumin. (CVE-2012-2683)\n\nA SQL injection flaw in Cumin could allow remote attackers to\nmanipulate the contents of the back-end database via a specially\ncrafted URL. (CVE-2012-2684)\n\nWhen Cumin handled image requests, clients could request images of\narbitrary sizes. This could result in large memory allocations on the\nCumin server, leading to an out-of-memory condition. (CVE-2012-2685)\n\nCumin did not protect against Cross-Site Request Forgery attacks. If\nan attacker could trick a user, who was logged into the Cumin web\ninterface, into visiting a specially crafted web page, it could lead\nto unauthorized command execution in the Cumin web interface with the\nprivileges of the logged-in user. (CVE-2012-2734)\n\nA session fixation flaw was found in Cumin. An authenticated user able\nto pre-set the Cumin session cookie in a victim's browser could\npossibly use this flaw to steal the victim's session after they log\ninto Cumin. (CVE-2012-2735)\n\nIt was found that authenticated users could send a specially crafted\nHTTP POST request to Cumin that would cause it to submit a job\nattribute change to Condor. This could be used to change internal\nCondor attributes, including the Owner attribute, which could allow\nCumin users to elevate their privileges. (CVE-2012-3459)\n\nIt was discovered that Condor's file system authentication challenge\naccepted directories with weak permissions (for example, world\nreadable, writable and executable permissions). If a user created a\ndirectory with such permissions, a local attacker could rename it,\nallowing them to execute jobs with the privileges of the victim user.\n(CVE-2012-3492)\n\nIt was discovered that Condor exposed private information in the data\nin the ClassAds format served by condor_startd. An unauthenticated\nuser able to connect to condor_startd's port could request a ClassAd\nfor a running job, provided they could guess or brute-force the PID of\nthe job. This could expose the ClaimId which, if obtained, could be\nused to control the job as well as start new jobs on the system.\n(CVE-2012-3493)\n\nIt was discovered that the ability to abort a job in Condor only\nrequired WRITE authorization, instead of a combination of WRITE\nauthorization and job ownership. This could allow an authenticated\nattacker to bypass intended restrictions and abort any idle job on the\nsystem. (CVE-2012-3491)\n\nThe above issues were discovered by Florian Weimer of the Red Hat\nProduct Security Team.\n\nThis update also provides defense in depth patches for Condor.\n(BZ#848212, BZ#835592, BZ#841173, BZ#843476)\n\nThese updated packages for Red Hat Enterprise Linux 5 provide numerous\nenhancements and bug fixes for the Grid component of MRG. Some\nhighlights include :\n\n* Integration with Red Hat Enterprise Virtualization Manager via\nDeltacloud\n\n* Role enforcement in Cumin\n\n* Cumin authentication integration with LDAP\n\n* Enhanced Red Hat HA integration managing multiple-schedulers nodes\n\n* Generic local resource limits for partitionable slots\n\n* Concurrency limit groups\n\nSpace precludes documenting all of these changes in this advisory.\nRefer to the Red Hat Enterprise MRG 2 Technical Notes document, linked\nto in the References section, for information on these changes.", "edition": 26, "published": "2014-07-22T00:00:00", "title": "RHEL 5 : MRG (RHSA-2012:1278)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-2684", "CVE-2012-2680", "CVE-2012-3493", "CVE-2012-3492", "CVE-2012-2683", "CVE-2012-2734", "CVE-2012-3491", "CVE-2012-3459", "CVE-2012-2735", "CVE-2012-2685", "CVE-2012-2681"], "modified": "2014-07-22T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:condor-wallaby-client", "p-cpe:/a:redhat:enterprise_linux:condor-aviary", "cpe:/o:redhat:enterprise_linux:5", "p-cpe:/a:redhat:enterprise_linux:ruby-wallaby", "p-cpe:/a:redhat:enterprise_linux:condor-kbdd", "p-cpe:/a:redhat:enterprise_linux:condor-classads", "p-cpe:/a:redhat:enterprise_linux:condor", "p-cpe:/a:redhat:enterprise_linux:sesame", "p-cpe:/a:redhat:enterprise_linux:condor-wallaby-base-db", "p-cpe:/a:redhat:enterprise_linux:condor-wallaby-tools", "p-cpe:/a:redhat:enterprise_linux:python-wallabyclient", "p-cpe:/a:redhat:enterprise_linux:cumin", "p-cpe:/a:redhat:enterprise_linux:python-wallaby", "p-cpe:/a:redhat:enterprise_linux:condor-qmf", "p-cpe:/a:redhat:enterprise_linux:wallaby", "p-cpe:/a:redhat:enterprise_linux:condor-vm-gahp", "p-cpe:/a:redhat:enterprise_linux:wallaby-utils"], "id": "REDHAT-RHSA-2012-1278.NASL", "href": "https://www.tenable.com/plugins/nessus/76649", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2012:1278. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(76649);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2012-2680\", \"CVE-2012-2681\", \"CVE-2012-2683\", \"CVE-2012-2684\", \"CVE-2012-2685\", \"CVE-2012-2734\", \"CVE-2012-2735\", \"CVE-2012-3459\", \"CVE-2012-3491\", \"CVE-2012-3492\", \"CVE-2012-3493\");\n script_bugtraq_id(55632);\n script_xref(name:\"RHSA\", value:\"2012:1278\");\n\n script_name(english:\"RHEL 5 : MRG (RHSA-2012:1278)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated Grid component packages that fix several security issues, add\nvarious enhancements and fix multiple bugs are now available for Red\nHat Enterprise MRG 2 for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nRed Hat Enterprise MRG (Messaging, Realtime, and Grid) is a\nnext-generation IT infrastructure for enterprise computing. MRG offers\nincreased performance, reliability, interoperability, and faster\ncomputing for enterprise customers.\n\nA number of unprotected resources (web pages, export functionality,\nimage viewing) were found in Cumin. An unauthenticated user could\nbypass intended access restrictions, resulting in information\ndisclosure. (CVE-2012-2680)\n\nCumin could generate weak session keys, potentially allowing remote\nattackers to predict session keys and obtain unauthorized access to\nCumin. (CVE-2012-2681)\n\nMultiple cross-site scripting flaws in Cumin could allow remote\nattackers to inject arbitrary web script on a web page displayed by\nCumin. (CVE-2012-2683)\n\nA SQL injection flaw in Cumin could allow remote attackers to\nmanipulate the contents of the back-end database via a specially\ncrafted URL. (CVE-2012-2684)\n\nWhen Cumin handled image requests, clients could request images of\narbitrary sizes. This could result in large memory allocations on the\nCumin server, leading to an out-of-memory condition. (CVE-2012-2685)\n\nCumin did not protect against Cross-Site Request Forgery attacks. If\nan attacker could trick a user, who was logged into the Cumin web\ninterface, into visiting a specially crafted web page, it could lead\nto unauthorized command execution in the Cumin web interface with the\nprivileges of the logged-in user. (CVE-2012-2734)\n\nA session fixation flaw was found in Cumin. An authenticated user able\nto pre-set the Cumin session cookie in a victim's browser could\npossibly use this flaw to steal the victim's session after they log\ninto Cumin. (CVE-2012-2735)\n\nIt was found that authenticated users could send a specially crafted\nHTTP POST request to Cumin that would cause it to submit a job\nattribute change to Condor. This could be used to change internal\nCondor attributes, including the Owner attribute, which could allow\nCumin users to elevate their privileges. (CVE-2012-3459)\n\nIt was discovered that Condor's file system authentication challenge\naccepted directories with weak permissions (for example, world\nreadable, writable and executable permissions). If a user created a\ndirectory with such permissions, a local attacker could rename it,\nallowing them to execute jobs with the privileges of the victim user.\n(CVE-2012-3492)\n\nIt was discovered that Condor exposed private information in the data\nin the ClassAds format served by condor_startd. An unauthenticated\nuser able to connect to condor_startd's port could request a ClassAd\nfor a running job, provided they could guess or brute-force the PID of\nthe job. This could expose the ClaimId which, if obtained, could be\nused to control the job as well as start new jobs on the system.\n(CVE-2012-3493)\n\nIt was discovered that the ability to abort a job in Condor only\nrequired WRITE authorization, instead of a combination of WRITE\nauthorization and job ownership. This could allow an authenticated\nattacker to bypass intended restrictions and abort any idle job on the\nsystem. (CVE-2012-3491)\n\nThe above issues were discovered by Florian Weimer of the Red Hat\nProduct Security Team.\n\nThis update also provides defense in depth patches for Condor.\n(BZ#848212, BZ#835592, BZ#841173, BZ#843476)\n\nThese updated packages for Red Hat Enterprise Linux 5 provide numerous\nenhancements and bug fixes for the Grid component of MRG. Some\nhighlights include :\n\n* Integration with Red Hat Enterprise Virtualization Manager via\nDeltacloud\n\n* Role enforcement in Cumin\n\n* Cumin authentication integration with LDAP\n\n* Enhanced Red Hat HA integration managing multiple-schedulers nodes\n\n* Generic local resource limits for partitionable slots\n\n* Concurrency limit groups\n\nSpace precludes documenting all of these changes in this advisory.\nRefer to the Red Hat Enterprise MRG 2 Technical Notes document, linked\nto in the References section, for information on these changes.\"\n );\n # https://access.redhat.com/knowledge/docs/en-US/Red_Hat_Enterprise_MRG/2/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?9345c1b9\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2012:1278\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-3491\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-3492\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-3493\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-3459\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-2734\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-2735\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-2684\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-2685\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-2683\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-2680\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-2681\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:condor\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:condor-aviary\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:condor-classads\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:condor-kbdd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:condor-qmf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:condor-vm-gahp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:condor-wallaby-base-db\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:condor-wallaby-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:condor-wallaby-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:cumin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-wallaby\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-wallabyclient\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ruby-wallaby\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:sesame\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:wallaby\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:wallaby-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/09/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/07/22\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2012:1278\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n\n if (! (rpm_exists(release:\"RHEL5\", rpm:\"mrg-release\"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, \"MRG\");\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"condor-7.6.5-0.22.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"condor-7.6.5-0.22.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"condor-aviary-7.6.5-0.22.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"condor-aviary-7.6.5-0.22.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"condor-classads-7.6.5-0.22.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"condor-classads-7.6.5-0.22.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"condor-kbdd-7.6.5-0.22.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"condor-kbdd-7.6.5-0.22.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"condor-qmf-7.6.5-0.22.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"condor-qmf-7.6.5-0.22.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"condor-vm-gahp-7.6.5-0.22.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"condor-vm-gahp-7.6.5-0.22.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"condor-wallaby-base-db-1.23-1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"condor-wallaby-client-4.1.3-1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"condor-wallaby-tools-4.1.3-1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"cumin-0.1.5444-3.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"python-wallaby-0.12.5-10.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"python-wallabyclient-4.1.3-1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"ruby-wallaby-0.12.5-10.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"sesame-1.0-4.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"sesame-1.0-4.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"wallaby-0.12.5-10.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"wallaby-utils-0.12.5-10.el5\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"condor / condor-aviary / condor-classads / condor-kbdd / condor-qmf / etc\");\n }\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-17T13:11:10", "description": "Updated Grid component packages that fix several security issues, add\nvarious enhancements and fix multiple bugs are now available for Red\nHat Enterprise MRG 2 for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nRed Hat Enterprise MRG (Messaging, Realtime, and Grid) is a\nnext-generation IT infrastructure for enterprise computing. MRG offers\nincreased performance, reliability, interoperability, and faster\ncomputing for enterprise customers.\n\nA number of unprotected resources (web pages, export functionality,\nimage viewing) were found in Cumin. An unauthenticated user could\nbypass intended access restrictions, resulting in information\ndisclosure. (CVE-2012-2680)\n\nCumin could generate weak session keys, potentially allowing remote\nattackers to predict session keys and obtain unauthorized access to\nCumin. (CVE-2012-2681)\n\nMultiple cross-site scripting flaws in Cumin could allow remote\nattackers to inject arbitrary web script on a web page displayed by\nCumin. (CVE-2012-2683)\n\nA SQL injection flaw in Cumin could allow remote attackers to\nmanipulate the contents of the back-end database via a specially\ncrafted URL. (CVE-2012-2684)\n\nWhen Cumin handled image requests, clients could request images of\narbitrary sizes. This could result in large memory allocations on the\nCumin server, leading to an out-of-memory condition. (CVE-2012-2685)\n\nCumin did not protect against Cross-Site Request Forgery attacks. If\nan attacker could trick a user, who was logged into the Cumin web\ninterface, into visiting a specially crafted web page, it could lead\nto unauthorized command execution in the Cumin web interface with the\nprivileges of the logged-in user. (CVE-2012-2734)\n\nA session fixation flaw was found in Cumin. An authenticated user able\nto pre-set the Cumin session cookie in a victim's browser could\npossibly use this flaw to steal the victim's session after they log\ninto Cumin. (CVE-2012-2735)\n\nIt was found that authenticated users could send a specially crafted\nHTTP POST request to Cumin that would cause it to submit a job\nattribute change to Condor. This could be used to change internal\nCondor attributes, including the Owner attribute, which could allow\nCumin users to elevate their privileges. (CVE-2012-3459)\n\nIt was discovered that Condor's file system authentication challenge\naccepted directories with weak permissions (for example, world\nreadable, writable and executable permissions). If a user created a\ndirectory with such permissions, a local attacker could rename it,\nallowing them to execute jobs with the privileges of the victim user.\n(CVE-2012-3492)\n\nIt was discovered that Condor exposed private information in the data\nin the ClassAds format served by condor_startd. An unauthenticated\nuser able to connect to condor_startd's port could request a ClassAd\nfor a running job, provided they could guess or brute-force the PID of\nthe job. This could expose the ClaimId which, if obtained, could be\nused to control the job as well as start new jobs on the system.\n(CVE-2012-3493)\n\nIt was discovered that the ability to abort a job in Condor only\nrequired WRITE authorization, instead of a combination of WRITE\nauthorization and job ownership. This could allow an authenticated\nattacker to bypass intended restrictions and abort any idle job on the\nsystem. (CVE-2012-3491)\n\nThe above issues were discovered by Florian Weimer of the Red Hat\nProduct Security Team.\n\nThis update also provides defense in depth patches for Condor.\n(BZ#848212, BZ#835592, BZ#841173, BZ#843476)\n\nThese updated packages for Red Hat Enterprise Linux 6 provide numerous\nenhancements and bug fixes for the Grid component of MRG. Some\nhighlights include :\n\n* Integration with Red Hat Enterprise Virtualization Manager via\nDeltacloud\n\n* Role enforcement in Cumin\n\n* Cumin authentication integration with LDAP\n\n* Enhanced Red Hat HA integration managing multiple-schedulers nodes\n\n* Generic local resource limits for partitionable slots\n\n* Concurrency limit groups\n\nSpace precludes documenting all of these changes in this advisory.\nRefer to the Red Hat Enterprise MRG 2 Technical Notes document, linked\nto in the References section, for information on these changes.", "edition": 27, "published": "2014-07-22T00:00:00", "title": "RHEL 6 : MRG (RHSA-2012:1281)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-2684", "CVE-2012-2680", "CVE-2012-3493", "CVE-2012-3492", "CVE-2012-2683", "CVE-2012-2734", "CVE-2012-3491", "CVE-2012-3459", "CVE-2012-2735", "CVE-2012-2685", "CVE-2012-2681"], "modified": "2014-07-22T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:rubygem-rack", "p-cpe:/a:redhat:enterprise_linux:rubygem-tilt-doc", "p-cpe:/a:redhat:enterprise_linux:condor-wallaby-client", "p-cpe:/a:redhat:enterprise_linux:condor-debuginfo", "p-cpe:/a:redhat:enterprise_linux:rubygem-hpricot-debuginfo", "p-cpe:/a:redhat:enterprise_linux:rubygem-json-debuginfo", "p-cpe:/a:redhat:enterprise_linux:rubygems", "p-cpe:/a:redhat:enterprise_linux:condor-aviary", "p-cpe:/a:redhat:enterprise_linux:rubygem-hpricot", "p-cpe:/a:redhat:enterprise_linux:condor-plumage", "p-cpe:/a:redhat:enterprise_linux:rubygem-tilt", "p-cpe:/a:redhat:enterprise_linux:rubygem-rake", "p-cpe:/a:redhat:enterprise_linux:ruby-wallaby", "p-cpe:/a:redhat:enterprise_linux:deltacloud-core", "p-cpe:/a:redhat:enterprise_linux:rubygem-nokogiri-debuginfo", "p-cpe:/a:redhat:enterprise_linux:rubygem-daemons", "p-cpe:/a:redhat:enterprise_linux:rubygem-sass", "p-cpe:/a:redhat:enterprise_linux:condor-kbdd", "p-cpe:/a:redhat:enterprise_linux:rubygem-rest-client", "p-cpe:/a:redhat:enterprise_linux:ruby-nokogiri", "p-cpe:/a:redhat:enterprise_linux:rubygem-net-ssh", "p-cpe:/a:redhat:enterprise_linux:rubygem-syntax", "p-cpe:/a:redhat:enterprise_linux:libdeltacloud-debuginfo", "p-cpe:/a:redhat:enterprise_linux:condor-classads", "p-cpe:/a:redhat:enterprise_linux:condor", "p-cpe:/a:redhat:enterprise_linux:rubygem-yard", "p-cpe:/a:redhat:enterprise_linux:libdeltacloud-devel", "p-cpe:/a:redhat:enterprise_linux:rubygem-hpricot-doc", "p-cpe:/a:redhat:enterprise_linux:rubygem-eventmachine", "p-cpe:/a:redhat:enterprise_linux:deltacloud-core-rhevm", "p-cpe:/a:redhat:enterprise_linux:condor-cluster-resource-agent", "p-cpe:/a:redhat:enterprise_linux:sesame", "p-cpe:/a:redhat:enterprise_linux:condor-wallaby-base-db", "p-cpe:/a:redhat:enterprise_linux:sesame-debuginfo", "p-cpe:/a:redhat:enterprise_linux:rubygem-rack-test", "p-cpe:/a:redhat:enterprise_linux:rubygem-rack-accept-doc", "p-cpe:/a:redhat:enterprise_linux:rubygem-mocha", "p-cpe:/a:redhat:enterprise_linux:rubygem-nokogiri-doc", "p-cpe:/a:redhat:enterprise_linux:rubygem-mime-types-doc", "p-cpe:/a:redhat:enterprise_linux:rubygem-thin", "p-cpe:/a:redhat:enterprise_linux:ruby-json", "p-cpe:/a:redhat:enterprise_linux:condor-deltacloud-gahp", "p-cpe:/a:redhat:enterprise_linux:condor-wallaby-tools", "p-cpe:/a:redhat:enterprise_linux:rubygem-json", "p-cpe:/a:redhat:enterprise_linux:rubygem-thin-debuginfo", "p-cpe:/a:redhat:enterprise_linux:deltacloud-core-doc", "p-cpe:/a:redhat:enterprise_linux:rubygem-thin-doc", "p-cpe:/a:redhat:enterprise_linux:rubygem-maruku", "p-cpe:/a:redhat:enterprise_linux:python-wallabyclient", "p-cpe:/a:redhat:enterprise_linux:cumin", "p-cpe:/a:redhat:enterprise_linux:rubygem-nokogiri", "p-cpe:/a:redhat:enterprise_linux:rubygem-sass-doc", "p-cpe:/a:redhat:enterprise_linux:rubygem-haml", "p-cpe:/a:redhat:enterprise_linux:ruby-hpricot", "p-cpe:/a:redhat:enterprise_linux:rubygem-fssm", "p-cpe:/a:redhat:enterprise_linux:rubygem-rack-accept", "p-cpe:/a:redhat:enterprise_linux:python-wallaby", "p-cpe:/a:redhat:enterprise_linux:condor-qmf", "cpe:/o:redhat:enterprise_linux:6", "p-cpe:/a:redhat:enterprise_linux:libdeltacloud", "p-cpe:/a:redhat:enterprise_linux:wallaby", "p-cpe:/a:redhat:enterprise_linux:condor-vm-gahp", "p-cpe:/a:redhat:enterprise_linux:rubygem-sinatra", "p-cpe:/a:redhat:enterprise_linux:rubygem-net-ssh-doc", "p-cpe:/a:redhat:enterprise_linux:wallaby-utils", "p-cpe:/a:redhat:enterprise_linux:rubygem-eventmachine-debuginfo", "p-cpe:/a:redhat:enterprise_linux:rubygem-mime-types"], "id": "REDHAT-RHSA-2012-1281.NASL", "href": "https://www.tenable.com/plugins/nessus/76651", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2012:1281. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(76651);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2012-2680\", \"CVE-2012-2681\", \"CVE-2012-2683\", \"CVE-2012-2684\", \"CVE-2012-2685\", \"CVE-2012-2734\", \"CVE-2012-2735\", \"CVE-2012-3459\", \"CVE-2012-3491\", \"CVE-2012-3492\", \"CVE-2012-3493\");\n script_bugtraq_id(55632);\n script_xref(name:\"RHSA\", value:\"2012:1281\");\n\n script_name(english:\"RHEL 6 : MRG (RHSA-2012:1281)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated Grid component packages that fix several security issues, add\nvarious enhancements and fix multiple bugs are now available for Red\nHat Enterprise MRG 2 for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nRed Hat Enterprise MRG (Messaging, Realtime, and Grid) is a\nnext-generation IT infrastructure for enterprise computing. MRG offers\nincreased performance, reliability, interoperability, and faster\ncomputing for enterprise customers.\n\nA number of unprotected resources (web pages, export functionality,\nimage viewing) were found in Cumin. An unauthenticated user could\nbypass intended access restrictions, resulting in information\ndisclosure. (CVE-2012-2680)\n\nCumin could generate weak session keys, potentially allowing remote\nattackers to predict session keys and obtain unauthorized access to\nCumin. (CVE-2012-2681)\n\nMultiple cross-site scripting flaws in Cumin could allow remote\nattackers to inject arbitrary web script on a web page displayed by\nCumin. (CVE-2012-2683)\n\nA SQL injection flaw in Cumin could allow remote attackers to\nmanipulate the contents of the back-end database via a specially\ncrafted URL. (CVE-2012-2684)\n\nWhen Cumin handled image requests, clients could request images of\narbitrary sizes. This could result in large memory allocations on the\nCumin server, leading to an out-of-memory condition. (CVE-2012-2685)\n\nCumin did not protect against Cross-Site Request Forgery attacks. If\nan attacker could trick a user, who was logged into the Cumin web\ninterface, into visiting a specially crafted web page, it could lead\nto unauthorized command execution in the Cumin web interface with the\nprivileges of the logged-in user. (CVE-2012-2734)\n\nA session fixation flaw was found in Cumin. An authenticated user able\nto pre-set the Cumin session cookie in a victim's browser could\npossibly use this flaw to steal the victim's session after they log\ninto Cumin. (CVE-2012-2735)\n\nIt was found that authenticated users could send a specially crafted\nHTTP POST request to Cumin that would cause it to submit a job\nattribute change to Condor. This could be used to change internal\nCondor attributes, including the Owner attribute, which could allow\nCumin users to elevate their privileges. (CVE-2012-3459)\n\nIt was discovered that Condor's file system authentication challenge\naccepted directories with weak permissions (for example, world\nreadable, writable and executable permissions). If a user created a\ndirectory with such permissions, a local attacker could rename it,\nallowing them to execute jobs with the privileges of the victim user.\n(CVE-2012-3492)\n\nIt was discovered that Condor exposed private information in the data\nin the ClassAds format served by condor_startd. An unauthenticated\nuser able to connect to condor_startd's port could request a ClassAd\nfor a running job, provided they could guess or brute-force the PID of\nthe job. This could expose the ClaimId which, if obtained, could be\nused to control the job as well as start new jobs on the system.\n(CVE-2012-3493)\n\nIt was discovered that the ability to abort a job in Condor only\nrequired WRITE authorization, instead of a combination of WRITE\nauthorization and job ownership. This could allow an authenticated\nattacker to bypass intended restrictions and abort any idle job on the\nsystem. (CVE-2012-3491)\n\nThe above issues were discovered by Florian Weimer of the Red Hat\nProduct Security Team.\n\nThis update also provides defense in depth patches for Condor.\n(BZ#848212, BZ#835592, BZ#841173, BZ#843476)\n\nThese updated packages for Red Hat Enterprise Linux 6 provide numerous\nenhancements and bug fixes for the Grid component of MRG. Some\nhighlights include :\n\n* Integration with Red Hat Enterprise Virtualization Manager via\nDeltacloud\n\n* Role enforcement in Cumin\n\n* Cumin authentication integration with LDAP\n\n* Enhanced Red Hat HA integration managing multiple-schedulers nodes\n\n* Generic local resource limits for partitionable slots\n\n* Concurrency limit groups\n\nSpace precludes documenting all of these changes in this advisory.\nRefer to the Red Hat Enterprise MRG 2 Technical Notes document, linked\nto in the References section, for information on these changes.\"\n );\n # https://access.redhat.com/knowledge/docs/en-US/Red_Hat_Enterprise_MRG/2/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?9345c1b9\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2012:1281\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-3491\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-3492\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-3493\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-3459\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-2734\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-2735\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-2684\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-2685\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-2683\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-2680\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-2681\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:condor\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:condor-aviary\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:condor-classads\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:condor-cluster-resource-agent\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:condor-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:condor-deltacloud-gahp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:condor-kbdd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:condor-plumage\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:condor-qmf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:condor-vm-gahp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:condor-wallaby-base-db\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:condor-wallaby-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:condor-wallaby-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:cumin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:deltacloud-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:deltacloud-core-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:deltacloud-core-rhevm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libdeltacloud\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libdeltacloud-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libdeltacloud-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-wallaby\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-wallabyclient\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ruby-hpricot\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ruby-json\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ruby-nokogiri\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ruby-wallaby\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rubygem-daemons\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rubygem-eventmachine\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rubygem-eventmachine-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rubygem-fssm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rubygem-haml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rubygem-hpricot\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rubygem-hpricot-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rubygem-hpricot-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rubygem-json\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rubygem-json-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rubygem-maruku\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rubygem-mime-types\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rubygem-mime-types-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rubygem-mocha\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rubygem-net-ssh\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rubygem-net-ssh-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rubygem-nokogiri\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rubygem-nokogiri-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rubygem-nokogiri-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rubygem-rack\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rubygem-rack-accept\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rubygem-rack-accept-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rubygem-rack-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rubygem-rake\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rubygem-rest-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rubygem-sass\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rubygem-sass-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rubygem-sinatra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rubygem-syntax\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rubygem-thin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rubygem-thin-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rubygem-thin-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rubygem-tilt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rubygem-tilt-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rubygem-yard\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rubygems\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:sesame\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:sesame-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:wallaby\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:wallaby-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/09/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/09/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/07/22\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2012:1281\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n\n if (! (rpm_exists(release:\"RHEL6\", rpm:\"mrg-release\"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, \"MRG\");\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"condor-7.6.5-0.22.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"condor-7.6.5-0.22.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"condor-aviary-7.6.5-0.22.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"condor-aviary-7.6.5-0.22.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"condor-classads-7.6.5-0.22.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"condor-classads-7.6.5-0.22.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"condor-cluster-resource-agent-7.6.5-0.22.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"condor-cluster-resource-agent-7.6.5-0.22.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"condor-debuginfo-7.6.5-0.22.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"condor-debuginfo-7.6.5-0.22.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"condor-deltacloud-gahp-7.6.5-0.22.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"condor-kbdd-7.6.5-0.22.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"condor-kbdd-7.6.5-0.22.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"condor-plumage-7.6.5-0.22.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"condor-plumage-7.6.5-0.22.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"condor-qmf-7.6.5-0.22.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"condor-qmf-7.6.5-0.22.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"condor-vm-gahp-7.6.5-0.22.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"condor-wallaby-base-db-1.23-1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"condor-wallaby-client-4.1.3-1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"condor-wallaby-tools-4.1.3-1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"cumin-0.1.5444-3.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"deltacloud-core-0.5.0-10.el6_2\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"deltacloud-core-doc-0.5.0-10.el6_2\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"deltacloud-core-rhevm-0.5.0-10.el6_2\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"libdeltacloud-0.9-1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"libdeltacloud-debuginfo-0.9-1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"libdeltacloud-devel-0.9-1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"python-wallaby-0.12.5-10.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"python-wallabyclient-4.1.3-1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"ruby-hpricot-0.8.4-2.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"ruby-json-1.4.6-10.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"ruby-nokogiri-1.5.0-0.8.beta4.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"ruby-wallaby-0.12.5-10.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"rubygem-daemons-1.1.4-2.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"rubygem-eventmachine-0.12.10-7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"rubygem-eventmachine-debuginfo-0.12.10-7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"rubygem-fssm-0.2.7-1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"rubygem-haml-3.1.2-2.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"rubygem-hpricot-0.8.4-2.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"rubygem-hpricot-debuginfo-0.8.4-2.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"rubygem-hpricot-doc-0.8.4-2.el6\")) flag++;\n if (rpm_exists(rpm:\"rubygem-json-1.4\", release:\"RHEL6\") && rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"rubygem-json-1.4.6-10.el6\")) flag++;\n if (rpm_exists(rpm:\"rubygem-json-debuginfo-1.4\", release:\"RHEL6\") && rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"rubygem-json-debuginfo-1.4.6-10.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"rubygem-maruku-0.6.0-4.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"rubygem-mime-types-1.16-4.el6_0\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"rubygem-mime-types-doc-1.16-4.el6_0\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"rubygem-mocha-0.9.7-4.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"rubygem-net-ssh-2.0.23-6.el6_0\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"rubygem-net-ssh-doc-2.0.23-6.el6_0\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"rubygem-nokogiri-1.5.0-0.8.beta4.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"rubygem-nokogiri-debuginfo-1.5.0-0.8.beta4.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"rubygem-nokogiri-doc-1.5.0-0.8.beta4.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"rubygem-rack-1.3.0-2.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"rubygem-rack-accept-0.4.3-6.el6_0\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"rubygem-rack-accept-doc-0.4.3-6.el6_0\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"rubygem-rack-test-0.6.1-1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"rubygem-rake-0.8.7-2.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"rubygem-rest-client-1.6.1-2.el6_0\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"rubygem-sass-3.1.4-4.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"rubygem-sass-doc-3.1.4-4.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"rubygem-sinatra-1.2.6-2.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"rubygem-syntax-1.0.0-4.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"rubygem-thin-1.2.11-3.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"rubygem-thin-debuginfo-1.2.11-3.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"rubygem-thin-doc-1.2.11-3.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"rubygem-tilt-1.3.2-3.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"rubygem-tilt-doc-1.3.2-3.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"rubygem-yard-0.7.2-1.el6\")) flag++;\n if (rpm_exists(rpm:\"rubygems-1.8\", release:\"RHEL6\") && rpm_check(release:\"RHEL6\", reference:\"rubygems-1.8.16-1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"sesame-1.0-6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"sesame-1.0-6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"sesame-debuginfo-1.0-6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"sesame-debuginfo-1.0-6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"wallaby-0.12.5-10.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"wallaby-utils-0.12.5-10.el6\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"condor / condor-aviary / condor-classads / etc\");\n }\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "redhat": [{"lastseen": "2019-08-13T18:46:36", "bulletinFamily": "unix", "cvelist": ["CVE-2012-2680", "CVE-2012-2681", "CVE-2012-2683", "CVE-2012-2684", "CVE-2012-2685", "CVE-2012-2734", "CVE-2012-2735", "CVE-2012-3459", "CVE-2012-3491", "CVE-2012-3492", "CVE-2012-3493"], "description": "Red Hat Enterprise MRG (Messaging, Realtime, and Grid) is a next-generation\nIT infrastructure for enterprise computing. MRG offers increased\nperformance, reliability, interoperability, and faster computing for\nenterprise customers.\n\nA number of unprotected resources (web pages, export functionality, image\nviewing) were found in Cumin. An unauthenticated user could bypass intended\naccess restrictions, resulting in information disclosure. (CVE-2012-2680)\n\nCumin could generate weak session keys, potentially allowing remote\nattackers to predict session keys and obtain unauthorized access to Cumin.\n(CVE-2012-2681)\n\nMultiple cross-site scripting flaws in Cumin could allow remote attackers\nto inject arbitrary web script on a web page displayed by Cumin.\n(CVE-2012-2683)\n\nAn SQL injection flaw in Cumin could allow remote attackers to manipulate\nthe contents of the back-end database via a specially-crafted URL.\n(CVE-2012-2684)\n\nWhen Cumin handled image requests, clients could request images of\narbitrary sizes. This could result in large memory allocations on the Cumin\nserver, leading to an out-of-memory condition. (CVE-2012-2685)\n\nCumin did not protect against Cross-Site Request Forgery attacks. If an\nattacker could trick a user, who was logged into the Cumin web interface,\ninto visiting a specially-crafted web page, it could lead to unauthorized\ncommand execution in the Cumin web interface with the privileges of the\nlogged-in user. (CVE-2012-2734)\n\nA session fixation flaw was found in Cumin. An authenticated user able to\npre-set the Cumin session cookie in a victim's browser could possibly use\nthis flaw to steal the victim's session after they log into Cumin.\n(CVE-2012-2735)\n\nIt was found that authenticated users could send a specially-crafted HTTP\nPOST request to Cumin that would cause it to submit a job attribute change\nto Condor. This could be used to change internal Condor attributes,\nincluding the Owner attribute, which could allow Cumin users to elevate\ntheir privileges. (CVE-2012-3459)\n\nIt was discovered that Condor's file system authentication challenge\naccepted directories with weak permissions (for example, world readable,\nwritable and executable permissions). If a user created a directory with\nsuch permissions, a local attacker could rename it, allowing them to\nexecute jobs with the privileges of the victim user. (CVE-2012-3492)\n\nIt was discovered that Condor exposed private information in the data in\nthe ClassAds format served by condor_startd. An unauthenticated user able\nto connect to condor_startd's port could request a ClassAd for a running\njob, provided they could guess or brute-force the PID of the job. This\ncould expose the ClaimId which, if obtained, could be used to control the\njob as well as start new jobs on the system. (CVE-2012-3493)\n\nIt was discovered that the ability to abort a job in Condor only required\nWRITE authorization, instead of a combination of WRITE authorization and\njob ownership. This could allow an authenticated attacker to bypass\nintended restrictions and abort any idle job on the system. (CVE-2012-3491)\n\nThe above issues were discovered by Florian Weimer of the Red Hat Product\nSecurity Team.\n\nThis update also provides defense in depth patches for Condor. (BZ#848212,\nBZ#835592, BZ#841173, BZ#843476)\n\nThese updated packages for Red Hat Enterprise Linux 6 provide numerous\nenhancements and bug fixes for the Grid component of MRG. Some highlights\ninclude:\n\n* Integration with Red Hat Enterprise Virtualization Manager via Deltacloud\n* Role enforcement in Cumin\n* Cumin authentication integration with LDAP\n* Enhanced Red Hat HA integration managing multiple-schedulers nodes\n* Generic local resource limits for partitionable slots\n* Concurrency limit groups\n\nSpace precludes documenting all of these changes in this advisory. Refer to\nthe Red Hat Enterprise MRG 2 Technical Notes document, linked to in the\nReferences section, for information on these changes.\n", "modified": "2018-06-07T02:47:19", "published": "2012-09-19T04:00:00", "id": "RHSA-2012:1281", "href": "https://access.redhat.com/errata/RHSA-2012:1281", "type": "redhat", "title": "(RHSA-2012:1281) Moderate: Red Hat Enterprise MRG Grid 2.2 security update", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-08-13T18:45:59", "bulletinFamily": "unix", "cvelist": ["CVE-2012-2680", "CVE-2012-2681", "CVE-2012-2683", "CVE-2012-2684", "CVE-2012-2685", "CVE-2012-2734", "CVE-2012-2735", "CVE-2012-3459", "CVE-2012-3491", "CVE-2012-3492", "CVE-2012-3493"], "description": "Red Hat Enterprise MRG (Messaging, Realtime, and Grid) is a next-generation\nIT infrastructure for enterprise computing. MRG offers increased\nperformance, reliability, interoperability, and faster computing for\nenterprise customers.\n\nA number of unprotected resources (web pages, export functionality, image\nviewing) were found in Cumin. An unauthenticated user could bypass intended\naccess restrictions, resulting in information disclosure. (CVE-2012-2680)\n\nCumin could generate weak session keys, potentially allowing remote\nattackers to predict session keys and obtain unauthorized access to Cumin.\n(CVE-2012-2681)\n\nMultiple cross-site scripting flaws in Cumin could allow remote attackers\nto inject arbitrary web script on a web page displayed by Cumin.\n(CVE-2012-2683)\n\nAn SQL injection flaw in Cumin could allow remote attackers to manipulate\nthe contents of the back-end database via a specially-crafted URL.\n(CVE-2012-2684)\n\nWhen Cumin handled image requests, clients could request images of\narbitrary sizes. This could result in large memory allocations on the Cumin\nserver, leading to an out-of-memory condition. (CVE-2012-2685)\n\nCumin did not protect against Cross-Site Request Forgery attacks. If an\nattacker could trick a user, who was logged into the Cumin web interface,\ninto visiting a specially-crafted web page, it could lead to unauthorized\ncommand execution in the Cumin web interface with the privileges of the\nlogged-in user. (CVE-2012-2734)\n\nA session fixation flaw was found in Cumin. An authenticated user able to\npre-set the Cumin session cookie in a victim's browser could possibly use\nthis flaw to steal the victim's session after they log into Cumin.\n(CVE-2012-2735)\n\nIt was found that authenticated users could send a specially-crafted HTTP\nPOST request to Cumin that would cause it to submit a job attribute change\nto Condor. This could be used to change internal Condor attributes,\nincluding the Owner attribute, which could allow Cumin users to elevate\ntheir privileges. (CVE-2012-3459)\n\nIt was discovered that Condor's file system authentication challenge\naccepted directories with weak permissions (for example, world readable,\nwritable and executable permissions). If a user created a directory with\nsuch permissions, a local attacker could rename it, allowing them to\nexecute jobs with the privileges of the victim user. (CVE-2012-3492)\n\nIt was discovered that Condor exposed private information in the data in\nthe ClassAds format served by condor_startd. An unauthenticated user able\nto connect to condor_startd's port could request a ClassAd for a running\njob, provided they could guess or brute-force the PID of the job. This\ncould expose the ClaimId which, if obtained, could be used to control the\njob as well as start new jobs on the system. (CVE-2012-3493)\n\nIt was discovered that the ability to abort a job in Condor only required\nWRITE authorization, instead of a combination of WRITE authorization and\njob ownership. This could allow an authenticated attacker to bypass\nintended restrictions and abort any idle job on the system. (CVE-2012-3491)\n\nThe above issues were discovered by Florian Weimer of the Red Hat Product\nSecurity Team.\n\nThis update also provides defense in depth patches for Condor. (BZ#848212,\nBZ#835592, BZ#841173, BZ#843476)\n\nThese updated packages for Red Hat Enterprise Linux 5 provide numerous\nenhancements and bug fixes for the Grid component of MRG. Some highlights\ninclude:\n\n* Integration with Red Hat Enterprise Virtualization Manager via Deltacloud\n* Role enforcement in Cumin\n* Cumin authentication integration with LDAP\n* Enhanced Red Hat HA integration managing multiple-schedulers nodes\n* Generic local resource limits for partitionable slots\n* Concurrency limit groups\n\nSpace precludes documenting all of these changes in this advisory. Refer to\nthe Red Hat Enterprise MRG 2 Technical Notes document, linked to in the\nReferences section, for information on these changes.\n", "modified": "2016-04-04T18:34:07", "published": "2012-09-19T04:00:00", "id": "RHSA-2012:1278", "href": "https://access.redhat.com/errata/RHSA-2012:1278", "type": "redhat", "title": "(RHSA-2012:1278) Moderate: Red Hat Enterprise MRG Grid 2.2 security update", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}]}